Multiple DataConnector Precedence Order
Mr. Christopher Bland
chris at fdu.edu
Fri Apr 1 23:20:22 EDT 2016
Hi David,
Your solution sounds like the best option during the migration since we are starting to create AD only users. If you are willing to provide a sample attribute definition I would greatly appreciate it as well as any who looks at this tread in the future.
-Chris
On Mar 31, 2016, at 1:22 PM, IAM David Bantz <dabantz at alaska.edu<mailto:dabantz at alaska.edu>> wrote:
This isn't too hard to build in a scripted attribute - we do exactly this with sources MS AD and Oracle LDAP sources: map attribute to the preferred source attribute if it exists, otherwise to the secondary source. (happy to provide our example if requested)
David Bantz
UA OIT IAM
On Thu, Mar 31, 2016 at 5:50 AM, Cantor, Scott <cantor.2 at osu.edu<mailto:cantor.2 at osu.edu>> wrote:
> My organization is in the process of moving a new Directory Server. As such I
> have configure DataConnector for each. What I have started to notice that
> for a subset of users that have had information updated in the new system I
> am getting multivalued attributes for things like surname. ex Directory 1 has
> Surname=Smith, Directory 2 has Surname=Smith Sr. This would result in the
> attribute Surname=Smith;Smith Sr.
>
> Is there any way to say Directory 1 is authoritative for Surname since I cannot
> prevent both Directories from responding?
Not without your own logic to do it. Generally you should have one directory be a failover for the other, not access both.
-- Scott
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160402/efa1a8c9/attachment-0001.html>
More information about the users
mailing list