Mappings define the relationships at the attribute level between data in connector data sources and objects. They also define rules to create attributes where they do not already exist and transform attributes if required.
- Properties: Defines attribute mappings between source attributes and target attributes, and scripts to create and transform attribute values. Also defines a link qualifier, required to link a single record in the source to multiple different records in the target. Which might be required in some situations e.g. event based HR data feeds where the same user record may appear multiple times.
- Association: Queries, record validation scripts and association rules that work together define how a source account is linked to a target account. i.e. how OpenIDM knows that Anne’s account in the target system maps to Anne’s account in the source system, and not Bob’s account.
- Behaviors: Defines the rules that tell OpenIDM what to do in different situations e.g. if an account doesn’t exist in the target system, then you might configure a behaviour to create it. This is incredibly powerful and we will explore it further.
- Scheduling: Schedules for reconciliation operations e.g. run the mapping every hour, day, week etc. This is not the same as livesync (which we touched on last time) which will sync changes between systems as they occur.
Creating the Mapping
- Connectors: Any connectors you have configured, e.g. flat file, database, LDAP.
- Managed Objects: The managed objects defined in OpenIDM.
Configuring the Mapping
- Property List: The source property to map from.
- Transformation Script: In line or file based scripts to transform attributes, a common use of this is to generate LDAP distinguished names.
- Conditional Updates: Advanced logic that allows you to define rules for the conditional update of certain properties on sync. Useful if you want to ensure that a particular property is never over wrote.
- Default Values: Simply set a fixed default value for the target, e.g. “true”, “active”, whatever.
This blog post was first published @ http://identity-implementation.blogspot.no/, included here with permission from the author.