Post by PM
1. Take the AD role name from a csv file . Say there are 100 role names .
2. Fetch all role DN from LDAP . Altogether or one by one ?
3. Search on Person node on LDAP for all people who have the role ( or role DN ) as one their roles .
4. Remove the role from all people who have the role .
I am having difficulties designing the AL .
Please help me build the AL and also what connectors are suited best to serve this requirement . Is For:Each connector good for this requirement ?
Happy to help with more information .
Please - you are not giving all relevant information - you are talking about roles/persons and ldap - so this is PROBABLY ISIM related - but we cannot know.
In general your flow should be :
1.iterate over the rolesnames in AD (ldap iterator)
in the data section :
2.look up the role in ldap (ISIM?) (ldap lookup)
3.lookup member of the role (connector loop - ldap lookup)
4.foreach person remove the role
The last operation is not a single operation - it can either be performed using APIs or using the DSMLV2 Connector in update mode (HRFeed logic) and you may need to lookup/build the necessary data for this. Personally I normally "just" reuse my HRFeed logic as it is the simplest.
If this is ISIM - you should NOT remove the role from a person using ldap operation - that will not trigger the ISIM workflows as needed - but Java APPS or WS (SOAP) will.