...
Config item | Value | Show if | Description |
---|---|---|---|
Show entity attribute resolver | true/false | Have a separate section just like Membership configuration and it shows up before Membership configuration section | |
Resolve attributes with SQL | true/false | showEntityAttributeResolver == 'true' | If true show the next section |
Use global SQL resolver | true/false | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' | (default false), if true then use a global resolver |
Global SQL resolver | myPeopleResolver | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' && useGlobalSqlResolver == 'true' | Drop down of global SQL resolvers |
SQL config id | warehouse | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' && useGlobalSqlResolver == 'false' | Drop down with SQL config ids - Db external system config ids dropdown |
Table or view name | my_people | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' && useGlobalSqlResolver == 'false' | Table of user data, must have a subject source (optional), and matching/search col (required), and columns with single valued attributes |
Subject source id column | subject_source_id | showEntityAttributeResolver == 'true' && resolveAttributesWithSql = 'true' && useGlobalSqlResolver == 'false' | The subject source id column (optional) |
Subject search / matching column | employee_id | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' && useGlobalSqlResolver == 'false' | Column that searches and matches an entity |
SQL mapping type | entityAttribute / translation | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' && useGlobalSqlResolver == 'false' | Drop down of the mapping type |
SQL mapping entity attribute | subjectId | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' && useGlobalSqlResolver == 'false' | If this is an entity attribute mapping type, pick the entity attribute from a drop down |
SQL mapping expression | ${grouperProvisioningEntity.retrieveAttributeValueString('uid')} | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' && useGlobalSqlResolver == 'false' | If this is a translation write the expression (unescaped) (useGlobalResolver='false') |
Last updated column | last_updated | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' && useGlobalSqlResolver == 'false' | If this is provided then the incremental provisioner will process people that have been recently updated (useGlobalResolver='false') |
Last updated type | timestamp | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' && useGlobalSqlResolver == 'false' | Could be timestamp, millisSince1970 (useGlobalResolver='false') |
Select all SQL on full | true/false | showEntityAttributeResolver == 'true' && resolveAttributesWithSql == 'true' | (Default true), if select * from the table should occur on full runs. Set to false if only a small subset of the total entities in the table are provisionable (show for local or global resolver) |
Resolve attributes with LDAP | true/false | showEntityAttributeResolver == 'true' | If true show the next section |
Use global LDAP resolver | true/false | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' | (default false), if true then use a global resolver |
Global SQL resolver | myPeopleResolver | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'true' | Drop down of global LDAP resolvers |
LDAP | myAd | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | Drop down with LDAP config ids |
Base DN | OU=users,DC=school,DC=edu | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | Base DN for search |
Search scope | ONELEVEL_SCOPE, or SUBTREE_SCOPE (default) | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | |
Filter part | (objectClass=person) | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | If provided, this will be part of the full or individual filter |
Attributes | employeeID, name, org, extensionAttribute11, modifyTimestamp | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | Attributes to retrieve (multi-valued attributes will be stored in appropriate structure) |
LDAP matching / search attribute | employeeID | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | LDAP attribute which is used to lookup and match an entity in Grouper |
LDAP mapping type | entityAttribute / translation | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | Drop down of the mapping type |
LDAP mapping entity attribute | subjectId | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | If this is an entity attribute mapping type, pick the entity attribute from a drop down |
LDAP matching expression | ${grouperProvisioningEntity.retrieveAttributeValueString('uid')} | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | The value in Grouper that matches the LDAP data. This is not yet ldap escaped. In this case the filter to get one record would be generated as: (&(employeeID=${grouperUtil.ldapFilterEscape(grouperProvisioningEntity.retrieveAttributeValueString('uid'))})(objectClass=person)) |
Filter all LDAP on full | true/false | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' | (Default true), if full filter should occur on full runs. Set to false if only a small subset of the total entities in the table are provisionable. In the above example, if this is true, the full filter would be: (&(employeeID=*)(objectClass=person)) |
Last updated attribute | modifyTimestamp | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | If provided the incremental can poll for new records to process. e.g. the filter would be (openldap / edirectory) (&(employeeID=*)(objectClass=person)(modifyTimestamp>=20211119082103Z)) Active directory (&(employeeID=*)(objectClass=person)(modifyTimestamp>= 20211119163324.0Z)) |
LDAP last updated format | default / activeDirectory | showEntityAttributeResolver == 'true' && resolveAttributesWithLdap == 'true' && useGlobalLdapResolver == 'false' | This is optional, if not selected it will select default 20211119082103Z for a non AD connection and activeDirectory 20211119163324.0Z for an active directory connection (which is selected in the external system) |
...