Project and Portfolio Management Practitioners Forum
cancel

LDAP Integration

Highlighted
Sachin M
Respected Contributor.

LDAP Integration

Our system is single sign-on and we have a requirement where we have to setup end date of users to release there licenses.
How you guys are handling this scnerio when someone left organization and you need to release his/her license. I know that we have to setup the users end date and this can be done manually or is there any other wayout.


Thanks,

Regards
Sachin
5 REPLIES
Sascha Mohr
Acclaimed Contributor.

Re: LDAP Integration

We have implemented a scheduled report that disables users who have not logged on in the past x months. This way we free lecenses also from users who are still in the organisation but for some reason no longer use PPM (eg due to a department change).
For the people leaving us we set the end date manually.
Jim Esler
Acclaimed Contributor.

Re: LDAP Integration

We have a periodic job that checks the 'disabled' flag in Active Directory for all active users. The end time is set for all that are found to be disabled.
Sachin M
Respected Contributor.

Re: LDAP Integration

Thanks Jim,

Can you please brief me how your periodic job is working.

Thanks,

Regards
Sachin
Jim Esler
Acclaimed Contributor.

Re: LDAP Integration

The scripts first extract a list of all enabled users configured for LDAP authentication with a simple sql query. A perl script then extracts user data from LDAP for each of these users and builds a sql file to update the data in the users' records. If a user's account is disabled in LDAP, the script sets the end date field and deletes all security group records for the user. For active users, we update additional information like phone number, email address, manager's id, etc.
Scott A Wood
Respected Contributor.

Re: LDAP Integration

We use a portlet to show all users who have been inactive for X days. We have a few users who need to keep an active account even though they don't access PPM, so we use a user data field so these users are flagged in the inactive user portlet.