Versions Compared

Old Version 35

changes.mady.by.user Benn Oshrin

Saved on

compared with

New Version 36

changes.mady.by.user Benn Oshrin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

LDAP attributes are grouped into collections called object classes. The LDAP Provisioning Plugin supports several object classes, and various attributes within those object classes. Depending on the object class, it may possible to select some (but not all) attributes within an object class for export. The Plugin assumes full control over any enabled attribute within an object class.

 

Prior to v1.1.0, Registry the Plugin assumed that if an object class is enabled, it controls all attributes within that schema object class are within its control, even if they are not configured. However, this can cause problems (eg: if you are using an older version of an object class than what the Plugin supports, or if you have another application that you want to manage an attribute). As of v1.1.0, two modes are supported, selected via the Unconfigured Attribute Mode setting:

  • Ignore: Unconfigured (disabled) attributes within an enabled object class are ignored. Note that if you subsequently disable an attribute after having previously enabled it, existing values of that attribute will not be removed. You will need to manually clean them up. This is the default behavior beginning with Registry v1.1.0.
  • Remove: Unconfigured attributes within an enabled object class are removed. This is the default behavior prior to Registry v1.1.0.

Regardless of this setting, attributes associated with object classes not enabled are left alone (except as described in Operations, below). not specif

Operations

(warning) Versions prior to Registry v1.1.0 may not be consistent with this documentation.

Externally Managed Attributes are those not managed by this Plugin. This includes all attributes except:

  • Attributes enabled for export, within object classes enabled for export.
  • Attributes defined by LDAP Schema Plugins and enabled for export.
  • If Unconfigured Attribute Mode is Remove, all other defined attributes within object classes enabled for export (including those defined by Schema Plugins).

Registry CO Person Transaction

LDAP Action

Externally Managed Attributes

Add

Add entry to LDAP (if entry already exists it will be deleted and replaced)

Deleted

Edit

Update configured attributes only

Untouched

Status Set To Grace Period

No changes (unless attributes change as part of grace period)

Untouched

Status Set To Expired or Suspended

Update entry to maintain only Person attributes for referential integrity (no Role or Group attributes)

Untouched

Status Set Back To Active

Restore Role and Group attributes, or add entry to LDAP if not present

Untouched

Delete, or Status Set To Deleted (or any other status not specified above)

Remove entry from LDAP

Deleted

Manual Provision

If entry exists: Update configured attributes only
If entry does not exist: Add entry to LDAP

(warning) Attributes are subject to CO Person and Person Role Status
(warning) To completely erase and rewrite a record, an administrator must remove the record from LDAP (manually or by setting the person status to eg Deleted) before manually provisioning

Untouched

...