This content has been marked as final. Show 2 replies
I think a way to do that is append (appnedAll) the current list of groups a user belongs to the new ones, and then sort/filter them in some way before update the user. Unknown (to IDM) groups can be mantained into the new assigned list.
You could also leverage a clause you find when configuring a Resource attribute in a Role: for every attribute (and so for ldap groups too) you can specify how the value IDM calculates should be set on ldap user entry: for instance "merge clearing existence" means adding the new group keeping other Roles groups but removing external, non IDM, groups. While simple "merge" means add IDM groups and maintain external groups too.