Manage E-Audit doesn’t capture the LDAP Sync update/delete events.

Troubleshooting

Problem

When E-audit enabled in GROUPUSER table is noticed that the changes to this table from MAS LDAP Sync Job are not getting audited however when a user does a change from UI, they are getting audited.

Is there a way to have the changes to this table to get audited from MAS LDAP Sync Job as well?

Environment

All Maximo amd MAS/MAnage environments.

Resolving The Problem

The LDAP Sync(SCIM) doesn’t support E-Audit indeed.

For LDAP sync we use direct SQL statements and not Mbos. This is done for performance reasons.

A full replace is done so if the AD has say 20,000 (even more) users in a group we do not want to create Mbos for all of them, so a SQL is used to delete all records first and then insert. After that using SQL we delete all users from groupuser which do not exist in MAXUSER table.

That’s why the E-Audit doesn’t capture the LDAP Sync update/delete events.

You may see the initial user creation and group assigment only, which is derived from the user mbos.

*Same approach is seen in Maximo 7.6.1.x and the results are the same.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSRHPA","label":"IBM Maximo Application Suite"},"ARM Category":[{"code":"a8m50000000CbA4AAK","label":"System Administration-\u003EDatabase Configuration"}],"ARM Case Number":"TS014216504","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Tips

Manage E-Audit doesn’t capture the LDAP Sync update/delete events.

Troubleshooting

Problem

Environment

Resolving The Problem

Document Location

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?