Support OneLevel container scope for LDAP imports #266
Description
Summary
Currently, JIM always uses SearchScope.Subtree when importing from LDAP containers. Customers need the ability to select just an OU without automatically including all child OUs.
Current Behaviour
- When a container is selected, LDAP connector always searches with
SearchScope.Subtree - The UI visually indicates child containers are "included" when a parent is selected, but there's no way to select a container with
OneLevelscope - No model property exists to persist the scope choice
Proposed Solution
Phase 1: Basic OneLevel Support
-
Model changes: Add a
SearchScopeenum property toConnectedSystemContainer:public enum ContainerSearchScope { Subtree = 0, // Default - include all descendants OneLevel = 1 // Only objects directly in this container }
-
UI changes: Add a toggle or dropdown next to each selected container to choose Subtree vs OneLevel
-
Connector changes: Pass the scope to the LDAP connector and respect it in search requests
Phase 2: Advanced Mode (Future Consideration)
Support complex scenarios such as:
- Parent OU with
OneLevelscope - Descendant OU (several levels down) with
Subtreescope
This may be difficult to represent in the current MudBlazor TreeView control. Consider an "Advanced" mode where users can:
- Supply DN paths directly in a list/table format
- Specify scope per entry
- Bypass the tree view for complex hierarchies
Technical Notes
- The
Includedproperty onConnectedSystemContaineris currently[NotMapped]and used only for UI display GetAllSelectedContainers()inConnectedSystemUtilities.cswould need to account for scope- LDAP connector uses
SearchScope.Subtreein:LdapConnectorImport.cs:317(GetFisoResults)LdapConnectorImport.cs:387(GetDeltaResultsUsingUsn)
Related
This issue was identified while investigating duplicate import objects caused by overlapping container selections (auto-selected child containers when parent already selected with Subtree).