Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
tutorial:dev:ad_groups_sync_workflow [2019/08/29 13:35] stloukalp |
tutorial:dev:ad_groups_sync_workflow [2019/11/18 09:34] stloukalp [Set aplication properties] |
||
---|---|---|---|
Line 51: | Line 51: | ||
With button **Add** you can add any property described bellow and configure workflow. | With button **Add** you can add any property described bellow and configure workflow. | ||
* **idm.pub.acc.syncRole.role.canBeRequested** - (true/ | * **idm.pub.acc.syncRole.role.canBeRequested** - (true/ | ||
+ | * **idm.pub.acc.syncRole.role.update.manageCanBeRequested** - (true/ | ||
* **idm.pub.acc.syncRole.system.mapping.objectClassName** - (default: \_\_ACCOUNT\_\_) this is important to provisioning member attribute of identity. It is an object class name of identity schema. It supposedly can stay as " | * **idm.pub.acc.syncRole.system.mapping.objectClassName** - (default: \_\_ACCOUNT\_\_) this is important to provisioning member attribute of identity. It is an object class name of identity schema. It supposedly can stay as " | ||
* **idm.pub.acc.syncRole.system.mapping.attributeMemberOf** - (default: ldapGroups) - it is the name of an attribute in a mapping of identity provisioning. It is usually memberOf or ldapGroup. This attribute will be added to role's mapping with tramsformation script (which will be set later). - | * **idm.pub.acc.syncRole.system.mapping.attributeMemberOf** - (default: ldapGroups) - it is the name of an attribute in a mapping of identity provisioning. It is usually memberOf or ldapGroup. This attribute will be added to role's mapping with tramsformation script (which will be set later). - | ||
* **idm.pub.acc.syncRole.system.mapping.attributeRoleIdentificator** - (default: distinguishedName) - the name of an attribute in the connector, which holds the distinguished name of a role. | * **idm.pub.acc.syncRole.system.mapping.attributeRoleIdentificator** - (default: distinguishedName) - the name of an attribute in the connector, which holds the distinguished name of a role. | ||
- | * **idm.pub.acc.syncRole.provisioningOfIdentities.system.code** - (default: null) - it is code (name) of the system, where identities have provisioning. | + | * **idm.pub.acc.syncRole.provisioningOfIdentities.system.code** - (default: null, _**mandatory**_) - it is code (name) of the system, where identities have provisioning.It is now mandatory attribute, otherwise workflow will not be working. |
* **idm.pub.acc.syncRole.identity.eav.externalIdentifier.code** - (default: null) - code of eav of a distinguished name of identities. it is used in creating entity in the situation of a Missing entity. It is important when groups in AD already have members and some of the identities DNs cannot be calculated again. | * **idm.pub.acc.syncRole.identity.eav.externalIdentifier.code** - (default: null) - code of eav of a distinguished name of identities. it is used in creating entity in the situation of a Missing entity. It is important when groups in AD already have members and some of the identities DNs cannot be calculated again. | ||
* **idm.pub.acc.syncRole.roleCatalog.ResolveCatalog** - (true/ | * **idm.pub.acc.syncRole.roleCatalog.ResolveCatalog** - (true/ |