Actions
Feature #2129
openImplement IdM-side filtering for synchronization and reconciliation
Status:
New
Priority:
Normal
Assignee:
Vít Švanda
Category:
Synchronization
Target version:
-
Start date:
03/20/2020
Due date:
% Done:
0%
Estimated time:
Owner:
Description
In synchronization settings, we can define custom filtering of accounts on the end system - creating custom IcFilter (let's call this "end-system filtering").
We already met situations (on two projects) where we would need a bit more freedom, specifically:
We already met situations (on two projects) where we would need a bit more freedom, specifically:
- Filtering search results using regex.
- Permanently hiding some accounts on end system from IdM. Those accounts could not be filtered out in other way (e.g. by specifying additional LDAP filter).
- Filtering during reconciliation.
- IdM performs listAll() as it does now.
- Each record of the listAll operation (=each listed account) is passed to hook as a Map<K,V>, where K is attribute name and V is its value. Processing the Map<K,V> is up to hook (that's why I propose it to be a Groovy script).
- Hook returns "true" -> IdM will process the account in a synchronization/reconciliation.
- Hook returns "false" -> IdM will not process the account. It would look like the account was not part of the listAll() result at all.
No data to display
Actions