On 27/12/2016 18:25, [TheResolvers] - Alex wrote:
Hi,
I think I haven’t exposed the problem in a clear way.
The idea isn’t to pull the group membership from ldap, but instead
push the syncope group membership informations into ldap.
So the tutorial is exactly the opposite of what I need.
The funny thing is that apart from group sync, the rest of the setup
is working out of box without any problem.
Some background: memberships are not managed by ConnId at framework
level (ConnId has only the concept of objectClass [1]).
For this reason Syncope provides some utility classes (as propagation
actions [3] and pull actions [4]) which can be put at work to overcome
this limitation.
In your specific case, you'd need to include
org.apache.syncope.core.provisioning.java.propagation.LDAPMembershipPropagationActions
to the LDAP external resource.
This will extend the attributes passed from Syncope to LDAP with a
special 'ldapGroups' attribute containing the list of DNs of the LDAP
groups matching the Syncope groups each user is member of.
Then the LDAP connector code will take care of it.
Moreover, you'll also need to configure the underlying connector with
POSIX group support (see available options at [4])
I'd suggest anyway to watch the core-connid.log file during propagations
to see what is actually happening.
HTH
Regards.
[1]
http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/framework/common/objects/ObjectClass.html
[2] https://syncope.apache.org/docs/reference-guide.html#propagationactions
[3] https://syncope.apache.org/docs/reference-guide.html#pullactions
[4] https://connid.atlassian.net/wiki/display/BASE/LDAP
On 27 Dec 2016, at 11:04, Francesco Chicchiriccò <ilgro...@apache.org
<mailto:ilgro...@apache.org>> wrote:
On 23/12/2016 21:38, [TheResolvers] - Alex wrote:
Hello to everyone,
I’m trying to deploy Syncope as IDM to provision user on a openldap
directory server.
The push of users and group to the directory works without any
problem, but I haven’t yet found the correct configuration to
maintain user memberships.
So I think I made some mistakes in the connid ldap connector.
Can anyone send me a base config to provision user membership for
posixGroup (RFC2307)
I’m using syncope 2.0.1 with mysql backend
Hi,
you might want to take a look at Colm's post about pulling users and
groups from LDAP:
http://coheigea.blogspot.it/2016/08/pulling-users-and-groups-from-ldap-into.html
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/