Task #1298
closed
Merge strategy does not support change of value for system
0%
Description
Common usecase with managing AD groups is, that we support change of group DN on system. DN is synchronized by system for groups synchronization.
This DN is provisioned in memberOf attribute to users.
Current merge strategy does not support DN change, because new value is not in users provisioning history.
For example if group DN is changed, then deleting relevant role from user will not remove his group on AD.
This can also easily happen on other systems.
We need to discuss possible solutions.
Related issues
Updated by Petr Michal about 6 years ago
- Related to Defect #1250: End of contract didn't remove roles from the system added
Updated by Marcel Poul about 6 years ago
- Priority changed from Normal to High
This is quite an issue for us. Potentially every project can come across this.
Possible workaround is to use an "authoritative merge" strategy - but this cannot be done everywhere. On the contrary - # of projects where we can use AM is relatively small.
Please try to think of solution, workaround, anything. We can call and make some discussion.
Updated by Vít Švanda about 6 years ago
- Related to Task #1323: Provisioning - reimplementation of MERGE strategy added
Updated by Vít Švanda about 6 years ago
- Status changed from New to Closed
- Target version set to Onyx (9.3.0)