Actions
Feature #1260
openAllow to specify provisioning dependency for systems and operations
Status:
New
Priority:
Normal
Assignee:
Vít Švanda
Category:
Provisioning
Target version:
-
Start date:
09/19/2018
Due date:
% Done:
0%
Estimated time:
Owner:
Description
The aim of this feature is to specify dependency of provisioning operations: "Create account on system A only if the creation of account on system B was already successful", "Change login on system A only if changing login on system B was already successful", "Delete account from system B only if the account was already deleted on system A"
Several use-cases and examples of systems:
- AD + home directory + Exchange
IdM creates accounts in AD (by AD connector), it creates the home directories for users (by PowerShell connector) and/or Exchange mailboxes (by PowerShell connector). The home directory and mailbox can be created only if AD account already exists. So creating PS accounts must depend on creating AD accounts.
- AD + Kerio Connect
Kerio supports AD authentication for its mail accounts, if the account was imported from AD. So when we create the account in Kerio, the account in AD must already exist (so it can be imported).
On the other hand, deleting Kerio accounts must precede deleting AD accounts, otherwise the operation in Kerio fails.
Therefore, we need to specify different order of provisioning operations for Create operation and different for Delete operation
Related issues
Actions