Task #631
closed
Change UID attribute provisioning
100%
Description
Goal of this task is allow dynamical change UID attribute while exist accAccount.
Updated by Vít Švanda over 6 years ago
- Subject changed from Change UID attribute provisioning/synchronization to Change UID attribute provisioning
Updated by Vít Švanda over 6 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Vít Švanda to Ondřej Kopr
- % Done changed from 0 to 90
Problem is in change primary key of account.
After definiton of UID is changed (username on Identity) is broken "relation" between AccAccount.UID and this definition (in AccAccount is old value). For this reason was overloaded attributes not found and provisioning was executed only for default system mapped attributes.
I had to make bigger changes in Provisioning for solve this problem:
- I forbade situation where can be on one role created two mapping on same system, with different UID definition (overloaded ID attribute).
- I created validation and message for this forbidden.
- Provisioning now not need finding overloaded attributes by UID.
Updated by Ondřej Kopr over 6 years ago
- Assignee changed from Ondřej Kopr to Vít Švanda
- i'm not able to create two same system_role_mapping for one system - OK,
- change UID existing identity (username), overloading from roles works correctly - OK,
- try to create overload identifier from role, from BE throw error - OK, but FE dont show any error, or log message - please add same info or error message,
eu.bcvsolutions.idm.acc.exception.ProvisioningException: More then one UID attribute was found for role addTableSystemUsers02 and system prov_user. Only one UID attribute can be defined!
- i'm still able overload identifier, in role map attribute NAME but don't check as identifier, to end system was send overload NAME attribute, Account identifier in user accounts will not bee changed, this is probably OK.
i found maybe possible problem (for someone): table connector, NAME attribute is NAME in end system (i used our test system, system_users table). In system mapping has mapped NAME attribute to username and NAME attribute mapped to phone, after provisioning i see in archive that NAME was send as some number (from phone), but in end system is still username. This is correct, but i didnt know why was not send value in name. Maybe is necessary add NAME attribute to provisioning archive logs always. Someone could be very angry that they dont see all the attributes.
In this feedback i prepared end system and mapping for another feedback
Updated by Vít Švanda over 6 years ago
- Status changed from Needs feedback to Resolved
- % Done changed from 90 to 100
Problem with validation is not related with this task... fixed.