Access Policy Harvesting Does Not Appear To Be Picking Up The Account Discriminator Field
Last updated on AUGUST 24, 2017
Applies to:Identity Manager - Version 188.8.131.52.0 and later
Information in this document applies to any platform.
Scenario: Bulk loaded/reconciled a large amount of accounts that we now want to use Access Policy harvesting on. It seems that every time the policy is evaluated, a new account is created - that then fails because an account already exists for our test resource.
Have set the correct flags in OIM to allow multiple provisioning and access policy harvesting and also set Account Discriminator to LDAP User ID field.
It looks like the discriminator field is returning as blank for the users in question, causing the system to think there is not a match and therefore creating a new account.
Currently, using a Pre-populate adapter setting the User ID for all provisioned accounts, taking the User ID from OIM's usr_login and applying that to ud_ldap_usr_userid. And when modifying the access policy, it says that the discriminator field is blank.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms