You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

The LDAP Provisioning Plugin is designed to provision Registry data into an LDAP server.

Operations

Registry CO Person Transaction

LDAP Action

Add

Add entry to LDAP (if entry already exists, throw error; manual provisioning required)

Edit

Update configured attributes only (other attributes will be left untouched)

Enter Grace Period

No changes (unless attributes change as part of grace period)

Expiration / Becomes Inactive

Remove entry from LDAP (or place into some sort of referential integrity state for archival purposes?)

Unexpire / Becomes Active

Add entry to LDAP (if entry already exists, throw error; manual provisioning required)

Delete

Remove entry from LDAP

Manual Provision

If entry exists: Update configured attributes only
If entry does not exist: Add entry to LDAP

Configuration

When using this plugin, it is recommended to add database encryption for the password column in the table cm_co_ldap_provisioner_targets.

The LDAP Provisioning Plugin automatically converts the internal Registry data model into the following LDAP object classes:

  • person
  • organizationalPerson
  • inetOrgPerson

Currently, no further configuration is possible, though customization is planned (CO-549).

Updating LDAP via Other Services

You may write to LDAP via other services or applications to maintain attributes that are not managed by COmanage Registry. For example, you might use a mailing list manager to maintain list memberships in LDAP.

However, you should be aware of the implications of the operations described above. For example, if the LDAP Provisioning Plugin decides to delete an entry from LDAP, the attributes managed by external applications in that entry will also be deleted.

See Also

  • No labels