Enabling write-back for flows
Changes that are made in the target directory server can be propagated back to the endpoint by enabling write-back in a flow for selected attributes.
Before you begin
A global write-back option is provided as a safety feature, which you can use to turn off write-back for all flows. However, when you turn off the write-back feature globally, it prevents write-back for all flows, including the specific flows where you might want to enable write-back. Hence, you must first ensure that the write-back feature is enabled at a global level for all flows. See Enabling or disabling global write-back.
After you enable the global write-back feature, you must complete the steps in the following procedure to enable write-back for a specific flow.
About this task
Only the changes that are made to person entries that are targets of this flow are candidates for write-back operations.
Only the attributes that are selected as described in the following steps are handled by the write-back operations.
Procedure
-
To enable write-back for a specific flow, on the Flows tab, click the name of the flow and then click Edit. The configuration page for the flow is opened.
-
Click the Write-back tab.
-
Select Enable to enable the write-back option for this flow.
-
Specify the attributes in the directory server that must trigger a write-back operation and map it to the attribute in the endpoint. Create an attribute mapping
- Click Add Attribute.
- Select the attribute from the list of attributes in the target directory server. A new row is displayed with the selected attribute name under Directory Server Attribute. Note: If the Add Attribute window does not display
the list of attributes from the target directory, take the following actions:
- Under Directory Server in the navigation pane, go to Connection Settings.
- Click Test Connection. Ensure that a green tick mark is displayed next to the name of the endpoint, which indicates that the connection is successful. This action also populates the fields that browse the target directory attributes.
Modify an attribute mapping
- Under Endpoint Attribute / Assignment, double-click the default value to change the mapping and to specify more settings for the attribute mapping.
- Select Enabled to use this attribute mapping for the endpoint.
- Click Simple Assignment or Scripted Assignment to specify the type of mapping. Note: If you select Scripted Assignment, you can define the assignment by writing JavaScript code in the text field or by calling a function in the sdi_solution_dir\LDAPSync\customScript.js file. For more information, see the IBM® Security Verify Directory Integrator documentation and search for Scripting in IBM® Security Verify Directory Integrator.
Delete the mapping for a specific attribute
- Select the check box on the attribute row.
- Click Remove Attribute.
- Click OK.
Results
When a write-back operation happens, a summary of what was written back to the endpoint is displayed. The summary includes details such as the name of the flow, modified attributes, and the DNs of the directory server and endpoint is displayed. You can use the Filter field for searching the write-back summary.