Article Number
000033112
Applies To
RSA Product Set: Identity Management and Governance
Issue
Via L&G uses collectors to join data from disparate data sources. Sometimes the format or case sensitivity of a field will change in one system, which will cause issues with mapping users, accounts or entitlements properly. Various applications may store their data in different formats; case (upper or lower or combination) or require combining more than one field together to map relationships. Active Directory/LDAP is not always set up to store data, such as email addresses, in a consistent manner.
Resolution
Some ideas for preventing or resolving reoccurring issues:
- Preprocessing data from any inconsistent sources to make it easier to map to your main identity sources.
- Placing data in SQL databases provides extra flexibility for unanticipated future scenarios. SQL functions can be used to manipulate data and can be added right in the collector definition, avoiding code changes. You can convert case, substring portions of a column, concatenate columns and use these options in combination.
- Using .csv files like a relational database within a collector using SQL statements. CSV JDBC drivers have some column functions implemented but are usually not as full featured as a relational database.
As an example, there are orphan accounts in the database due to the userid not always being in the same case in an application. The main HR system always stores this value in lower case. The original "User Account Mappings Data" query is as follows:
SELECT application, accountname, userid FROM t_sample_multiappadc
To resolve this issue, change the query so that the userid is always lower case to match what is coming from the HR system:
SELECT application, accountname, lower(userid) as userid FROM t_sample_multiappadc
Notes
Ensure data attributes used to join data from disparate data sources are consistent. Use tools that give you the most flexibility to resolve problems, if they arise.
