Environment
NetIQ Identity Manager 4.0.2
NetIQ Identity Manager Roles Based Provisioning Module
NetIQ Identity Manager Role Mapping Administrator
Situation
Unable to Load Authorizations from the Active Directory (AD) Driver into Role Mapping Administrator. The load button is grayed out and not selectable.
Resolution
1. If the driver was created prior to Identity Manager 4 and is not using packages, upgrade the driver to use IDM 4 packages.
See Section 4.16 "Upgrading Drivers to Packages" in the Identity Manager 4.0.2 Upgrade and Migration Guide at www.netiq.com/documentation
2. After upgrading the driver, in the properties of the driver, verify that Role Mapping is enabled for users and groups.
2. Deploy the updated drivers from Designer and restart the driver.
3. If the driver starts successfully, it will update the EntitlementConfiguration object for the driver.
Once the Entitlement Configuration is updated you will be able to load the Authorizations from the Driver into Role Mapping Administrator. The load button will be selectable.
See Section 4.16 "Upgrading Drivers to Packages" in the Identity Manager 4.0.2 Upgrade and Migration Guide at www.netiq.com/documentation
2. After upgrading the driver, in the properties of the driver, verify that Role Mapping is enabled for users and groups.
2. Deploy the updated drivers from Designer and restart the driver.
3. If the driver starts successfully, it will update the EntitlementConfiguration object for the driver.
Once the Entitlement Configuration is updated you will be able to load the Authorizations from the Driver into Role Mapping Administrator. The load button will be selectable.
Cause
The EntitlementConfiguration object under the driver has role-mapping set to false.
<entitlement dn="CN=Group,CN=AD-Driver,CN=DirXML DrvSets,OU=DIRXML,O=SERVICES" resource-mapping="true" role-mapping="false">
<entitlement dn="CN=UserAccount,CN=AD-Driver,CN=DirXML DrvSets,OU=DIRXML,O=SERVICES" resource-mapping="false" role-mapping="false">
After Role mapping is enabled on the driver properties and the driver is successfully restarted, the role mapping on the Entitlement Configuration object updated and set to true.
<entitlement dn="CN=Group,CN=AD-Driver,CN=DirXML DrvSets,OU=DIRXML,O=SERVICES" resource-mapping="true" role-mapping="true">
<entitlement dn="CN=UserAccount,CN=AD-Driver,CN=DirXML DrvSets,OU=DIRXML,O=SERVICES" resource-mapping="true" role-mapping="true">
<entitlement dn="CN=Group,CN=AD-Driver,CN=DirXML DrvSets,OU=DIRXML,O=SERVICES" resource-mapping="true" role-mapping="false">
<entitlement dn="CN=UserAccount,CN=AD-Driver,CN=DirXML DrvSets,OU=DIRXML,O=SERVICES" resource-mapping="false" role-mapping="false">
After Role mapping is enabled on the driver properties and the driver is successfully restarted, the role mapping on the Entitlement Configuration object updated and set to true.
<entitlement dn="CN=Group,CN=AD-Driver,CN=DirXML DrvSets,OU=DIRXML,O=SERVICES" resource-mapping="true" role-mapping="true">
<entitlement dn="CN=UserAccount,CN=AD-Driver,CN=DirXML DrvSets,OU=DIRXML,O=SERVICES" resource-mapping="true" role-mapping="true">