• State Not Answered
  • Replies 3 replies
  • Subscribers 96 subscribers
  • Views 72 views
  • Users 0 members are here
Options
Related

Using "Members of M:N schema types" without SCIM-Endpoint in Target System

Daniel Dornhof
9 hours ago

Hello OIM-Community, 

I just stumbled upon an issue. 

I'm currently trying to connect a System using the SCIM-Connector. 

The system doesn't provide a Schema, so the standard Schema of

  • Users
  • Groups

are used.

There is no group-Endpoint for this system, but the group-assignments are listed in an Array on one of the user attributes. 

The groups are imported into the OIM-Database using the DataImport-Tool.

When trying to use the "Members of M:N schema types" virtual property type to create the group-memberships, the synchronization tries to call the group-endpoint (i assume for validation) and doesnt create the group-memberships in the OIM database. 


Is there any way around that? 

Kind regards, 
Daniel

  • 0 7 hours ago

    Hi Daniel,

    you may try to define a virtual property based on string array type at UCIUser schema type (left hand side).

    Use property type "Members of M:N schema types" an check the boxes "Ignore case" and "Try to mark the object for deletion" only. Add a reference to table "UCIUserInGroup" and let the members resolve to the id field you have imported at UCIGroup table (usually "ObjectGUID", if you have imported) .

    Use this new virtual property to map the group membership property (usually "groups~value").

    Regards,

        Tino

  • 0 7 hours ago in reply to tlindner

    First thank you for the reply. 

    That's what i've been trying so far, but when doing so the sync tries to call the non-existent groups endpoint to check for the given ID. This causes an error. 

    So far ... 
    I've managed to import the the relations by circumventing the "Members of M:N schema types" by writing the group ids as a long string with a delimiter and then having a process on top of it which runs a script that handles the objects. But i run into the same issue when trying to provision.


    But i feel like the should be an easier solution to the issue

  • 0 6 hours ago in reply to Daniel Dornhof

    Hi Daniel,

    so you have a working solution for synchronizing. You are allowed to use a second property for provisionig (set the arrows for direction of use in mapping). In case of the SCIM endpoint is accepting a string array in PATCH / PUT operation this could be a simple multi valued property having the id's of new groups / all groups.

    Regards,

       Tino