subject:"Re\: Map\/Create ldap group hierarchy to realms"

Re: Map/Create ldap group hierarchy to realms

2021-07-23 Thread Marco Di Sabatino Di Diodoro

Il 23/07/21 16:58, Adam Levine ha scritto:
Follow up:  I configured my connector, resource, mapping, and pull 
from the Demo system.

The demo handles the depth of ou only in propagation.

In order to create realms from a pull that respecting the hierarchy, 
it's necessary that in your pull action you go to set the parent realm. 
As you can see, this information is not provided to Syncope, which means 
that all realms are at the same level. How can you do this? You could 
parse the dn of the ou.

Regards
M

On Fri, Jul 23, 2021 at 9:40 AM Adam Levine > wrote:

Marco:
  You said:   To build the tree from an Ldap -> Syncope pull, you
need to implement a pull action.

   I do have a pull action, which is how the realms are being
populated from LDAP.  But as you can see they're coming in flat. 
 Maybe I'm not understanding what you're trying to guide me to
do.  If the JEXL you describe is only for propagation, do I not
need one for pull?

Thank you!

On Fri, Jul 23, 2021 at 2:26 AM Marco Di Sabatino Di Diodoro
mailto:marco.disabat...@tirasa.net>>
wrote:

Hi

Il 22/07/21 20:28, Adam Levine ha scritto:

Marco:

  Thank you for responding.

  I can create the realms from LDAP -> Syncope.  That's not a
problem.   It's the multiple hierarchy that doesn't want to
work, and it could be a limitation.
 Let me show pictures

Here you can see the tree under people:

image.png

And here's how it appears in Syncope:

image.png

 I am guessing that the issue is the 'fullpath' attribute
having a direct mapping to 'l' instead of a jexl that would
concat the ou path into a an 'ou/ou/ou' string.

We used the fullpath attribute to be able to implement a jexl
function that converts the syncope format to a dn for ldap:
syncope:fullPath2Dn(fullPath, 'ou') + ',o=isp'
This function is used only in propagation.

To build the tree from an Ldap -> Syncope pull, you need to
implement a pull action.

M

Or is there another issue at hand?

 Thank you!

On Thu, Jul 22, 2021 at 1:53 AM Marco Di Sabatino Di Diodoro
mailto:marco.disabat...@tirasa.net>> wrote:

Hi

Il 19/07/21 10:36, Adam Levine ha scritto:
> I'm able to create realms based on a group tree from
LDAP, thanks to
> the guidance on other emails and following the demo
deploy. I do get
> exceptions when trying to refresh on a pull (have to
delete the realms
> manually first).

What kind of exception?

>
> Problem:  The created realms are flat in hierarchy (all
the same
> depth), instead of matching the LDAP groups that have
several depths.
In order to set a depth for each realm to be created, you
need to use a
pull action.
>
> Using Apache DS
>
> I saw a post that said to reference the demo ldap-orgunit
> configuration, as it provided the even/odd realm
trees.  But when I
> look at the demo, the ldap org only has
ou=[People|Groups], and it
> doesn't have any pull/provision tasks attached to it.
>
> Am I missing something?  Guidance is greatly appreciated!

The data in the demo is used for testing. If you want to
try to create
an ou on Apache DS from Syncope, please perform the
following steps:

1) From Syncope console, go to root realm (/)
2) Create a new realm where the parent is / and assign
resource-ldap-orgunit resource
3) Click Finish

Now you are able to see a new OU on Apache DS

M

>
>  Thank you!

-- 
Dott. Marco Di Sabatino Di Diodoro

Tel. +39 3939065570

Tirasa S.r.l.
Viale Vittoria Colonna, 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 085973
http://www.tirasa.net 

Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/

-- 
Dott. Marco Di Sabatino Di Diodoro

Tel. +39 3939065570

Tirasa S.r.l.
Viale Vittoria Colonna, 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 085973
http://www.tirasa.net  

Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/  

--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570

Tirasa S.r.l.
Viale Vittoria Colonna,

Re: Map/Create ldap group hierarchy to realms

2021-07-23 Thread Adam Levine

Follow up:  I configured my connector, resource, mapping, and pull from the
Demo system.

On Fri, Jul 23, 2021 at 9:40 AM Adam Levine  wrote:

> Marco:
>
>   You said:   To build the tree from an Ldap -> Syncope pull, you need to
> implement a pull action.
>
>I do have a pull action, which is how the realms are being populated
> from LDAP.  But as you can see they're coming in flat.   Maybe I'm not
> understanding what you're trying to guide me to do.  If the JEXL you
> describe is only for propagation, do I not need one for pull?
>
> Thank you!
>
>
> On Fri, Jul 23, 2021 at 2:26 AM Marco Di Sabatino Di Diodoro <
> marco.disabat...@tirasa.net> wrote:
>
>> Hi
>> Il 22/07/21 20:28, Adam Levine ha scritto:
>>
>> Marco:
>>
>>   Thank you for responding.
>>
>>   I can create the realms from LDAP -> Syncope.  That's not a problem.
>>  It's the multiple hierarchy that doesn't want to work, and it could be a
>> limitation.
>>  Let me show pictures
>>
>> Here you can see the tree under people:
>>
>> [image: image.png]
>>
>> And here's how it appears in Syncope:
>>
>> [image: image.png]
>>
>>  I am guessing that the issue is the 'fullpath' attribute having a direct
>> mapping to 'l' instead of a jexl that would concat the ou path into a an
>> 'ou/ou/ou' string.
>>
>> We used the fullpath attribute to be able to implement a jexl function
>> that converts the syncope format to a dn for ldap:
>> syncope:fullPath2Dn(fullPath, 'ou') + ',o=isp'
>> This function is used only in propagation.
>>
>> To build the tree from an Ldap -> Syncope pull, you need to implement a
>> pull action.
>>
>> M
>>
>>
>> Or is there another issue at hand?
>>
>>  Thank you!
>>
>>
>> On Thu, Jul 22, 2021 at 1:53 AM Marco Di Sabatino Di Diodoro <
>> marco.disabat...@tirasa.net> wrote:
>>
>>> Hi
>>>
>>> Il 19/07/21 10:36, Adam Levine ha scritto:
>>> > I'm able to create realms based on a group tree from LDAP, thanks to
>>> > the guidance on other emails and following the demo deploy. I do get
>>> > exceptions when trying to refresh on a pull (have to delete the realms
>>> > manually first).
>>>
>>> What kind of exception?
>>>
>>> >
>>> > Problem:  The created realms are flat in hierarchy (all the same
>>> > depth), instead of matching the LDAP groups that have several depths.
>>> In order to set a depth for each realm to be created, you need to use a
>>> pull action.
>>> >
>>> > Using Apache DS
>>> >
>>> > I saw a post that said to reference the demo ldap-orgunit
>>> > configuration, as it provided the even/odd realm trees.  But when I
>>> > look at the demo, the ldap org only has ou=[People|Groups], and it
>>> > doesn't have any pull/provision tasks attached to it.
>>> >
>>> > Am I missing something?  Guidance is greatly appreciated!
>>>
>>> The data in the demo is used for testing. If you want to try to create
>>> an ou on Apache DS from Syncope, please perform the following steps:
>>>
>>> 1) From Syncope console, go to root realm (/)
>>> 2) Create a new realm where the parent is / and assign
>>> resource-ldap-orgunit resource
>>> 3) Click Finish
>>>
>>> Now you are able to see a new OU on Apache DS
>>>
>>> M
>>>
>>> >
>>> >  Thank you!
>>>
>>> --
>>> Dott. Marco Di Sabatino Di Diodoro
>>> Tel. +39 3939065570
>>>
>>> Tirasa S.r.l.
>>> Viale Vittoria Colonna, 97 - 65127 Pescara
>>> Tel +39 0859116307 / FAX +39 085973
>>> http://www.tirasa.net
>>>
>>> Apache Syncope PMC Member
>>> http://people.apache.org/~mdisabatino/
>>>
>>> --
>> Dott. Marco Di Sabatino Di Diodoro
>> Tel. +39 3939065570
>>
>> Tirasa S.r.l.
>> Viale Vittoria Colonna, 97 - 65127 Pescara
>> Tel +39 0859116307 / FAX +39 085973http://www.tirasa.net
>>
>> Apache Syncope PMC Memberhttp://people.apache.org/~mdisabatino/
>>
>>

Re: Map/Create ldap group hierarchy to realms

2021-07-23 Thread Adam Levine

Marco:

  You said:   To build the tree from an Ldap -> Syncope pull, you need to
implement a pull action.

