How can we use the TIBCO Adapter (TM) for LDAP to create a User and include it as a member of a group in Microsoft Active Directory Server (ADS)?
Article ID: KB0084720
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks Plug-in for LDAP | - |
| Not Applicable | - |
Description
Resolution:
Microsoft Active Directory Server does not allow a single object class to add the user and make it a member of a group. Thus, the operation needs to be done in different stages.
Follow the below steps to create a User as a member of a group using the LDAP Adapter -
1)Create an LDAP instance with the Request Response service. While configuring Request Response service, go to the 'Schema View' tab and add the following:
-->Select Object Classes From : LDAP Schema (select radio button)
-->LDAP Schema Classes : user.group
-->Handle Any Subset of Configured Object Classes : Select the Check box.
2)Configure a BW process with Two "Invoke an Adapter Request Response Service" activities, say 'add_user' activity and a 'make_user_a_member' activity. The BW flow would be as follows:
Start--->add_user--->make_user_a_member--->stop
3)The first activity(add_user) will add a new user to the Directory server, and the secornd activity will update the desired 'group' and adds the user as one of its members. You will have to modify the 'member' field in second activity.
4)Below are some example values for the 'add_user' BW Invoke Adapter RRS activity:
-->OpCode="LDAP_ADD"
-->DN = "cn=John,cn=users,dc=accord,dc=ldap,dc=com"
-->objectClass item = "user"
5)Below are some example values for the 'make_user_a_member' BW Invoke Adapter RRS activity:
-->OpCode="LDAP_MOD_ADD"
-->DN = "cn=TIBCO_Group,cn=users,dc=accord,dc=ldap,dc=com"
-->member item = "cn=John,cn=users,dc=accord,dc=ldap,dc=com"
In the above case, the first activity will create a user named 'John' and the second activity will make 'John' a member of the group named 'TIBCO_Group'
Microsoft Active Directory Server does not allow a single object class to add the user and make it a member of a group. Thus, the operation needs to be done in different stages.
Follow the below steps to create a User as a member of a group using the LDAP Adapter -
1)Create an LDAP instance with the Request Response service. While configuring Request Response service, go to the 'Schema View' tab and add the following:
-->Select Object Classes From : LDAP Schema (select radio button)
-->LDAP Schema Classes : user.group
-->Handle Any Subset of Configured Object Classes : Select the Check box.
2)Configure a BW process with Two "Invoke an Adapter Request Response Service" activities, say 'add_user' activity and a 'make_user_a_member' activity. The BW flow would be as follows:
Start--->add_user--->make_user_a_member--->stop
3)The first activity(add_user) will add a new user to the Directory server, and the secornd activity will update the desired 'group' and adds the user as one of its members. You will have to modify the 'member' field in second activity.
4)Below are some example values for the 'add_user' BW Invoke Adapter RRS activity:
-->OpCode="LDAP_ADD"
-->DN = "cn=John,cn=users,dc=accord,dc=ldap,dc=com"
-->objectClass item = "user"
5)Below are some example values for the 'make_user_a_member' BW Invoke Adapter RRS activity:
-->OpCode="LDAP_MOD_ADD"
-->DN = "cn=TIBCO_Group,cn=users,dc=accord,dc=ldap,dc=com"
-->member item = "cn=John,cn=users,dc=accord,dc=ldap,dc=com"
In the above case, the first activity will create a user named 'John' and the second activity will make 'John' a member of the group named 'TIBCO_Group'
Issue/Introduction
How can we use the TIBCO Adapter (TM) for LDAP to create a User and include it as a member of a group in Microsoft Active Directory Server (ADS)?
Feedback
Yes
No
Powered by
