Il 24/06/2013 12:18, Nik ha scritto:
oops, I meant to say:
Is it possible to get the resource assignment on the user reconn in
step [1] without having to go through step [3]?
You can create a "user template" for the reconciliation task to
automatically assign role or resource to each reconciled user.
rgds,
Nik
1. by a direct resource assignment
2. by an indirect resource assignment (by role I mean)
So, you have two link with the resource ....
Thanks Fabio, this DOES indeed explain and clarify my confusion.
[1] I do the task for reconn.
[2] After the user(s) is/are reconn'd into syncope, they are not
"resource assigned" to the ldap resource (this has always bugged me a
bit).
[3] I have to assign all the reconn'd users the ldap resource as a
post reconn task.
So I guess this is the direct double assignment situation you mention.
With this double assignment, which is mandatory for our application
users management, we never will fall into your "last role
unassignment, user
deletion", base case for role unassignment, as far as I can work out
- can you please confirm this, as I feel we don't have to disable
One_Phase_Delete
capability, since this is a corner case we will never fall into.
I do have a question.
Is it possible to get the resource assignment on the user reconn in
step [1] without having to go through step [2]
Regards,
Nik
Rgds,
F.
This appears to be in contradictation to what you state above,
unless we are discussing two very
different things.
rgds,
Nik
