Hi, everyone

I am testing a scenario which is sync HR(lets say a DB) to IDM through
publish channel.
Based on the last post, you all helped me solving department publish
like directory structure. Thanks ^_^
Now I have another question about groupMembership (more like Roles

lets say DB has a user table
emp_id, ou_id, emp_name, .....
andy, 101, andyho, ....

and edirectory

for roles (group object)
cn=IT User,ou=roles,o=data
cn=AD User,ou=roles,o=data

So whats is the better way to publish to add "andy" to "IT User" and "AD
User" these 2 groups?
In the other words, any suggestion to represent 1-to-many (1 user, many
groups) in DB, or other design?

Basically, publishing a new user and put in a group is to set
groupMembership/securityEquals, and member/securtyEqaulsToMe. This part
is ok.
And I've tried Dynamic Group. Based on a data field in user table, new
user created would be synced and put in the group
what if this user needs multiple values for this data field?
This is why I thought I needed another table for group/member stuff,
grp_id, emp_id
IT User, andy
AD User, andy
IT User, John

But in this way, I can't set primary key for syncing (JDBC sync requires
a primary key to sync a objectClass)

So any suggestion? Thanks a lot

andy_ho's Profile: https://forums.netiq.com/member.php?userid=4568
View this thread: https://forums.netiq.com/showthread.php?t=51329