In Authentication Manager 8.2 ...
In querying the activity log (rsa_logrep.ims_log_audit_rt), if I need to search for someone by using an email address, which other table and field should be used? The users are in AD, not local.
Actually, I'm trying to run a query to determine what the last login date was for a group of people that match a wildcard in their email address. Using the "ims_principal_login_date" table along with another that contains the email address would work as well.
Thanks!
We don't store email address for ldap users, it is looked up 'live' when needed or when a report is run.
We do store email for internal database users.
for internal database:
SELECT id, time_stamp, loginuid, first_name, middle_name, last_name,
email, cert_dn, password
FROM ims_principal;
For a report that has already been generated, this example will show the email at the time the report was
run, but it won't show the current email address if it has changed.
SELECT report_id, idx, loginuid, first_name, middle_name, last_name,
domain, email, identity_source, account_enabled, lockout, login_date,
enabled_for_rba, devices_bound, security_ques_language, security_ques_country,
security_ques_variant, user_group_names, token_serial_numbers,
is_token_assigned, user_has_fixed_passcode, token_type, requires_pin
FROM rsa_norep.am_report_all_users;
Ed is right. For users stored in AD there's minimal information about them kept the AM database.
The Authentication Manager SDK contains a sample query (RSA Authentication Manager SDK\samples\sql\vbscript\SQLsample.vbs) that demonstrates combining some sql with ldap querying to achieve retrieving user information from both the AM db and associated AD/LDAP source.
We don't store email address for ldap users, it is looked up 'live' when needed or when a report is run.
We do store email for internal database users.
for internal database:
SELECT id, time_stamp, loginuid, first_name, middle_name, last_name,
email, cert_dn, password
FROM ims_principal;
For a report that has already been generated, this example will show the email at the time the report was
run, but it won't show the current email address if it has changed.
SELECT report_id, idx, loginuid, first_name, middle_name, last_name,
domain, email, identity_source, account_enabled, lockout, login_date,
enabled_for_rba, devices_bound, security_ques_language, security_ques_country,
security_ques_variant, user_group_names, token_serial_numbers,
is_token_assigned, user_has_fixed_passcode, token_type, requires_pin
FROM rsa_norep.am_report_all_users;