Skip to main content

Creating a list file and copying data from other targets

If you wish to copy the listing data from one or more targets to use as the list file for another target, you can use the Copy data from these targets, separated by commas, during auto-discovery target system option as well as the Connector execution order auto-discovery list and a post psupdate script for the target that you are copying list data to.

This is useful when a target cannot directly list accounts or other objects from the target system.

One example is RADIUS Authentication targets, which do not list accounts directly. In this case, a SQLite database list file must be created for the RADIUS target, which would then associate users during auto-discovery, so that users can authenticate against the target system for RADIUS Authentication challenge-response.

You can create the file by copying it from one or more other target systems, such as an Active Directory target system.

You can configure this using the following steps:

  1. Copy the psupdate_list_AD1_post.py script from samples to the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ script\ directory.

  2. Rename the script file so that "AD1" is the target id of the target that you are copying listing data to.

  3. Add a target system for the one you will be copying the listing data to; for example, RADIUS. List accounts is checked for the target system settings.

  4. Set the Connector execution order so that the targets that you are copying data from are first in the list and the target that you are copying data to is last.

  5. Modify the target system settings for the target that you will be copying listing data to and set Copy data from these targets, separated by commas, during auto-discovery to the list of targets that you are copying data from.

  6. Modify the post psupdate script as necessary. For example, in the sample "AD1" refers to the target you are copying data to. "ADDN2" and "NT1" refer to the target systems that you are copying data from. "CORP" should be replaced with the domain name for your Active Directory target. These modifications allow for the shortid format of the user ids to be used instead the longid, which for Active Directory users, includes the domain name.

Creating a list file to support challenge-response authentication

Some target systems do not natively support listing objects using the connectors. In this case, you must create the list file manually and you need to have a SQLite database list file to associate users and other objects during auto discovery. You can create the file by copying it from another target such as Active Directory.

Refer to Creating a list file and copying data from other targets for how to use the Copy data from these targets, separated by commas, during auto-discovery target system option to be able to copy the listing data from one or more other targets to use for the list file for the target. This also makes use of the Connector execution order auto discovery list as well as a post psupdate script for the target that you are copying data to.

Alternatively, you can use the List Override target address option to create the list file.

See here for examples of using List Override:

The following are examples of settings to use when using the List Override target address option:

  • In the case where ADDN is the target ID from the target that you are copying from, set the List Override target address option to the following:

    {action=copy;srcTargetId=ADDN;script=listoverride.py;postHook=replaceLongIdWithShortId;}

  • If copying the list file from an RSA Authentication Manager target and where RSAAM is the target ID or from another source where the longid is the same as the shortid and therefore doesn’t need to be replaced, set the List Override target address option to the following:

    {action=copy;srcTargetId=RSAAM;}

  • General usage for the KVGroup for List Override:

    {action=copy;srcTargetId=<source target id>;script=<script name>;postHook=<hook name>;}

In this section: