User Management Scenarios¶
This section provides details on the actions that are carried out when a user is managed, given the absence or presence of the same user in VOSS-4-UC applications or LDAP.
Add User Sync Scenarios¶
The table below details add and update scenarios when a user is added that may exist on VOSS-4-UC, applications or LDAP and the default Sync Source precendences apply. The cases are:
- if either the user exists or does not exist on LDAP
- if either the user exists or does not exist on any application that is a sync source (APP SOURCE)
Field sync takes place according to:
- Sync Source precedence - see User Sync Source.
- the User Field Mapping that applies - see: User Field Mapping.
Important
Sync Source precedence may override user input. If you update a user on VOSS-4-UC:
- that exists on a sync source
- has mapped fields
- has a higher precedence than LOCAL (VOSS-4-UC) data
the data of these fields will be updated from the sync source and not the user input added in VOSS-4-UC. The Admin Portal would typically render these fields read-only.
The detailed scenarios for the operation: adding a user (model: relation/User) are:
data/User
exists |
device/ldap/User
exists |
device/<APP>/User
exists |
Hierarchy | Action | User Sync Source |
|---|---|---|---|---|---|
| Y | same as user | Error: user exists | |||
| current | Create data/User |
LOCAL | |||
| Y | same as LDAP user | Create data/User,
Update data/User,
based on sync
source |
LDAP | ||
| Y | same as APP user | Create data/User,
Update data/User,
based on sync
source |
APP SOURCE | ||
| Y | Y | same as APP user | Create data/User,
Update data/User,
based on sync
source |
LDAP | |
| Y | below LDAP user hierarchy | Create data/User,
Update data/User,
based on sync
source,
Move LDAP user to
data/User hierarchy |
LDAP | ||
| Y | below APP user hierarchy | Create data/User
Update data/User
based on sync
source
Move App user to
data/User hierarchy |
APP SOURCE | ||
| Y | Y | below APP user hierarchy | Create data/User
Update data/User
based on sync
source
Move LDAP user to
data/User hierarchy |
LDAP | |
| Y | above LDAP user hierarchy | Error: Create User Log entry with message | LDAP | ||
| Y | above APP user hierarchy | Error: Create User Log entry with message | APP SOURCE | ||
| Y | Y | above APP user hierarchy | Error: Create User Log entry with message | LDAP |
Update User Sync Scenarios¶
The table below details data sync sources and update actions when a user is updated and the default Sync Source precendences apply. The cases are:
- if either the user exists or does not exist on LDAP
- if either the user exists or does not exist on any application that is a sync source
Field sync takes place according to:
- Sync Source precedence - see User Sync Source.
- the User Field Mapping that applies - see: User Field Mapping.
Important
Sync Source precedence may override user input. If you update a user on VOSS-4-UC:
- that exists on a sync source
- has mapped fields
- has a higher precedence than LOCAL (VOSS-4-UC) data
the data of these fields will be updated from the sync source and not the user input added in VOSS-4-UC. The Admin Portal would typically render these fields read-only.
The detailed scenarios for the operation: updating a user (model: relation/User) are:
data/User
exists |
device/ldap/User
exists |
device/<APP>/User
exists |
Hierarchy | Action | User Sync Source |
|---|---|---|---|---|---|
| Y | same as user | Update data/User |
LOCAL | ||
| Y | Y | same as user or LDAP user | Update Update |
LDAP | |
| Y | Y | same as user or APP user | Update Update App/User using reverse App map |
APP SOURCE | |
| Y | Y | Y | same as any of user, APP LDAP user | Update Update Update App/User using reverse App map |
LDAP |
| Y | Y | below user or LDAP user | Update Update |
LDAP | |
| Y | Y | below user or APP user | Error: Create User Log entry with message RBAC issue | APP SOURCE | |
| Y | Y | Y | below any of user, LDAP, APP user | Error: Create User Log entry with message RBAC issue | LDAP |
| Y | Y | above user or LDAP user | Error: Create User Log entry with message | LDAP | |
| Y | Y | above user or APP user | Error: Create User Log entry with message | APP SOURCE | |
| Y | Y | Y | above any of user, LDAP, APP user | Error: Create User Log entry with message | LDAP |
LDAP Add Sync Scenarios¶
The table below details data sync sources and update actions when an LDAP user is added and the default Sync Source precendences apply. The cases are:
- if either the user exists or does not exist on LDAP
- if either the user exists or does not exist on VOSS-4-UC or any application that is a sync source
Field sync takes place according to:
- Sync Source precedence - see User Sync Source.
- the User Field Mapping that applies - see: User Field Mapping.
Important
Sync Source precedence may override user input. If you update a user on VOSS-4-UC:
- that exists on a sync source
- has mapped fields
- has a higher precedence than LOCAL (VOSS-4-UC) data
the data of these fields will be updated from the sync source and not the user input added in VOSS-4-UC. The Admin Portal would typically render these fields read-only.
The detailed scenarios and actions for the operation: syncing an LDAP user (sync source is always LDAP) are:
data/User
exists |
device/ldap/User
exists |
device/<APP>/User
exists |
Hierarchy | Action |
|---|---|---|---|---|
| Y | same as user | Update data/User |
||
Create data/User |
||||
| Y | same as LDAP user | Error Create User Log entry with message Purge current LDAP user |
||
| Y | same as APP user | Create Update Update APP data based on sync source |
||
| Y | Y | same as LDAP or APP user | Error Create User Log entry with message Purge current LDAP user |
|
| Y | below user | Update Move LDAP user to
|
||
| Y | below LDAP user | Error Create User Log entry with message Purge current LDAP user |
||
| Y | below APP user | Create Update Update APP data based on sync source Move |
||
| Y | Y | below LDAP or APP user | Error Create User Log entry with message Purge current LDAP user |
|
| Y | above user | Error Create User Log entry with message Purge current LDAP user |
||
| Y | above LDAP user | Error Create User Log entry with message Purge current LDAP user |
||
| Y | above APP user | Create Update Update APP data based on sync source |
||
| Y | Y | above LDAP or APP user | Error Create User Log entry with message Purge current LDAP user |
|
| Y | Y | above user or APP user | Create Update Update APP data based on sync source |
LDAP Update and Delete Sync Scenarios¶
The table below details data sync sources and update actions when an LDAP user is added and the default Sync Source precendences apply. The cases are:
- if either the user exists or does not exist on LDAP
- if either the user exists or does not exist on VOSS-4-UC or any application that is a sync source
Field sync takes place according to:
- Sync Source precedence - see User Sync Source.
- the User Field Mapping that applies - see: User Field Mapping.
Important
Sync Source precedence may override user input. If you update a user on VOSS-4-UC:
- that exists on a sync source
- has mapped fields
- has a higher precedence than LOCAL (VOSS-4-UC) data
the data of these fields will be updated from the sync source and not the user input added in VOSS-4-UC. The Admin Portal would typically render these fields read-only.
The detailed scenarios and actions for the operation: deleting an LDAP sync - manually (M) or automatically (A) - are:
| Operation | data/User
exists |
device/ldap/User
exists |
device/<APP>/User
exists |
Action | User Sync Source |
|---|---|---|---|---|---|
| LDAP DELETE SYNC (M) | Y | Y | Update data/User |
LOCAL | |
| LDAP DELETE SYNC (M) | Y | ||||
| LDAP DELETE SYNC (M) | Y | Y | Y | Update Update APP data based on sync source Convert CUCM user to local user |
LOCAL |
| LDAP DELETE SYNC (A) | Y | Y | Delete data/User |
||
| LDAP DELETE SYNC (A) | Y | ||||
| LDAP DELETE SYNC (A) | Y | Y | Y | Delete Delete
|
The detailed scenarios and actions for the operation: updating an LDAP sync (sync source is always LDAP) are:
data/User
exists |
device/ldap/User
exists |
device/<APP>/User
exists |
Action |
|---|---|---|---|
| Y | Y | Update data/User |
|
| Y | Create data/User |
||
| Y | Y | Y | Update Update APP data based on sync source |