   I do have a pull action, which is how the realms are being populated
from LDAP.  But as you can see they're coming in flat.   Maybe I'm not
understanding what you're trying to guide me to do.  If the JEXL you
describe is only for propagation, do I not need one for pull?

Thank you!


On Fri, Jul 23, 2021 at 2:26 AM Marco Di Sabatino Di Diodoro <
marco.disabat...@tirasa.net> wrote:

> Hi
> Il 22/07/21 20:28, Adam Levine ha scritto:
>
> Marco:
>
>   Thank you for responding.
>
>   I can create the realms from LDAP -> Syncope.  That's not a problem.
>  It's the multiple hierarchy that doesn't want to work, and it could be a
> limitation.
>  Let me show pictures
>
> Here you can see the tree under people:
>
> [image: image.png]
>
> And here's how it appears in Syncope:
>
> [image: image.png]
>
>  I am guessing that the issue is the 'fullpath' attribute having a direct
> mapping to 'l' instead of a jexl that would concat the ou path into a an
> 'ou/ou/ou' string.
>
> We used the fullpath attribute to be able to implement a jexl function
> that converts the syncope format to a dn for ldap:
> syncope:fullPath2Dn(fullPath, 'ou') + ',o=isp'
> This function is used only in propagation.
>
> To build the tree from an Ldap -> Syncope pull, you need to implement a
> pull action.
>
> M
>
>
> Or is there another issue at hand?
>
>  Thank you!
>
>
> On Thu, Jul 22, 2021 at 1:53 AM Marco Di Sabatino Di Diodoro <
> marco.disabat...@tirasa.net> wrote:
>
>> Hi
>>
>> Il 19/07/21 10:36, Adam Levine ha scritto:
>> > I'm able to create realms based on a group tree from LDAP, thanks to
>> > the guidance on other emails and following the demo deploy. I do get
>> > exceptions when trying to refresh on a pull (have to delete the realms
>> > manually first).
>>
>> What kind of exception?
>>
>> >
>> > Problem:  The created realms are flat in hierarchy (all the same
>> > depth), instead of matching the LDAP groups that have several depths.
>> In order to set a depth for each realm to be created, you need to use a
>> pull action.
>> >
>> > Using Apache DS
>> >
>> > I saw a post that said to reference the demo ldap-orgunit
>> > configuration, as it provided the even/odd realm trees.  But when I
>> > look at the demo, the ldap org only has ou=[People|Groups], and it
>> > doesn't have any pull/provision tasks attached to it.
>> >
>> > Am I missing something?  Guidance is greatly appreciated!
>>
>> The data in the demo is used for testing. If you want to try to create
>> an ou on Apache DS from Syncope, please perform the following steps:
>>
>> 1) From Syncope console, go to root realm (/)
>> 2) Create a new realm where the parent is / and assign
>> resource-ldap-orgunit resource
>> 3) Click Finish
>>
>> Now you are able to see a new OU on Apache DS
>>
>> M
>>
>> >
>> >  Thank you!
>>
>> --
>> Dott. Marco Di Sabatino Di Diodoro
>> Tel. +39 3939065570
>>
>> Tirasa S.r.l.
>> Viale Vittoria Colonna, 97 - 65127 Pescara
>> Tel +39 0859116307 / FAX +39 085973
>> http://www.tirasa.net
>>
>> Apache Syncope PMC Member
>> http://people.apache.org/~mdisabatino/
>>
>> --
> Dott. Marco Di Sabatino Di Diodoro
> Tel. +39 3939065570
>
> Tirasa S.r.l.
> Viale Vittoria Colonna, 97 - 65127 Pescara
> Tel +39 0859116307 / FAX +39 085973http://www.tirasa.net
>
> Apache Syncope PMC Memberhttp://people.apache.org/~mdisabatino/
>
>

Re: Map/Create ldap group hierarchy to realms

2021-07-23 Thread Marco Di Sabatino Di Diodoro

Hi

Il 22/07/21 20:28, Adam Levine ha scritto:

Marco:

  Thank you for responding.

