Repository attributes
I need to have all of my 15 attributes from a resource moved to the mysql repository.
I read at some place that we can have only 5 attributes stored in the repository.
Can some one explain this... and where should i specify these attribute names...or mapping other than the resource mapping.
is it done by changing the create waveset table script, or should i make any additions to the UI attributes or extended attributes.
# 1
You can add more attributes to the mysql repository by adding them as user extended attributes. I always modify the xml directly in the debug page. The User Extended Attributes is a Configuration object. As a clarification, when you say add attributes to the repository, you are adding to the user's virtual identity. This is typically done for the following reasons.
1) If you have an attribute that is required from the Authoritative Source that cannot be stored in any of the managed resources. (Eg. LastFourOfSSN)
2) If you have an attribute that is stored in the managed resources but needs to be in the IDM for searching purposes and faster access (Eg. employeeID).
Now you can add as much user extended attributes as you need, but flip side is, that will make the system more inefficient. Because you are effectively causing the User xml to increase in size. So the recommended approach (At least mine) is to add as few User Extended attributes as possible. If you have a lot of attributes to be managed, then create a single table and add that as a managed resource using the Database adapter.
The 5 attributes restriction you have heard is true for searching on the user extended attributes. Infact 2 of them are already taken (accountId and lastname). So effectively you have 3 other user defined attributes to be assigned as searchable . [They may have changed in 6.0, I am not sure ] To make a user extended attribute searchable, you have to add them to QueryableAttrNames tag in UserUIConfig of the Configuration object
Eg of the default searchable attributes.
<QueryableAttrNames>
<List>
<String>correlationKey</String>
<String>role</String>
<String>email</String>
<String>name</String>
<String>firstname</String>
<String>lastname</String>
<String>prov</String>
<String>dis</String>
<String>locked</String>
<String>user_resources</String>
<String>idmManager</String>
</List>
</QueryableAttrNames>
Hope this clarifies
# 2
thanks... that was a detail reply to clarify my doubts...
thanks
still i have couple more
1. Do i have to edit the table schema in the mysql repository to have them stored there...or will IDM create tables and schema byitself by adding them as user extended attributes .
2. Query attributes makes the queries faster right... any other use of it?
3. using the attributes as global.xxxx or waveset.xxxx - will this reference these repository attributes?
Thanks
NSankar
# 3
1. No you do not have to modify the table schema at all. IDM views everything as objects. That includes Configuration, User, Account, TaskDefinition, UserForms etc to name a few. Every single object is represented as a xml in a database long column. There is only one table "object" in the waveset schema that holds all the objects. When you add user extended attributes, this adds to the size of the user xml object of each and every user it stores. Which eventually makes it harder to load everytime a user is accessed for viewing or updating. Hence the potential performance hit.
2. That is the only use of that tag
3. global.xxx vs waveset.xxx. Understanding that is a separate big discussion. To answer your question, yes you access them just like how you would any other IDM attribute like global.firstname or global.<yourattribuitename>
# 4
so can i export these attribute and account info later to bulk load into another ldap, which i cannot configure as a resource due to policy regulations.
my scenario is - after having all the attributes in The Oracle Db, get an export of it in CSV or Any other format and dumb into a ldap which is not configured a s a resource.
or will i have to create a resource of ldap instance and try to sync all thses data into it.
