Tivoli Directory Integrator – Before Initialize – Add Date to File Name

I wrote a different TDI blog discussing the Before Initialize Hook.  That blog discussed setting the filter in an Iterator.  Here is another use for the Before Initialize Hook, this time in a File System Connector.  As I mentioned in prior PathMaker Group blogs Tivoli Directory Integrator (TDI) is a pretty neat tool that comes packaged with IBM Tivoli Identity Manager (ITIM) with a bunch of Connectors. This blog will relate to the File System Connector.

Have you ever wanted to build create a File System Connector that creates a file that has a unique value so the process can run multiple times a day or week and you don’t have to worry about overlaying the file?  This can be accomplished with the Before Initialize.  In this case the process will only run once a day so only the date is added to the end of the file name.

Read More»

Tivoli Directory Integrator – Before Initialize

As I mentioned in prior PathMaker Group blogs Tivoli Directory Integrator (TDI) is a pretty neat tool that comes packaged with IBM Tivoli Identity Manager (ITIM).  TDI comes out of the box with a multitude of connectors that are used to as the name says, connect to different sources.  One of the most common business processes where TDI is used is to extract data, transform the data and then load the data into different data source (ETL).  For an example, it is common to use TDI to extract account data from Active Directory using an LDAP connector.

Have you ever wanted to build a dynamic iterator filter that can be created when the assembly line is executed?  In the following example the assembly line uses an LDAP connector to iterate Active Directory.  The requirement is to find AD accounts where the “whenChanged” is in the last 5 days and AD entry should be a user account or a user contact and have a mail attribute.

Read More»

ITIM Provisioning Policy Priority

A provisioning policy in ITIM (IBM Tivoli Identity Manager) basically grants access and set entitlements to the ITIM managed services based on the provisioning policy membership.

Each provisioning policy consists of information and settings on the following tabs:

  • General
  • Members
  • Entitlements

Of course, there are factors to consider: Role Memberships, service selection policies and policy join behaviors to name a few but this blog is just looking at the value of the required priority attribute.

The priority setting is a required value on the General tab of the provisioning policy configuration.  This is a required numeric attribute and the lower the number the higher the priority of the Provisioning Policy.

Read More»

Tivoli Directory Integrator – On Multiple Entries

Tivoli Directory Integrator (TDI) is a pretty neat tool that comes packaged with IBM Tivoli Identity Manager (ITIM).  TDI comes out to the box with a multitude of connectors that are used to as the name says, connect to different sources.  One of the most common business processes where TDI is used is to extract data, transform the data and then load the data into different data source (ETL).  For an example, it is common to use TDI to extract Human Resources data and using a DMSL connector, send the data over to the ITIM Application for processing.

One of the main considerations in extracting data from different sources is the data.  The data values, the data relationships and attributes do not always exist as advertised.

For example:  The process pulls the employee information from SAP and then does a lookup to Active Directory using the employee number.  Active Directory is only supposed to have one entry for each employee.  “Supposed to” is the key word.  In some cases, there are multiple AD accounts for one employee.

Read More»

Using IBM Tivoli Identity Manager to recertify Active Directory Groups

Its audit time and you’re responsible for recertifying approximately 75 Active Directory Groups and each group has a membership of about 10 to 30 people.  An email needs to be sent to every manager for them to confirm the person still needs to be a member of the group.  You have to provide information to the Auditors to confirm that each person in each of these groups has been verified.  Before you can send out the verification requests to the managers you have to confirm each Active Directory Account has the correct person contact information and manager information.  All this has to be done in the next 30 days.

What are you going to do?  Book an early tee time!

How is this possible?

Read More»
Page 1 of 212
© Copyright PathMaker Group 2014