...
| Config item | Value | Show if | Description |
|---|---|---|---|
| Show entity attribute resolver | true/false | Have a separate section just like Membership configuration and it shows up before Membership configuration section | |
| Resolve attributes with SQL | true/false | showEntityAttributeResolver == 'true' | If true show the next section |
| Use global SQL resolver | true/false | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' | (default false), if true then use a global resolver |
| Global SQL resolver | myPeopleResolver | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' && useGlobalSqlResolver == 'true' | Drop down of global SQL resolvers |
| SQL config id | warehouse | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' && useGlobalSqlResolver == 'false' | Drop down with SQL config ids - Db external system config ids dropdown |
| Table or view name | my_people | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' && useGlobalSqlResolver == 'false' | Table of user data, must have a subject source (optional), and matching/search col (required), and columns with single valued attributes |
| Subject source id column | subject_source_id | showEntityAttributeResolver == 'true' && resolveAttributesWithSql = 'true' && useGlobalSqlResolver == 'false' | The subject source id column (optional) |
| Subject search / matching column | employee_id | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' && useGlobalSqlResolver == 'false' | Column that searches and matches an entity |
| SQL mapping type | entityAttribute / translation | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' && useGlobalSqlResolver == 'false' | Drop down of the mapping type |
| SQL mapping entity attribute | subjectId | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' && useGlobalSqlResolver == 'false' | If this is an entity attribute mapping type, pick the entity attribute from a drop down |
| SQL mapping expression | ${grouperProvisioningEntity.retrieveAttributeValueString('uid')} | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' && useGlobalSqlResolver == 'false' | If this is a translation write the expression (unescaped) (useGlobalResolver='false') |
| Last updated column | last_updated | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' && useGlobalSqlResolver == 'false' | If this is provided then the incremental provisioner will process people that have been recently updated (useGlobalResolver='false') |
| Last updated type | timestamp | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' && useGlobalSqlResolver == 'false' | Could be timestamp, millisSince1970 (useGlobalResolver='false') |
| Select all SQL on full | true/false | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' | (Default true), if select * from the table should occur on full runs. Set to false if only a small subset of the total entities in the table are provisionable (show for local or global resolver) |
| Resolve attributes with LDAP | true/false | showEntityAttributeResolver == 'true' | If true show the next section |
| Use global LDAP resolver | true/false | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' | (default false), if true then use a global resolver |
| Global SQL resolver | myPeopleResolver | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'true' | Drop down of global LDAP resolvers |
| LDAP | myAd | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | Drop down with LDAP config ids |
| Base DN | OU=users,DC=school,DC=edu | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | Base DN for search |
| Search scope | ONELEVEL_SCOPE, or SUBTREE_SCOPE (default) | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | |
| Filter part | (objectClass=person) | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | If provided, this will be part of the full or individual filter |
| Attributes | employeeID, name, org, extensionAttribute11, modifyTimestamp | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | Attributes to retrieve (multi-valued attributes will be stored in appropriate structure) |
| LDAP matching / search attribute | employeeID | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | LDAP attribute which is used to lookup and match an entity in Grouper |
| LDAP mapping type | entityAttribute / translation | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | Drop down of the mapping type |
| LDAP mapping entity attribute | subjectId | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | If this is an entity attribute mapping type, pick the entity attribute from a drop down |
| LDAP matching expression | ${grouperProvisioningEntity.retrieveAttributeValueString('uid')} | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | The value in Grouper that matches the LDAP data. This is not yet ldap escaped. In this case the filter to get one record would be generated as: (&(employeeID=${grouperUtil.ldapFilterEscape(grouperProvisioningEntity.retrieveAttributeValueString('uid'))})(objectClass=person)) |
| Filter all LDAP on full | true/false | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' | (Default true), if full filter should occur on full runs. Set to false if only a small subset of the total entities in the table are provisionable. In the above example, if this is true, the full filter would be: (&(employeeID=*)(objectClass=person)) |
| Last updated attribute | modifyTimestamp | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | If provided the incremental can poll for new records to process. e.g. the filter would be (openldap / edirectory) (&(employeeID=*)(objectClass=person)(modifyTimestamp>=20211119082103Z)) Active directory (&(employeeID=*)(objectClass=person)(modifyTimestamp>= 20211119163324.0Z)) |
| LDAP last updated format | default / activeDirectory | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | This is optional, if not selected it will select default 20211119082103Z for a non AD connection and activeDirectory 20211119163324.0Z for an active directory connection (which is selected in the external system) |
...