Hello Everyone,

I apologize if this is an obvious question; I am new to the NetIQ world
and I am trying to solve a problem as part of a larger project.

My client has set up another Identity Management product to manage
entitlement changes and requests. After it passes through that product's
workflow, a web service call is made to the User App Provision service
to assign that entitlement to the user. There is a bare-bones PRD that
is launched by the web service to source the Entitlement DN (AD Group),
the Entitlement Parameter, the target user DN, and a 1 or 0 for grant or

This works great EXCEPT for when multiple entitlement values for the
same entitlement DN are requested in that upstream product. In that
case, the Entitlement Parameters are placed in an array. This confuses
the AD Driver and results in an Unwilling to Perform error.

Ideally I would be able to change the behavior of the upstream product,
but it is COTS and that behavior is hard-coded. My thought is to use the
PRD to modify the request, creating single value parameter requests from
the master request.

Is this possible? If so, any caveats or gotchas I should be aware of?



da0487's Profile: https://forums.netiq.com/member.php?userid=5698
View this thread: https://forums.netiq.com/showthread.php?t=50119