Synchronization Account Indexes (Sun Identity Manager 8.1 Business Administrator's Guide)

Sun Identity Manager 8.1 Business Administrator's Guide

Synchronization Account Indexes

When synchronizing resources in a Service Provider implementation, it may be necessary to define Account Indexes to properly correlate events sent by the resource to users in the Service Provider directory.

By default, resource events are required to contain a value for the attribute accountId which matches the accountId attribute in the directory. In some resources, accountId is not consistently sent. For example, delete events from ActiveDirectory contain only the ActiveDirectory generated account GUID.

Resources that do not include the accountId attribute must include a value for either of the following attributes.

guid. This attribute typically contains a system generated unique identifier.
identity. This attribute is normally the same as accountId for all resources except LDAP resources, where identity contains the full DN of the object.

If you need to correlate using either guid or identity you must define an account index for those attributes. An index is simply the selection of one or more directory user attributes that may be used to store resource specific identities. Once the identities are stored in the directory, they can be used in search filters to correlate synchronization events.

To define account indexes, first determine which resources will be used for synchronization, and which of those require an index. Then edit the Resource definition for the Service Provider directory and add attributes in the schema map for the GUID or identity attributes for each of the Active Sync resources. For example, if you were synchronizing from ActiveDirectory, you might define an attribute named AD-GUID mapped to an unused directory attribute such as manager.

To Define Index Attributes for a Resource

After defining all of the index attributes in the Service Provider resource, perform the following steps:

In the Synchronization Account Indexes area of the configuration page, click the New Index button.

The form expands to contain a resource selection field, followed by two attribute selection fields. The attribute selection fields remain empty until a resource is selected

Select a Resource from the list.

The attributes fields now contain values defined in the schema map for the selected resource.

Select the appropriate index attribute for either the Guid Attribute or the Full Identity Attribute.

It is not usually necessary to set both. If both are set, the software first attempts to correlate using the GUID, then the full identity.

You may click New Index again to define index attributes for other resources.

To delete an index, click the Delete button to the right of the Resource selection field.

Deleting an index only removes the index from the configuration, it does not modify all of the existing directory users that may currently have values stored in the index attributes.

Note –
Deleting an index only removes the index from the configuration, it does not modify all of the existing directory users that may currently have values stored in the index attributes.