Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
devel:documentation:synchronization:dev:tree-sync [2018/05/23 14:55] svandav |
devel:documentation:synchronization:dev:tree-sync [2020/06/17 13:08] tomiskar [Automatic roles] |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ===== Synchronization - tree nodes ===== | ||
+ | {{tag> sync tree}} | ||
+ | |||
+ | An example of organizational structure synchronization can be found in the admin guide. | ||
+ | |||
+ | |||
+ | === Basic algorithm === | ||
+ | * Root search | ||
+ | * For each root, are recursively searched a children (based on equality value the identity | ||
+ | |||
+ | <note note> Situation ** The account does not exist **, it is solely based on a comparison of the existence of accounts on the target system against the existence of IDM accounts. </ | ||
+ | ==== Finding tree roots ==== | ||
+ | The roots of the tree are searched over the set of all accounts obtained from the target system. The reason why roots are not found using the ** search ** method on the end system is that their definition is in some cases too complex (the search criteria in the IC module are inadequate). | ||
+ | Such a case is, for example, a situation where roots are all the elements (accounts) whose ** parent ** attribute are shown to themselves. | ||
+ | |||
+ | Root search is performed using the Groovy script in the synchronization configuration ** tree root / tree definition **. This script runs over all system elements. If ** Boolean.TRUE ** returns, then the element is root. If it returns ** Boolean.FALSE **, it is not the root. The entry of this script is ** account ** (IcObject), an object of the element received from the IC module. | ||
+ | |||
+ | <note tip> If the root trace script is not filled, then every element whose ** parent ** attribute is ** null ** is considered to be root. </ | ||
+ | |||
+ | ** Example of a script addressing the situation described above **: | ||
+ | |||
+ | <code groovy> | ||
+ | |||
+ | if(account){ | ||
+ | // Get value from parent attribute | ||
+ | def parentValue = account.getAttributeByName(" | ||
+ | // Get value from ID attribute | ||
+ | def uidValue = account.getAttributeByName(" | ||
+ | |||
+ | // Root is account, where is parent value equals with ID (externalId) value. | ||
+ | | ||
+ | // We need clear value of parent attribute. In IDM has roots always parent = null. | ||
+ | | ||
+ | | ||
+ | } | ||
+ | } | ||
+ | |||
+ | return Boolean.FALSE; | ||
+ | </ | ||
+ | |||
+ | ==== How to synchronize all nodes under one already existing? ==== | ||
+ | Sometime we need synchronize all nodes from the source system under one node wich exists in the IdM. | ||
+ | |||
+ | For definition of that ' | ||
+ | |||
+ | * The transfromation from the system (on ' | ||
+ | * Selectbox on UI (configuration of the sync), because we sometime want to use more 'Super parent' | ||
+ | |||
+ | **Super parent node can be defined in the transformation searching roots**. This script is defined on the sync configuration and we can set **ID of super parent node** to **parent** attribute. | ||
+ | < | ||
+ | |||
+ | |||
+ | <code groovy> | ||
+ | |||
+ | if(account){ | ||
+ | // Get value from parent attribute | ||
+ | def parentValue = account.getAttributeByName(" | ||
+ | |||
+ | // Root is account, where is parent value is null | ||
+ | | ||
+ | // Set default node | ||
+ | | ||
+ | | ||
+ | } | ||
+ | } | ||
+ | |||
+ | return Boolean.FALSE; | ||
+ | </ | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | <note warning> | ||
+ | |||
+ | <note warning> | ||
+ | |||
+ | ===== Actions after end of sync ===== | ||
+ | |||
+ | <note important> | ||
+ | |||
+ | ==== Automatic roles ==== | ||
+ | |||
+ | Recalculation of automatic roles is skipped during sync. Recalculation of automatic roles can be (**should be**) correctly started after the end of the sync. This can be ensured by the property ' | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | <note tip>When synchronization of contracts (or slices) is used in the same time on project (both are scheduled), then tree synchronization can be executed without automatic roles are recalculated after synchronization ends. Task '' | ||