  I can create the realms from LDAP -> Syncope.  That's not a 
problem.   It's the multiple hierarchy that doesn't want to work, and 
it could be a limitation.

 Let me show pictures

Here you can see the tree under people:

image.png

And here's how it appears in Syncope:

image.png

 I am guessing that the issue is the 'fullpath' attribute having a 
direct mapping to 'l' instead of a jexl that would concat the ou path 
into a an 'ou/ou/ou' string.

We used the fullpath attribute to be able to implement a jexl function 
that converts the syncope format to a dn for ldap: 
syncope:fullPath2Dn(fullPath, 'ou') + ',o=isp'

This function is used only in propagation.

To build the tree from an Ldap -> Syncope pull, you need to implement a 
pull action.

M

Or is there another issue at hand?

 Thank you!

On Thu, Jul 22, 2021 at 1:53 AM Marco Di Sabatino Di Diodoro 
mailto:marco.disabat...@tirasa.net>> wrote:

Hi

Il 19/07/21 10:36, Adam Levine ha scritto:
> I'm able to create realms based on a group tree from LDAP,
thanks to
> the guidance on other emails and following the demo deploy. I do
get
> exceptions when trying to refresh on a pull (have to delete the
realms
> manually first).

What kind of exception?

>
> Problem:  The created realms are flat in hierarchy (all the same
> depth), instead of matching the LDAP groups that have several
depths.
In order to set a depth for each realm to be created, you need to
use a
pull action.
>
> Using Apache DS
>
> I saw a post that said to reference the demo ldap-orgunit
> configuration, as it provided the even/odd realm trees. But when I
> look at the demo, the ldap org only has ou=[People|Groups], and it
> doesn't have any pull/provision tasks attached to it.
>
> Am I missing something?  Guidance is greatly appreciated!

The data in the demo is used for testing. If you want to try to
create
an ou on Apache DS from Syncope, please perform the following steps:

1) From Syncope console, go to root realm (/)
2) Create a new realm where the parent is / and assign
resource-ldap-orgunit resource
3) Click Finish

Now you are able to see a new OU on Apache DS

M

>
>  Thank you!

-- 
Dott. Marco Di Sabatino Di Diodoro

Tel. +39 3939065570

Tirasa S.r.l.
Viale Vittoria Colonna, 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 085973
http://www.tirasa.net 

Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/

--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570

Tirasa S.r.l.
Viale Vittoria Colonna, 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 085973
http://www.tirasa.net

Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/

Re: Map/Create ldap group hierarchy to realms

2021-07-22 Thread Adam Levine

Marco:

  Thank you for responding.

  I can create the realms from LDAP -> Syncope.  That's not a problem.
 It's the multiple hierarchy that doesn't want to work, and it could be a
limitation.
 Let me show pictures

Here you can see the tree under people:

[image: image.png]

And here's how it appears in Syncope:

[image: image.png]

 I am guessing that the issue is the 'fullpath' attribute having a direct
mapping to 'l' instead of a jexl that would concat the ou path into a an
'ou/ou/ou' string.

Or is there another issue at hand?

 Thank you!


