Table of Contents
Synchronization - tree nodes
Synchronization of identities has been described above. Another option is to synchronize the tree structure. We'll show sync over an example of organizational structure synchronization:
- First you need to create a type of structure. In our case ORGANIZATIONS.
- On the system, we create a mapping for entity type Tree. Select the type of structure you want (ORGANIZATIONS).
- Create Required mapping attributes:
- identifier - The attribute contains an unambiguous element identifier from the end system. Used for parenting. It must be labeled identifier.
- code - The code is a unique identifier in the tree.
- name - Name of the element. This name will be displayed in the tree component.
- parent - An attribute pointing to your parent. From mapping point of view, this attribute must return identifier parents, Identifier from the end system. From the IDM view, parent contains a reference to the parent object, ie IdmTreeNode. Searching and conversion between system identifier and parent IDM (IdmTreeNode) do synchronization automatically.
- Create optional mapping attributes. A typical example is some extended attribute.
- We create sync to select the mapping you created. The tree structure synchronization configuration is similar to the synchronization of identities. In addition, it is possible to define (in the form of a Groovy script) how to "know" the roots of the tree.
- Start synchronization.Tree sync is always run as reconciliation at this time. It means setting your own filter or token will have no effect.
Basic algorithm
- Root search
- For each root, are recursively searched a children (based on equality value the identity UID (identifier) parent attribute parent and childe attribute). * Synchronization is started for each tree element.
Finding tree roots
The roots of the tree are searched over the set of all accounts obtained from the target system. The reason why roots are not found using the search method on the end system is that their definition is in some cases too complex (the search criteria in the IC module are inadequate). Such a case is, for example, a situation where roots are all the elements (accounts) whose parent attribute are shown to themselves.
Root search is performed using the Groovy script in the synchronization configuration tree root / tree definition . This script runs over all system elements. If Boolean.TRUE returns, then the element is root. If it returns Boolean.FALSE , it is not the root. The entry of this script is account (IcObject), an object of the element received from the IC module.
Example of a script addressing the situation described above :
if(account){ // Get value from parent attribute def parentValue = account.getAttributeByName("parent").getValue(); // Get value from ID attribute def uidValue = account.getAttributeByName("id").getValue(); // Root is account, where is parent value equals with ID (externalId) value. if(parentValue != null && parentValue.equals(uidValue)){ // We need clear value of parent attribute. In IDM has roots always parent = null. account.getAttributeByName("id_nadraz_prac_mista").setValues(null); return Boolean.TRUE; } } return Boolean.FALSE;
How to synchronize all nodes under one already existing?
Sometime we need synchronize all nodes from the source system under one node wich exists in the IdM.
For definition of that 'Super parent' node we cannot using:
- The transfromation from the system (on 'parent' attribute), because we offten using null value in the parent attribute as definition the root node.
- Selectbox on UI (configuration of the sync), because we sometime want to use more 'Super parent' nodes (in case we have more roots and every one shuld be under different 'Super parent').
Super parent node can be defined in the transformation searching roots. This script is defined on the sync configuration and we can set ID of super parent node to parent attribute.
if(account){ // Get value from parent attribute def parentValue = account.getAttributeByName("parent").getValue(); // Get value from ID attribute def uidValue = account.getAttributeByName("id").getValue(); // Root is account, where is parent value is null if(parentValue == null){ // Set default node account.getAttributeByName("parent").setValues(["00a8aa04-667a-412e-bf3c-d892f2d9ca18"]); return Boolean.TRUE; } } return Boolean.FALSE;
