Groovy script to make user Inactive

Does anyone have a Groovy script that looks at every Active LDAP user, if he/she is now disabled in ActiveDirectory, then it can set their Agile account to Inactive?  Or some other solution?  I know the user cannot login once their AD account is disabled, but making them Inactive in Agile would also make Agile cleaner too.

Agile Talent Asked on February 19, 2019 in Agile PLM (v9),   Product Collaboration.
Add Comment
3 Answer(s)

Hello

  User inactivation is tricky because they could be part of user groups, pending approvals, change analyst list, originator of docs, etc. So, in order to cleanly inactivate them, you need to develop a routine to remove them from the groups and then disable them. Also, need to generate reports to find out their pending activity

If you are not using groups and just interested to inactivate them, you can try the OOTB option (haven’t tried it myself)

<<

Disable Agile User If Not Found In LDAP
Valid values: TRUE or FALSE
When set to TRUE and the administrator runs the “migrateUsersToDB-p” command, the Agile active users (migrated from LDAP and madeactive) who are either removed from LDAP or not in the current LDAP search path are disabled
>>

  Hope this helps

Agile Angel Answered on February 19, 2019.
Add Comment
Disable Agile User If Not Found In LDAP options are generally kept as FALSE. We have kept it like that as it might cause undue issues otherwise.

Things that we take care of while inactivating the user is :

1. He should be replaced from Escalation Designee of users in case he is.
2. Should be replaced/Remove in user group.

Generally we intimate and then inactivate people who aren’t active for a period of 1-2 years. 

Agile Angel Answered on February 20, 2019.
Add Comment

Your request is in two parts:

1) inactivate A9 user => easily done via Groovy script given id. the question to ask is when will the script be triggered (if residing in A9)
2) scan LDAP repository to detect “missing” or “inactive” user => this one you have to write custom code -> depending on your LDAP repository (AD or other ).

If your intent is to automate access roster review, I would write code that scans the Active Directory group holding your A9 users and compare that against SDK code based pull of all the users with active.inactive status and generate CSV file showing “mismatches”

Agile Talent Answered on March 23, 2019.
Add Comment

Your Answer

By posting your answer, you agree to the privacy policy and terms of service.