On 03/03/2013 20:15, Edward Siewick wrote:
Hi.
With v1.0.5 is there a way to automatically apply "Derived attributes"
to all users? Globally and permanently?
With "Attributes" the values get populated in the Users List.
Refreshing the values seems to require deleting each user, setting the
"Reset Token" for the resource to true, then running the
synchronization for the resource. The default behavior is backward
from what I was expecting, but I can at least do these steps, get the
fields populated.
With "Derived attributes," however, I've only managed to get these
populated by walking through the Edit/Derived attributes screen for
every user, add each Derived attribute. I'm thinking there's got to
be a way to pin these to some global, automatic behavior.
The use case I'm playing with has two resources with dissimilar schema:
1. MySQL with an OrangeHRM database, and;
2. openLDAP with inetOrgPerson & posixAccount.
I'm just trying to set the MySQL resource as authoritative for certain
attributes, have these mapped to appropriate inetOrgPerson attributes,
and propagate to the openLDAP directory. When an authoritative bit of
data changes in MySQL, it should be able to translate through without
intervention.
Hi Edward,
let me try to rephrase your requirements in Syncope terms (feel free to
correct, of course):
You have
1. a "MySQL" resource, with DbTable connector
2. an "OpenLDAP" resource, with LDAP connector
You need to (periodically) synchronize users from (1) and to propagate
them to (2); for this reason you have also defined:
3. a synchronization task for the MySQL resource, possibly with some
scheduling
Now you need that users synchronized from MySQL are automatically
assigned some derived attributes and the OpenLDAP resource.
The way to accomplish this in Syncope is to define a "user template"
[1], for the task from the (3) above. For your needs, you just need to
add the derived attributes and the OpenLDAP resource to the user template.
You can take a look at how the user action flow generally works in
Syncope [2].
As a side note, you don't generally need to remove users to get their
attributes updated upon synchronization: make sure
a. to have the "Update matched identities" flagged for (3)
b. that mapping defined for (1) is working for matching existing
users during synchronization - empower the "dry run" feature [3] for
this and examine the output of the related execution to check if users
are matched
Finally, please be aware that configuring the DbTable connector (used
for (1)) for actual synchronization requires to specify the
changeLogColumn [4]. I'd rather suggest to start without this column and
to flag "Full reconciliation" for (3), at least for the moment.
HTH
Regards.
[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/Tasks#Tasks-SpecifyUserTemplate
[2] https://cwiki.apache.org/confluence/display/SYNCOPE/User+action+flows
[3] https://cwiki.apache.org/confluence/display/SYNCOPE/Tasks#Tasks-DryRun
[4] https://connid.atlassian.net/wiki/display/BASE/Database+Table
--
Francesco Chicchiriccò
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/
