Comma-Separated Value (CSV) identity feed

The Comma-Separated Value (CSV) identity feed provides capability for reading CSV file to add users to IBM Security Identity Manager.

CSV service type

This identity feed service type parses identity feeds with CSV file formats that comply with RFC 4180 grammar. The IBM Security Identity Manager parser has the following RFC enhancements.

• Trims leading and trailing white space from unquoted text in a field. In contrast, RFC 4180 regards all space to be significant, whether inside or outside of quotation mark delimiters.
• Allows quoted and unquoted text to be in the same field. In contrast, RFC 4180 does not allow both text types in the same field.
• Does not enforce the RFC 4180 restriction that all records have the same number of fields. However, the code that calls the CSV parser reports an error if a record has more fields than the CSV header has.
• Allows record termination to use carriage return (CR) or to use carriage return/line feed (CR/LF) to be compatible with both UNIX and DOS base files. In contrast, RFC 4180 terminates all records with carriage return/line feed (CR/LF).

Services that use CSV files

IBM Security Identity Manager has the following types of services that use CSV files as input:

• CSV identity feed
• Custom services that use the Manual Service Provider type. These custom services use a CSV file format for the reconciliation upload file. This service type can be used for both identity and account feeds.

  By default, all accounts defined in a CSV file for reconciliation of a manual service are marked as active in ISIM. To suspend a person or account using a manual service reconciliation, add the erpersonstatus or the eraccountstatus attribute to the CSV file (depending on whether the feed is for identities or accounts). A value of 0 (zero) indicates active. A value of 1 indicates inactive.

• Custom services that use the Directory Integrator Adapter Provider type that use the IBM Security Directory Integrator CSV connector. This service type can be used for both identity and account feeds.

CSV file format

A CSV file contains a set of records separated by a carriage return/line feed (CR/LF) pair (\r\n), or by a line feed (LF) character. Each record contains a set of fields separated by a comma. If the field contains either a comma or a CR/LF, the comma must be escaped with double quotation marks as the delimiter. The first record in the CSV source file defines the attributes provided in each of the following records. For example:

uid,sn,cn,givenname,mail,initials,employeenumber,erroles

The sn and cn attributes are required by the object classes used by ISIM to represent a person. The identity feed process uses all objects in the file. The CSV file cannot contain binary attributes.

We might use a multi-valued attribute to specify a user who has membership in multiple groups. Groups might include Service Owner, Windows Local Management (a self-defined group), and Manager. If you include multi-valued attributes, they must be represented by using multiple columns with the same attribute name. To specify multi-valued attributes, repeat the column the required number of times. For example:

cn, erroles, erroles, erroles, sn cn1,role1, role2, role3, sn1
cn2,rolea,,,sn2

The record that we feed into ISIM might not have an email address for the user. That user does not receive a notification email containing the password for a new account, and must call the help desk or contact the manager.

CSV connector for IBM Security Directory Integrator

Information about the CSV connector for IBM Security Directory Integrator is available in the following product directory.

/extensions/versionNumber/examples/idi_integration/HRFeedCSV/ITDIFeedExpress

(For example, directories/utilities/extensions.zip/6.0/examples/idi_integration/HRFeedCSV/ITDIFeedExpress. Complete these steps:

1. See Manage custom files.

2. From the Custom File Management menu in the Appliance Dashboard, go to directories/utilities.
3. Download the extensions.zip file.

4. Extract the file and go to the 6.0/examples/idi_integration/HRFeedCSV/ITDIFeedExpress.

UTF-8 encoding in an identity feed file

Your identity feed file must be in UTF-8 format. We must use an editor that supports UTF-8 encoding.

• Windows

  The following are UTF-8 capable: Microsoft Word 97 or later, or the Notepad editor that is included with the Windows 2003 Server or Windows XP operating systems.

  To save a file in UTF-8 format using Notepad, click File > Save As. Then, expand the list of choices for the Encoding field and select UTF-8.

• Linux

  The Vim text editor (a version of the classic vi editor) is UTF-8 capable. To work with files in UTF-8 format using the Vim text editor, specify the following.

  :set encoding=utf-8
  :set guifont=-misc-fixed-medium-r-normal--18-120-100-100-c-90-iso10646-1
  

  If your version of UNIX does not include this text editor, access this Web site.

  http://www.vim.org For the 7-bit ASCII code subset, the UTF-8 encoded Unicode format is identical to 7-bit ASCII format. For input files that contain 7-bit ASCII (ASCII character values between hex 20 to hex 7e), we can use a normal text editor to create the file. For files containing any other character values (including extended European characters), we must save the file in UTF-8 format.

  For an exact list of the 7-bit ASCII characters as supported by UTF-8, access this Web site and click the Basic Latin link in the first column.

  http://www.unicode.org/chartsParent topic: Configure

  Parent topic: Identity feed management