Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
devel:documentation:systems:dev:system-mapping [2019/07/02 09:18]
svandav [Connector pool configuration] 		devel:documentation:systems:dev:system-mapping [2021/03/26 10:32] (current)
svandav [Send additional attributes with password]
Line 1: Line 1:
 ====== Connector configuration and attribute mapping ====== ====== Connector configuration and attribute mapping ======
-{{tag>connector mapping system configuration }}+{{tag>connector mapping system configuration merge authoritative skip excluded }}
  
 ===== Connector configuration ===== ===== Connector configuration =====
 +{{tag>connector configuration}}
 Creation of a newly connected system will be demonstrated on a database connector (ConnIdDBBundle). Creation of a newly connected system will be demonstrated on a database connector (ConnIdDBBundle).
 Firstly, we will create a new system named **Table** and choose the database connector. Firstly, we will create a new system named **Table** and choose the database connector.
Line 36: Line 37:
  
    
 +==== Additional connector configuration ====
 +{{tag>operation options}}
 +
 +The additional connector configuration tab lets you configure so called operation options for each type of connector. These options are then passed to each invocation of given connector. This enables us to further tweak connection paramters for each system, such as list of attributes, which should be returned from target system.
 +
 +Each system has its own set of operation options. By default, only PAGE_SIZE and ATTRS_TO_GET is available for each connector, but you can easily add other options using corresponding form definition.
 +
 +=== Example operation options: ===
 +
 +  * **PAGE\_SIZE** - Number of records returned in paged search operation. This option is used for example in LDAP/AD connector
 +  * **ATTRS\_TO\_GET** - List of attributes, which should be returned from system
 +
 +<note tip>Operation options are persisted in EAV attributes and use form definition with code "operation-options-connector-configuration-CONNECTOR_FULL_NAME_AND_VERSION".</note>
 +
 +{{ :devel:documentation:systems:dev:operation_options.png |}}
  
 ===== System scheme ===== ===== System scheme =====
Line 93: Line 109:
  
 <note tip>Configuration is effective for all target systems. All target system will be using one configured way (configuration per-system is not implemented, coming soon).</note> <note tip>Configuration is effective for all target systems. All target system will be using one configured way (configuration per-system is not implemented, coming soon).</note>
 +
 +=== Send attribute only on password change ===
 +Since version **11.0.0** a new flag **Send only on password change** was added to the attribute detail.
 +
 +If is this flag checked, then the attribute will be send to the system only during change of password operation. It means that this attribute will be ignored in standard provisioning operations (create/update).
 +<note important>This checkbox can be use only if attribute has checked flag **Send additional attributes with password**.</note> 
  
  
Line 171: Line 193:
  
 ==== MERGE (Merge) ==== ==== MERGE (Merge) ====
-{{tag>merge}}+{{tag>merge controlled}}
  
 <note warning>Since version **9.3.0** was provisioning merge completely reimplemented!</note> <note warning>Since version **9.3.0** was provisioning merge completely reimplemented!</note>
Line 198: Line 220:
 That persisted 'cache' is evicted when definiton for that attribut is changed on the role (SysRoleSystemAttribute). That persisted 'cache' is evicted when definiton for that attribut is changed on the role (SysRoleSystemAttribute).
  
-The evicted cache is **recalculated** by using the **AttributeControlledValuesRecalculationTaskExecutor** task, which is run after each save of attribute mapping on a roleIn this case, this task recalculates the cache for all evicted attributes of the provisioning mapping.+The evicted cache is **recalculated** by using the **AttributeControlledValuesRecalculationTaskExecutor** task. This task recalculates the cache for all evicted attributes of the provisioning mapping. 
 + 
 +<note important>Since version **9.7.5** is recalculation of evicted attribute **not starts on save a attribute** (SysRoleSystemAttribute)! Attribute on the system is **marked as evicted only**. Recalculation will be processed during first using of controlled values. This is typically on first **update provisioning**. **Beware** if new account is created and create provisioning is executed, then recalculation is not executed, because in this situation are controlled values not needed!</note> 
 + 
 +<note important>The merge attribute value must be a **constant**. For performance reasons, all system merge values are cached and this cache is recalculated only if the corresponding **role attribute changes**! **If the value is dynamic, the cache will not contain the correct data!**</note>
  
 {{ :devel:documentation:systems:dev:controlledvaluestask.png |}} {{ :devel:documentation:systems:dev:controlledvaluestask.png |}}
  • by svandav