SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.

Obtaining user enabled/disabled state via DB or API when external AD is used.



I'm currently using python to report to query the RSA AM Database for user details/access rights and automate a monthly excel report for management. It's working well apart from extracting actual user account enabled/disabled states. Currently I pull the account state from the ims_principal_data table - normally on RSA AM's where the user accounts are managed locally this is fine. However on one installation we have the user accounts on Active Directory rather than local and the ims_principal_data table no longer shows an accurate picture of whether the accounts are enabled or disabled in AD. If you look in the RSA Service Console for each user you can see the correct user state in AD and I'm wondering if there's any way I can query this value for each AD user through the RSA without having to make my code do a direct LDAP query to AD?


I'm not sure if RSA cache's the AD user account state somewhere in another table which can be queried... or whether theres a Restful API which can trigger the RSA to go fetch the AD account state?


Long shot but I thought I'd ask.





Labels (1)
0 Replies