...
Using LDAP select all NetIDs and their mapped attributes listed below where the NetID has either the attribute eduPersonAffiliation=member and/or eduPersonAffiliation=affiliate. Affiliation Type is used to determine who is considered Full Time Employees. Applicant students, both undergrad and graduate are inactive, they are filtered out.
The filter used is: (|(eduPersonAffiliation=member)(eduPersonAffiliation=affiliate))(!(uconnPersonPrimaryAffiliation=Appl*))
Logic
By default we want Full Time Employees to be Active in the system (<Record> tag active property = true). Students and Affiliates should be Inactive by default but included in the feed so their ID’s are generated but disabled. If a student or affiliate has an active KFS Role or Group then their active flag should be sent with a value of “true” instead.
...
SELECT DISTINCT(MBR_ID), 'ACTIVE KFS GROUP' AS DESCRIPTION FROM kfs.KRIM_GRP_MBR_T WHERE (ACTV_FRM_DT IS NULL OR ACTV_FRM_DT <= CURDATE() ) AND (ACTV_TO_DT IS NULL OR ACTV_TO_DT >= CURDATE() ) AND MBR_TYP_CD='P' AND MBR_ID NOT IN ('*','2','admin','kfsctmuser');
Code to determine users with roles or groups already exists. Users should be false if
Mapping
Tag | LDAP Attribute | Notes |
<Record entityID> | uid | NetID (lowercase) |
<Record principalID> | uid | NetID (lowercase) |
<Record principalName> | uid | NetID (lowercase) |
<Record active> | n/a | Default = “true” If uconnPersonPrimaryAffiliation = Undergraduate Student, Graduate Student, Applicants, or Affiliate set to “false” unless they have an active role or group in KFS. Full Time Employees, including members and affiliates, are always “true” |
<addressTypeCode> | n/a | Always “WRK” |
<addressLine1> | postalAddress | If postalAddress empty look for registeredAddress |
<addressLine2> | registeredAddress |
|
<city> | location |
|
<stateOrProvince> | state |
|
<postalCode> | postalCode |
|
<country> |
| Always “US” |
<affiliationType> | uconnPersonPrimaryAffiliation | Professional Staff = STAFF Special Payroll = STAFF Graduate Student = STDNT Univ Affiliated Employee = AFLT |
<campus> | l | Storrs = 01 Waterbury = 05 Avery Point = 06 Health Center = 07 Extension Services = 08 |
<employeeStatus> |
| Always “A” |
<employeeType> |
| Default = “P” If uconnPersonPrimaryAffiliation = Undergraduate Student or Graduate Student set to “N” |
<baseSalaryAmount> |
| Always “0.0” |
<primaryDepartment> | department | Preceded by UC- (example UC-1515) |
<employeeID> | employeeNumber | Last 6 characters (ex. 037796 for btp98001) |
<emailAddress> |
| |
<firstName> | givenName |
|
<middleName> | Initials | If Null value should be an empty tag |
<lastName> | sn |
|
<phoneNumber> | publishedTelephoneNumber | If Null leave tag out. Format XXX-XXX-XXXX |
Inclusion of the kfsctmuser
...
<phoneNumber>860-486-9364</phoneNumber>
</record>
Footer Tag:
</hrmanifest>
Other Thoughts/Considerations:
Student employees – Also known as netidwork accounts. We have some existing functionality in the current user feed but have not yet taken advantage of it.
...
Emeritus working and non-working will have the edupersonaffiliaton=member. Probably okay as long as they have no roles. Could always revisit and add the same logic for emeritus as students.
Technical changes to implement the logic
There is an existing method in the LdapServiceImpl called retrieveAllEmployeesAndAffiliates().
a. Copy it and create one called retrieveAllMembersAndAffiliates()
b. Change eduPersonAffiliation=employee to eduPersonAffiliation=member
Change the UserExportServiceImpl.process() method to call this method instead of the getIdsForExport().
a. You can use the HuskyBuyUserImpl as an example. This is a huge query and needs to be “chunked”
b. You will need to loop through it like this:
userExportLoggingService.writeLog("Processing ldap entries"); ListIterator<List<LdapPerson>> iter = chunks.listIterator(); while (iter.hasNext()) { List<LdapPerson> usersChunk = iter.next(); |
Other changes and improvements
The code previously included all users. This was done for the initial load into Kuali. With that complete the code was removed.
Applicant undergrad and grad students were filtered out to only add students who are actively attending UCONN.
Constants were added and utilized for items in the affiliation map.