2 Replies Latest reply: Jun 11, 2012 9:57 AM by Bobm53-Oracle RSS

    How to manage a subset of LDAP Groups

    kk
      Hi all,


      I have to configure IDM to manage a new LDAP resource but the groups are becoming a nightmare.
      Customer can automate a partial list of groups and wants to manage the rest of groups working directly on the resource.

      I want to know if it's possible to configure IDM to manage just a subset of groups without overwrite the value of all groups assigned to the user.

      All advice are appreciated.

      Thanks in advance,
      KK.
        • 1. Re: How to manage a subset of LDAP Groups
          Bobm53-Oracle
          I think a way to do that is append (appnedAll) the current list of groups a user belongs to the new ones, and then sort/filter them in some way before update the user. Unknown (to IDM) groups can be mantained into the new assigned list.
          HTH
          • 2. Re: How to manage a subset of LDAP Groups
            Bobm53-Oracle
            You could also leverage a clause you find when configuring a Resource attribute in a Role: for every attribute (and so for ldap groups too) you can specify how the value IDM calculates should be set on ldap user entry: for instance "merge clearing existence" means adding the new group keeping other Roles groups but removing external, non IDM, groups. While simple "merge" means add IDM groups and maintain external groups too.
            HTH