Access Policy Harvesting Does Not Appear To Be Picking Up The Account Discriminator Field

(Doc ID 1934607.1)

Last updated on AUGUST 24, 2017

Applies to:

Identity Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Goal

Scenario: Bulk loaded/reconciled a large amount of accounts that we now want to use Access Policy harvesting on. It seems that every time the policy is evaluated, a new account is created - that then fails because an account already exists for our test resource.

Have set the correct flags in OIM to allow multiple provisioning and access policy harvesting and also set Account Discriminator to LDAP User ID field.

It looks like the discriminator field is returning as blank for the users in question, causing the system to think there is not a match and therefore creating a new account.
Currently, using a Pre-populate adapter setting the User ID for all provisioned accounts, taking the User ID from OIM's usr_login and applying that to ud_ldap_usr_userid. And when modifying the access policy, it says that the discriminator field is blank.
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms