OpenIDM 4 introduces a new type of Managed Object: Relationships (amongst other things). They enable the easy creation of relations between managed objects, and will surely be a key component in the newer field of Identity Relationship Management (IRM).
So what do we mean by “Group Hierarchy” here?
Simply that groups in LDAP can be defined under other groups, or rather, using other groups as parent containers in the LDAP DIT.
In this example, the DN of the “Payroll Admins” group is: “cn=Payroll Admins,cn=HR Admins,cn=Admins,ou=Groups,dc=example,dc=com”, it has 2 parent groups, as explicit in its DN.
So then to create Group hierarchies with OpenIDM 4, we can create “Parent” –> “Child” relationships between group Managed Objects and thus leverage all the out-of-the-box functionality surrounding relationships (including the new UI features. More on that later). Here’s how…
1. Update the Group Schema
2. onCreate Script
3. Resulting UI Experience
Given the relationships defined above, OpenIDM will render the UI with the appropriate widgets to select Children and Parent groups.
The new UI also provides are real relationship graphical view of the same data: