It is possible to define a single association attribute that contains DNs for more than one object class, in which case use the MetaDataDefs.MD_DN_LDAP_OBJECTCLASSES ("DNLdapObjectClasses") metadata setting, rather then the singular "DNLdapObjectClass" setting.
When this setting is used, a DN converter implementation needs to determine the object class for each contained value. The base DN converter in the CA IAM CS framework (com.ca.jcs.converter.connector.DNPropertyConverter) first attempts to distinguish the object class for each DN based on their connector-speak naming attributes. If there is no overlap in these for all of the classes allowed to appear in the collection, the connector developer does not need to provide any special handling. However, if there is an overlap, then the connector developer must override the com.ca.jcs.meta.MetaConnector.resolveObjectClass() method and use custom logic to return the appropriate object class for each DN. In the most difficult case (there is no syntactic clue in the connector-speak native names) it may be necessary to actually lookup the referenced object on the endpoint itself.
|
Copyright © 2013 CA.
All rights reserved.
|
|