Matching in provisioning is determining which grouper translated object matching with which objects retrieved from the target.
Searching is using attributes and values from grouper translated objects and using the target API to find target objects by the search attributes and values.
Generally the matching attributes and search attributes will be the same.
Configuring matching
- You can configure multiple attributes to match on (or search on)
- Matching attributes are configured in priority order
- If objects cannot be matched, then cached (previous IDs) will be used
Assigning matching IDs
- Methods like GrouperProvisioningTranslator.idTargetGroups()
- Go through the grouperTargetGroups (grouper groups translated into target format), and targetProvisioningGroups (groups retrieved from the target)
- grouperTargetGroups will have the prioritized list of attribute names and values
- First look at the prioritized list of attributes and the current values
- Then add the prioritized list of attributes and past (cached) values
Matching
- Loop through the target groups and index the attribute/value tuples with the targetProvisioningGroups
- Loop through the grouper target groups
- Start by looking at non-deleted groups (deleted groups could be phantoms from cached data)
- Look at current values first
- Loop through the priority of attribute names
- Skip wrappers that already have matches
- See if there is an attribute/value that matches the target
- If there are multiple grouper objects that match target objects, that is a validation problem (for that attribute)
- If there are multiple target objects that match grouper objects, that is a validation problem (for that attribute)