On Thu, Jul 22, 2021 at 1:53 AM Marco Di Sabatino Di Diodoro <
marco.disabat...@tirasa.net> wrote:

> Hi
>
> Il 19/07/21 10:36, Adam Levine ha scritto:
> > I'm able to create realms based on a group tree from LDAP, thanks to
> > the guidance on other emails and following the demo deploy. I do get
> > exceptions when trying to refresh on a pull (have to delete the realms
> > manually first).
>
> What kind of exception?
>
> >
> > Problem:  The created realms are flat in hierarchy (all the same
> > depth), instead of matching the LDAP groups that have several depths.
> In order to set a depth for each realm to be created, you need to use a
> pull action.
> >
> > Using Apache DS
> >
> > I saw a post that said to reference the demo ldap-orgunit
> > configuration, as it provided the even/odd realm trees.  But when I
> > look at the demo, the ldap org only has ou=[People|Groups], and it
> > doesn't have any pull/provision tasks attached to it.
> >
> > Am I missing something?  Guidance is greatly appreciated!
>
> The data in the demo is used for testing. If you want to try to create
> an ou on Apache DS from Syncope, please perform the following steps:
>
> 1) From Syncope console, go to root realm (/)
> 2) Create a new realm where the parent is / and assign
> resource-ldap-orgunit resource
> 3) Click Finish
>
> Now you are able to see a new OU on Apache DS
>
> M
>
> >
> >  Thank you!
>
> --
> Dott. Marco Di Sabatino Di Diodoro
> Tel. +39 3939065570
>
> Tirasa S.r.l.
> Viale Vittoria Colonna, 97 - 65127 Pescara
> Tel +39 0859116307 / FAX +39 085973
> http://www.tirasa.net
>
> Apache Syncope PMC Member
> http://people.apache.org/~mdisabatino/
>
>

Re: Map/Create ldap group hierarchy to realms

2021-07-22 Thread Marco Di Sabatino Di Diodoro


Hi

Il 19/07/21 10:36, Adam Levine ha scritto:
I'm able to create realms based on a group tree from LDAP, thanks to 
the guidance on other emails and following the demo deploy. I do get 
exceptions when trying to refresh on a pull (have to delete the realms 
manually first).


What kind of exception?



Problem:  The created realms are flat in hierarchy (all the same 
depth), instead of matching the LDAP groups that have several depths.
In order to set a depth for each realm to be created, you need to use a 
pull action.


Using Apache DS

I saw a post that said to reference the demo ldap-orgunit 
configuration, as it provided the even/odd realm trees.  But when I 
look at the demo, the ldap org only has ou=[People|Groups], and it 
doesn't have any pull/provision tasks attached to it.


Am I missing something?  Guidance is greatly appreciated!


The data in the demo is used for testing. If you want to try to create 
an ou on Apache DS from Syncope, please perform the following steps:


1) From Syncope console, go to root realm (/)
2) Create a new realm where the parent is / and assign 
resource-ldap-orgunit resource

3) Click Finish

Now you are able to see a new OU on Apache DS

M



 Thank you!


--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570

Tirasa S.r.l.
Viale Vittoria Colonna, 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 085973
http://www.tirasa.net

Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/

Re: Map/Create ldap group hierarchy to realms

2021-07-21 Thread Adam Levine

Is there anyone out there who has dealt with and solved this problem?  Am I
approaching this from the wrong direction?

Thank you !

On Mon, Jul 19, 2021 at 3:36 AM Adam Levine  wrote:

> I'm able to create realms based on a group tree from LDAP, thanks to the
> guidance on other emails and following the demo deploy. I do get exceptions
> when trying to refresh on a pull (have to delete the realms manually first).
>
> Problem:  The created realms are flat in hierarchy (all the same depth),
> instead of matching the LDAP groups that have several depths.
>
> Using Apache DS
>
> I saw a post that said to reference the demo ldap-orgunit configuration,
> as it provided the even/odd realm trees.  But when I look at the demo, the
> ldap org only has ou=[People|Groups], and it doesn't have any
> pull/provision tasks attached to it.
>
> Am I missing something?  Guidance is greatly appreciated!
>
>  Thank you!
>

Re: Map/Create ldap group hierarchy to realms

Re: Map/Create ldap group hierarchy to realms

Re: Map/Create ldap group hierarchy to realms

Re: Map/Create ldap group hierarchy to realms

Re: Map/Create ldap group hierarchy to realms

Re: Map/Create ldap group hierarchy to realms

Re: Map/Create ldap group hierarchy to realms

7 matches

Site Navigation

Mail list logo

Footer information