Topic
  • 1 reply
  • Latest Post - ‏2013-08-31T14:31:30Z by franzw
SravanKumarR
SravanKumarR
46 Posts

Pinned topic Attribute update to data store

‏2013-08-31T13:33:43Z |

Hi,

We have two data stores. One is LDAP and another is AD.

We are able to update and remove attributes from TIM to AD sucessfully from operations.

But in case of LDAP, we are able to update in to LDAP platform by calling extension but we are not able to nullify update attribute.

It is nullifying locally, even tough we called extension to modify account and passed all output parameters(it is not deleting in platform).

Note: We used obj.setProperty("attribute","")  and obj.removeProperty("attribute").... Both nullifies attribute locally in ITIM but not in platform even after modify account extension calls and completed successfully.

Hoping for quick reply.

 

Thanks,

Sravan.

  • franzw
    franzw
    391 Posts
    ACCEPTED ANSWER

    Re: Attribute update to data store

    ‏2013-08-31T14:31:30Z  

    I cannot understand what you are trying to do and neither why....

    ITIM does not manage data stores - it manages person and account entities in its private data store that happens to reside in an ldap server.

    Externally ISIM only changes accounts on services - are you are talking about AD and LDAP accounts ?

    If this is the case your design is wrong - you should not touch attributes in the operations - that is the purpose of the Provisioning Policies. The reason for that (and that may be what your seeing here) is that ITIM will disallow any changes to attributes in operations that are in conflict with the policies. There are very special cases where this is necessary - and that requires very strict controls of the Provisioning Policies.

    In general when you alter properties in the operational workflows you should remember to write back the entities to the datastore. Basically this is flow like this :

     

    var myEntity = Entity.get();

    myEntity.removeProperty("attributename");

    Entity.set(myEntity);

     

    But again - if this account attribute you remove them instead using a mandatory entitlement with the null value - and remember that automation in ITIM is connected to the requirement of services set to "correct compliance" - and that is nothing you should switch just like that....

    HTH

    Regards

    Franz Wolfhagen

  • franzw
    franzw
    391 Posts

    Re: Attribute update to data store

    ‏2013-08-31T14:31:30Z  

    I cannot understand what you are trying to do and neither why....

    ITIM does not manage data stores - it manages person and account entities in its private data store that happens to reside in an ldap server.

    Externally ISIM only changes accounts on services - are you are talking about AD and LDAP accounts ?

    If this is the case your design is wrong - you should not touch attributes in the operations - that is the purpose of the Provisioning Policies. The reason for that (and that may be what your seeing here) is that ITIM will disallow any changes to attributes in operations that are in conflict with the policies. There are very special cases where this is necessary - and that requires very strict controls of the Provisioning Policies.

    In general when you alter properties in the operational workflows you should remember to write back the entities to the datastore. Basically this is flow like this :

     

    var myEntity = Entity.get();

    myEntity.removeProperty("attributename");

    Entity.set(myEntity);

     

    But again - if this account attribute you remove them instead using a mandatory entitlement with the null value - and remember that automation in ITIM is connected to the requirement of services set to "correct compliance" - and that is nothing you should switch just like that....

    HTH

    Regards

    Franz Wolfhagen