Il 24/06/2013 14:52, Nik ha scritto:
This is exactly what I was looking for many weeks ago and it works a
charm. Thanks Fabio!
Also can you confirm that with the double direct resource assignment
that we will not fall into the
deletion on user when unassigning the last role from a user which is
ldap resource linked (I think I can
prove this already with my tests, but I would like to be sure of it
from you)
confirmed
rgds,
Nik
Il 24/06/2013 12:18, Nik ha scritto:
oops, I meant to say:
Is it possible to get the resource assignment on the user reconn in
step [1] without having to go through step [3]?
You can create a "user template" for the reconciliation task to
automatically assign role or resource to each reconciled user.
rgds,
Nik
1. by a direct resource assignment
2. by an indirect resource assignment (by role I mean)
So, you have two link with the resource ....
Thanks Fabio, this DOES indeed explain and clarify my confusion.
[1] I do the task for reconn.
[2] After the user(s) is/are reconn'd into syncope, they are not
"resource assigned" to the ldap resource (this has always bugged me
a bit).
[3] I have to assign all the reconn'd users the ldap resource as a
post reconn task.
So I guess this is the direct double assignment situation you mention.
With this double assignment, which is mandatory for our application
users management, we never will fall into your "last role
unassignment, user
deletion", base case for role unassignment, as far as I can work
out - can you please confirm this, as I feel we don't have to
disable One_Phase_Delete
capability, since this is a corner case we will never fall into.
I do have a question.
Is it possible to get the resource assignment on the user reconn in
step [1] without having to go through step [2]
Regards,
Nik
Rgds,
F.
This appears to be in contradictation to what you state above,
unless we are discussing two very
different things.
rgds,
Nik
