The Direct Association dialog lets you specify a direct association between any two classes of objects. Associations of this type are always directional of the form from Class1 to Class2.
You can also use this dialog to establish reverse association that maps an association between the same classes, but in the opposite direction.
Most bi-directional associations have a physical attribute on one class and a virtual attribute on the other class. We recommend that you define the physical association attribute first.
This dialog contains the following fields:
Specifies the physical attribute through which an association is made. The attribute is physical in the sense that it exists on the native system.
Specifies an attribute that forms part of the association, but that does not exist on the native system. CA IAM CS computes the attribute. The attribute is not persisted on the native system.
Typically in JNDI, memberof is an example of a virtual attribute. The native systems only store associations in one direction from group to account. A virtual attribute allows you to create an association from account to group instead.
Specifies the association attribute of the target class that the association attribute of the source class references.
Specifies a formatted attribute value to match against. For example, in some cases, the association attribute for the target class is more complex than the value of the association attribute for the source class. By default, non-DN association attributes are assumed to hold values that exactly correspond to the values of the name or alternative key of the “to” class. If the association attribute has some internal structure, then you can use the template field to help you deal with the structure when creating an association.
The template value can contain the string ${name} or ${dn}. When creating an association, ${name} is replaced with the simple name of the related object, and ${dn} is replaced by its full DN.
Specifies a particular LDAP filter to to use to match the target class's attribute. This is specified as an LDAP search filter, where a string of the form ${attributeName}replaces the value of the corresponding attribute of the from class at run time.
Allows you to select an existing association and base the results of the new association on the existing association, but altering those results somehow, for example, adding association results that appear due to nesting.
Specifies that the Connector Server checks that the referenced object exists before it adds it to an association. This check box also affects the reverse association if any. That is, this check box applies to both the source and target class, in either direction.
Specifies the values that are persisted on the native system. If selected, flags that the full native DN values are stored. For example, cn=myaccount, ou=myorgunit, rather than just the naming attribute value from a DN, such as myaccount.
Specifies whether associations between group classes are nested. For example, a single association definition can satisfy “groups of groups of groups” relationships.
Displays the Reverse Association part of the dialog.
|
Copyright © 2013 CA.
All rights reserved.
|
|