Project

General

Profile

Actions

Task #2627

closed

Wizard - MSAD - Users

Added by Vít Švanda over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Vít Švanda
Category:
Wizard
Target version:
Start date:
01/05/2021
Due date:
% Done:

100%

Estimated time:
Owner:


Related issues

Related to IdStory Identity Manager - Task #2680: Wizard - MSAD+WinRM - UsersClosedVít Švanda02/11/2021

Actions
Actions #1

Updated by Vít Švanda over 3 years ago

  • Status changed from New to In Progress
Actions #2

Updated by Vít Švanda over 3 years ago

  • I have successfuly connected BCV AD to my local enviroment. I solved problem with connection via LDAPS.
Actions #3

Updated by Vít Švanda over 3 years ago

PoC for extract certificates from host works.

Actions #4

Updated by Vít Švanda over 3 years ago

  • % Done changed from 0 to 20
  • CRT of CA from AD is exported to the IdM server.
  • CRT of CA from AD and server CA can be downloade from FE.
  • CA valid dates are formated on FE now.
  • I found big issue with obtain a CA from HTTPS in case when CRT is not in trusted store. I found solution, workaround by custom TrustManager in java.
Actions #5

Updated by Vít Švanda over 3 years ago

  • Subject changed from Wizard - MSAD to Wizard - MSAD - Users
  • % Done changed from 20 to 30
Actions #6

Updated by Vít Švanda over 3 years ago

Implemented step with create and delete test user on BE and FE.

Actions #7

Updated by Vít Švanda over 3 years ago

  • % Done changed from 30 to 40
  • System with configuration and schema is generated.
  • I added our exceptions on BE.
  • Solved problem with ldap vs ldaps protocol (refactored).
  • Investigation "Root suffixies" attribute in AD connector (root value vs full DN).
Actions #8

Updated by Vít Švanda over 3 years ago

Implemented auto attribute mapping for MSAD provisioning (with using "getFullName" script for displayName).

Actions #9

Updated by Vít Švanda over 3 years ago

  • % Done changed from 40 to 50

Generating of mapping and schema attributes, testing on AD.

Actions #10

Updated by Vít Švanda over 3 years ago

  • % Done changed from 50 to 60

Script for computing defaultDN implemented.

Actions #11

Updated by Vít Švanda over 3 years ago

  • Script for dynamic DN was tested and improved (using provisioning context now).
  • Base user search connector attribute is computed from all containers (new, deleted, exists users) now.
  • Created script for get UPN (User Principal Name). Created field domain in wizard. Value is persist in system connector options.
  • Default value for UPN suffix is get from AD (dnsHostName).
Actions #12

Updated by Vít Švanda over 3 years ago

  • getEnable script with support of protected account was implemented in the product.
Actions #13

Updated by Vít Švanda over 3 years ago

Implemented:

  • Pairing mapping.
  • Attributes for pairing mapping.
  • Identity EAV attribute with DN.
  • Pairing sync.
  • FE for create pairing sync.
  • Added new button for close wizard and open system.
Actions #14

Updated by Vít Švanda over 3 years ago

  • % Done changed from 60 to 70
Actions #15

Updated by Vít Švanda over 3 years ago

  • Implemented switch for enable protected mode.
  • Localization of result codes.
  • Order of EAV attributes in connector options added.

Test and documentation remains.

Actions #16

Updated by Vít Švanda over 3 years ago

  • % Done changed from 70 to 80
Actions #18

Updated by Vít Švanda over 3 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Vít Švanda to Radek Tomiška

Fixed:

  • Pair implementation,
  • localization fixed,
  • pairingSync fixed,
  • personal number attribute uses startegy "send only if value exists in the IDM" now.

Commit: https://github.com/bcvsolutions/CzechIdMng/commit/c7ac9c212b0513c31e764848c6fd4b6dd14aa2da

Actions #19

Updated by Radek Tomiška over 3 years ago

  • Related to Task #2680: Wizard - MSAD+WinRM - Users added
Actions #20

Updated by Radek Tomiška over 3 years ago

  • Status changed from Needs feedback to In Progress
  • Assignee changed from Radek Tomiška to Vít Švanda
  • % Done changed from 80 to 90

I did test and code review, it works, nice, thx!

Actions #21

Updated by Vít Švanda over 3 years ago

Base tests covering creation of AD system via wizard is here (it was hard because we don't have MS AD in test evironment :-) ): https://github.com/bcvsolutions/CzechIdMng/commit/64fe6fdaaa36de0ae6018fdc7e039b0aad2715b2

Next test for pairing sync and protected mode:

https://github.com/bcvsolutions/CzechIdMng/commit/ac33966fa6f1664e3f3256cab9e54b872f46158f

Actions #23

Updated by Vít Švanda over 3 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Vít Švanda to Radek Tomiška
Actions #24

Updated by Radek Tomiška over 3 years ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Radek Tomiška to Vít Švanda
  • % Done changed from 90 to 100

Documentation is nice, thx!

Actions #25

Updated by Radek Tomiška over 3 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF