1. Create Internal OpenDJ LDAP group
Create a LDIF file
dn: cn=Worker,ou=orasystemsusa,ou=com
changetype: add
objectClass: top
objectClass: groupOfNames
cn: Worker
dn: cn=Reviewer,ou=orasystemsusa,ou=com
changetype: add
objectClass: top
objectClass: groupOfNames
cn: Reviewer
Import the LDIF, with the below command in the Internal OpenDJ.
./ldapmodify \
--port 389 \
--bindDN "cn=Directory Manager" \
--bindPassword ********* \
--filename /opt/tmpfiles/newgroup.ldif
2. Login to Sailpoint Console. Run the task “OpenDJ Internal Group Aggregation Task” to refresh groups.
3. Go to Applications -> Entitlement Catalog and Open both the groups and remove the requestable flag and save.
4. Import the below xml in the below order.
Bundle-ItRole.xml
Bundle-ItRole.xml
Bundle-reviewer.xml
Bundle-worker.xml
5. Login to Forgerock Internal OpenAM Admin Console.
Navigate to Internal->Authorization-PolicySets-Allow_workerportal_access and add the two new groups in the subjects. Save.
Navigate to Internal->Authorization-PolicySets-Allow_contentmanager_access and add the two new groups in the subjects. Save.
6. Restart OpenAM tomcat.
No comments:
Post a Comment