User Management Scenarios

This section provides details on the actions that are carried out when a user is managed, given the absence or presence of the same user in VOSS-4-UC applications or LDAP.

Add User Sync Scenarios

The table below details add and update scenarios when a user is added that may exist on VOSS-4-UC, applications or LDAP and the default Sync Source precendences apply. The cases are:

  • if either the user exists or does not exist on LDAP
  • if either the user exists or does not exist on any application that is a sync source (APP SOURCE)

Field sync takes place according to:

Important

Sync Source precedence may override user input. If you update a user on VOSS-4-UC:

  • that exists on a sync source
  • has mapped fields
  • has a higher precedence than LOCAL (VOSS-4-UC) data

the data of these fields will be updated from the sync source and not the user input added in VOSS-4-UC. The Admin Portal would typically render these fields read-only.

The detailed scenarios for the operation: adding a user (model: relation/User) are:

data/User exists device/ldap/User exists device/<APP>/User exists Hierarchy Action User Sync Source
Y     same as user Error: user exists  
      current Create data/User LOCAL
  Y   same as LDAP user Create data/User, Update data/User, based on sync source LDAP
    Y same as APP user Create data/User, Update data/User, based on sync source APP SOURCE
  Y Y same as APP user Create data/User, Update data/User, based on sync source LDAP
  Y   below LDAP user hierarchy Create data/User, Update data/User, based on sync source, Move LDAP user to data/User hierarchy LDAP
    Y below APP user hierarchy Create data/User Update data/User based on sync source Move App user to data/User hierarchy APP SOURCE
  Y Y below APP user hierarchy Create data/User Update data/User based on sync source Move LDAP user to data/User hierarchy LDAP
  Y   above LDAP user hierarchy Error: Create User Log entry with message LDAP
    Y above APP user hierarchy Error: Create User Log entry with message APP SOURCE
  Y Y above APP user hierarchy Error: Create User Log entry with message LDAP

Update User Sync Scenarios

The table below details data sync sources and update actions when a user is updated and the default Sync Source precendences apply. The cases are:

  • if either the user exists or does not exist on LDAP
  • if either the user exists or does not exist on any application that is a sync source

Field sync takes place according to:

Important

Sync Source precedence may override user input. If you update a user on VOSS-4-UC:

  • that exists on a sync source
  • has mapped fields
  • has a higher precedence than LOCAL (VOSS-4-UC) data

the data of these fields will be updated from the sync source and not the user input added in VOSS-4-UC. The Admin Portal would typically render these fields read-only.

The detailed scenarios for the operation: updating a user (model: relation/User) are:

data/User exists device/ldap/User exists device/<APP>/User exists Hierarchy Action User Sync Source
Y     same as user Update data/User LOCAL
Y Y   same as user or LDAP user

Update data/User Non Mapped Fields only

Update data/User based on sync source

 LDAP
Y   Y same as user or APP user

Update data/User

Update App/User using reverse App map

 APP SOURCE
Y Y Y same as any of user, APP LDAP user

Update data/User Non Mapped Fields only

Update data/User based on sync source

Update App/User using reverse App map

 LDAP
Y Y   below user or LDAP user

Update data/User Non Mapped Fields only

Update data/User based on sync source

 LDAP
Y   Y below user or APP user Error: Create User Log entry with message RBAC issue APP SOURCE
Y Y Y below any of user, LDAP, APP user Error: Create User Log entry with message RBAC issue LDAP
Y Y   above user or LDAP user Error: Create User Log entry with message LDAP
Y   Y above user or APP user Error: Create User Log entry with message APP SOURCE
Y Y Y above any of user, LDAP, APP user Error: Create User Log entry with message LDAP

LDAP Add Sync Scenarios

The table below details data sync sources and update actions when an LDAP user is added and the default Sync Source precendences apply. The cases are:

  • if either the user exists or does not exist on LDAP
  • if either the user exists or does not exist on VOSS-4-UC or any application that is a sync source

Field sync takes place according to:

Important

Sync Source precedence may override user input. If you update a user on VOSS-4-UC:

  • that exists on a sync source
  • has mapped fields
  • has a higher precedence than LOCAL (VOSS-4-UC) data

the data of these fields will be updated from the sync source and not the user input added in VOSS-4-UC. The Admin Portal would typically render these fields read-only.

The detailed scenarios and actions for the operation: syncing an LDAP user (sync source is always LDAP) are:

data/User exists device/ldap/User exists device/<APP>/User exists Hierarchy Action
Y     same as user Update data/User
        Create data/User
  Y   same as LDAP user

Error Create User Log entry with message

Purge current LDAP user
    Y same as APP user

Create data/User

Update data/User based on sync source

Update APP data based on sync source
  Y Y same as LDAP or APP user

Error Create User Log entry with message

Purge current LDAP user
Y     below user

Update data/User

Move LDAP user to data/User hierarchy
  Y   below LDAP user

Error Create User Log entry with message

Purge current LDAP user
    Y below APP user

Create data/User

Update data/User based on sync source

Update APP data based on sync source

Move data/User and LDAP user to APP hierarchy
  Y Y below LDAP or APP user

Error Create User Log entry with message

Purge current LDAP user
Y     above user

Error Create User Log entry with message

Purge current LDAP user
  Y   above LDAP user

Error Create User Log entry with message

Purge current LDAP user
    Y above APP user

Create data/User

Update data/User based on sync source

Update APP data based on sync source
  Y Y above LDAP or APP user

Error Create User Log entry with message

Purge current LDAP user
Y   Y above user or APP user

Create data/User

Update data/User based on sync source

Update APP data based on sync source

LDAP Update and Delete Sync Scenarios

The table below details data sync sources and update actions when an LDAP user is added and the default Sync Source precendences apply. The cases are:

  • if either the user exists or does not exist on LDAP
  • if either the user exists or does not exist on VOSS-4-UC or any application that is a sync source

Field sync takes place according to:

Important

Sync Source precedence may override user input. If you update a user on VOSS-4-UC:

  • that exists on a sync source
  • has mapped fields
  • has a higher precedence than LOCAL (VOSS-4-UC) data

the data of these fields will be updated from the sync source and not the user input added in VOSS-4-UC. The Admin Portal would typically render these fields read-only.

The detailed scenarios and actions for the operation: deleting an LDAP sync - manually (M) or automatically (A) - are:

Operation data/User exists device/ldap/User exists device/<APP>/User exists Action User Sync Source
LDAP DELETE SYNC (M) Y Y   Update data/User LOCAL
LDAP DELETE SYNC (M)   Y      
LDAP DELETE SYNC (M) Y Y Y

Update data/User based on sync source

Update APP data based on sync source

Convert CUCM user to local user

 LOCAL
LDAP DELETE SYNC (A) Y Y   Delete data/User  
LDAP DELETE SYNC (A)   Y      
LDAP DELETE SYNC (A) Y Y Y

Delete data/User source

Delete relation/Subscriber

  

The detailed scenarios and actions for the operation: updating an LDAP sync (sync source is always LDAP) are:

data/User exists device/ldap/User exists device/<APP>/User exists Action
Y Y   Update data/User
  Y   Create data/User
Y Y Y

Update data/User based on sync source

Update APP data based on sync source