Trusted Recon With User Status Set To 'Disabled Until Start Date' Enables User In Target System
(Doc ID 2542283.1)
Last updated on JULY 09, 2021
Applies to:Identity Manager - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
Whenever there is a attribute change, along with "MODIFY", there is an "ENABLE" orchestration getting triggered for users in "DISABLE UNTIL START DATE".
For example: When we change "mail" in OUD and then run the Trusted recon, "MODIFY" and "ENABLE" recon is getting fired.
Steps to reproduce the issue :
1.Install a LDAP connector and configure it with OUD .
2. To make sure that recon event gets "Start Date" for testing harrd cod this value to a date in future such as November 30,2049 in Recon transformations lookup.
3.Map Status field to mail attribute from the Reconciliation mappings and create Reconciliation Profile.
4.Create a user <USER> in OUD (make sure that it has a value for mail) and Reconcile it by running the "LDAP Connector Trusted User Reconciliation" scheduler job with the filter as "equalTo('uid','<USER>')"
5 In OIM, the recon event creates a user with a start date as November 30,2019 and Status as Disable Until Start Date .
6. Now modify something on OUD for the same user and run the recon again.
6. Connect to OIM schema and run the below query .
select * from audit_event where entity_name='<USR_LOGIN>' ORDER BY EVENT_DATE DESC;
and it shows ENABLE,MODIFY and Create (first time) event actions.
You can see the Event_action Enable and this is not correct since the Enable action shouldn't have been triggered in this case.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!