Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Web & Directory Servers >> Directory Servers

Roles Setting and Removing Resource Attributes

Hello All,

I have a quick question (Which I hope has a quick answer). I am trying to set up a role, so that when it is assigned to a user, sets an attribute value on an LDAP resource. Then, when the role is removed from the user, the attribute value is cleared. When setting up the role, I specified the resource as assigned, and then set the attribute. When I set the role on a user, it is successfully setting the value in the attribute. When I remove the role from the user, it is not removing the value in the attribute. Is there an easy way to do this?

Thanks!

[584 byte] By [JimBearda] at [2007-11-26 13:42:51]
«« controlling KeyNavigator
»» could any body explain me the input arguments to EXEC( );
# 1

Hi,

When setting the RoleAttribute you need to set "Authoritive Set to Value, Clear Existing", then when the Role is removed from the user the attribute value is deprovisioned. Unfortunately this also has the affect of removing any other value that the attribute may have (especially true since many LDAP attributes are multi-valued).

HTH,

Paul Walker

PaulWalker999a at 2007-7-8 1:16:00 > top of Java-index,Web & Directory Servers,Directory Servers...
# 2
Paul,It is indeed a multi-valued LDAP attribute. There will typically be other values I don't want to have removed.Any other advice? Thanks for the input!Jim
JimBearda at 2007-7-8 1:16:00 > top of Java-index,Web & Directory Servers,Directory Servers...
# 3
Actually, I get the desired functionality as long as all the other potential attribute values are also determine from role assignments.Thanks!
JimBearda at 2007-7-8 1:16:00 > top of Java-index,Web & Directory Servers,Directory Servers...
# 4

OK.. Thats not 100% true. I get the desired behavior that I want as long as I assign a default value in case no value should be set. IDM handles removing the old value as long as there are more values in the attribute. It won't remove the last value.

It handles it fine if you set a default value for the field.

JimBearda at 2007-7-8 1:16:00 > top of Java-index,Web & Directory Servers,Directory Servers...
Web & Directory Servers
Directory Servers

Web & Directory Servers New Topic

Web & Directory Servers Hot Topic

Web & Directory Servers

All Classified