There are two LDAP use cases from University of Michigan that will be ready in Grouper v2.5.40
Two use cases:
Category | Requirement | Description |
---|---|---|
Memberships | provisioningType | groupAttributes |
Entities | entity link | look up entities to get DN to use in group members attribute value |
ldap is not subject source | subject source is somewhere else | |
should include all subjects | do not create subjects not found, should not error out. full sync will fix | |
there is no eligibility group | provision all subjects | |
select which sources to provision | ||
Subjects | subject link | look up subjects to get netId |
try to use subjectIdentifer0 | if the grouper member table has subject identifier0, use that, otherwise resolve the subject | |
does USDU update subject identifier0? | check that USDU updates that value. or is it updated during provisioning from members table? | |
do not provision subjects without a netId | fixed in full sync | |
Groups | grouper provisions to one OU | specify an OU for flat provisioning |
cn is group name | cn is group name | |
if group name is more than 64, then skip | this should not be marked as error since it shouldnt retry. will try at next full sync? | |
groups and folders will be selected for provisioning | ||
groups can have no members or can have no member attribute | ||
delete groups in ldap which arent in grouper | ||
group attributes: objectClass, dn, cn, member,, sAMAccountName | ||
group uuid mapped to ldap attribute umichDirectoryID | instead of idIndex |
Similar to above but create users that dont exist
Category | Requirement | Description |
---|---|---|
Entities | createIfNotFound | |
create in one OU | ||
attributes to use when creating |
|