Versions Compared

Old Version 19

changes.mady.by.user Benn Oshrin

Saved on

compared with

New Version 20

changes.mady.by.user Benn Oshrin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Registry CO Person Transaction

LDAP Action

Add

Add entry to LDAP (if entry already exists, throw error; manual provisioning required)

Edit

Update configured attributes only (other attributes will be left untouched)

Enter Grace Period

No changes (unless attributes change as part of grace period)

Expiration / Becomes Inactive

Remove entry from LDAP (or place into some sort of referential integrity state for archival purposes?Update entry to maintain only Person attributes for referential integrity (no Role or Group attributes)

Unexpire / Becomes Active

Add entry to LDAP (if entry already exists, throw error; manual provisioning required)

Delete

Remove entry from LDAP

Manual Provision

If entry exists: Update configured attributes only
If entry does not exist: Add entry to LDAP

(warning) Attributes are subject to CO Person and Person Role Status
(warning) To completely erase and rewrite a record, an administrator must manually remove the record from LDAP before manually provisioning

...

Attribute

Object Class

Data Model

Multiple Values Exported?

cn

person

cm_names

Only the preferred primary name attached to the CO Person is exported (CO-333)

cn

groupOfNames

cm_co_groups name

(error)

eduPersonAffiliation

eduPerson

cm_co_person_roles affiliation (possibly mapped via  cm_co_extended_types)

(tick)

eduPersonPrincipalName

eduPerson

cm_identifiers identifier

(error)

employeeNumber

inetOrgPerson

cm_identifiers identifier

(error)

employeeType

inetOrgPerson

cm_co_person_roles affiliation

(tick)

facsimileTelephoneNumber

organizationalPerson

cm_telephone_numbers number

(tick)

gecos

posixAccount

cm_names

(error)

gidNumber

posixAccount

cm_identifiers identifier where type is gidNumber

(error)

givenName

inetOrgPerson

cm_names given

Only the preferred primary name attached to the CO Person is exported (CO-333)

hasMember

eduMember

cm_identifiers identifier

(tick)

homeDirectory

posixAccount

cm_identifiers identifier where type is homeDirectory

(error)

isMemberOf

eduMember

cm_co_groups name
(where cm_co_group_members member is true)

(tick)

l

organizationalPerson

cm_addresses locality

(tick)

loginShell

posixAccount

Currently hard coded

(error)

mail

inetOrgPerson

cm_email_addresses mail

(tick)

member

groupOfNames

cm_co_ldap_provisioner_dns DN

(tick)

mobile

inetOrgPerson

cm_telephone_numbers number

(tick)

o

inetOrgPerson

cm_co_person_roles o

(tick)

ou

organizationalPerson

cm_co_person_roles ou

(tick)

postalCode

organizationalPerson

cm_addresses postal_code

(tick)

sshPublicKey

ldapPublicKey

cm_ssh_keys

(tick)

sn

person

cm_names family

Only the preferred primary name attached to the CO Person is exported (CO-333)

st

organizationalPerson

cm_addresses state

(tick)

street

organizationalPerson

cm_addresses line1

(tick)

telephoneNumber

organizationalPerson

cm_telephone_numbers number

(tick)

title

organizationalPerson

cm_co_person_roles title

(tick)

uid

inetOrgPerson, posixAccount

cm_identifiers identifier

(tick)

uidNumber

posixAccount

cm_identifiers identifier where type is uidNumber

(error)

...