Hi,
Il 03/03/2017 15:53, Tech ha scritto:
Hello Francesco,
we went through the directory core/src/test/resources/scriptedsql, but
we didn't find any concrete example that might help us to implement
what we might need to do, we were expecting that the solution was in
the PullActions, but we didn't understood that that was addressing
only __ACCOUNT__ and not groups.
What steps should be followed to assign the User1 to Group1 in Syncope
when the information into the database are something like
USERNAME | GROUP
User1 | Group1
User2 | Group1
?
The Scripted Sqlallows to synchronize users, groups or any type. Groovy
script gives the possibility to specify which type of object you like to
manage, for example, during a search you can add different case
statement one for each type:
switch ( objectClass ) {
case "__ACCOUNT__":
sql.eachRow("SELECT * FROM Users " + where",
{result.add([__UID__:it.id, __NAME__:it.id, ID:it.id, NAME:it.name,
...,....])} );
break
case "__GROUPS__":
sql.eachRow("SELECT * FROM Groups " + where",
{result.add([__UID__:it.id, __NAME__:it.id, ID:it.id, NAME:it.name,
...,....])} );
break
case "__DEPARTMENT__":
sql.eachRow("SELECT * FROM Departments " + where",
{result.add([__UID__:it.id, __NAME__:it.id, NAME:it.name,
DEPARTMENT:it.department, ...,....])} );
break
default:
result;
}
In order to assign a group to a user, you must implement a pull action.
But before doing this, you have to know if thegroups already exist on
Syncope or are to be created simultaneously with the users. In the first
case you need to implement a simpler action:
final UserTO userTO = (UserTO) entity;
Group group = groupDAO.findByName(groupName);
if (group == null) {
throw new RuntimeException("Group not found");
}
final MembershipTO membershipTO = new
MembershipTO.Builder().group(group.getKey()).build();
userTO.getMemberships().add(membershipTO);
second case you must create the group (with dao)
Group group = groupDAO.findByName(groupName);
if (group == null) {
group = entityFactory.newEntity(Group.class);
group.setRealm(realmDAO.getRoot());
group.setName(groupName);
group = groupDAO.save(courseGroup);
}
and then assign it to the user during the after action.
Regards
M
Thanks
On 01/03/17 14:40, Francesco Chicchiriccò wrote:
Hi,
are you sure that you are using the Scripted SQL connector?
The Database Table connector, in fact, only provides support for the
__ACCOUNT__ ObjectClass, e.g. only for users, as suggested by the
error below.
In order to use the Scripted SQL connector, you must also provide the
adequate Groovy scripts matching your own database schema; some
samples can be found under the
core/src/test/resources/scriptedsql
directory of your generated Maven project.
HTH
Regards.
On 27/02/2017 17:47, Tech wrote:
Hello,
coming back to this point: we prepared the code to integrate the
group propagation from a DB to Syncope but we encountered some problems.
Before integrating the code that we developed, we started to add the
concept of Group into our system.
* Our database has a column called "role", where the only content
is "GroupTest".
* We created the group "GroupTest" also in Syncope to have a 1:1
relation.
* We created the type "role" and we put it into the "BaseGroup"
schema.
* We go back to the resources and we Edit provision rules, we add
a Group that we map with name:role.
Since now on, every Pull, also the one for the Users, will terminate
in a FAILURE with the error:
org.quartz.JobExecutionException: While pulling from connector [See
nested exception: java.lang.IllegalArgumentException: Operation
requires an Account ObjectClass.]
at
org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
at
org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
at
org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
at
org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
Removing the mapping of the group, everything will turn back to
normality.
Any idea why this could happen?
Thanks!
On 06/02/17 17:58, Marco Di Sabatino Di Diodoro wrote:
Il 06/02/2017 17:41, Marco Di Sabatino Di Diodoro ha scritto:
Hi,
Il 06/02/2017 17:11, Tech ha scritto:
Dear experts,
we're pulling information from a database. We want to assign
automatically a group to a user.
The original table has a format like
-- "USERNAME" : "user01"
-- "ROLE": "employee"
In a pull task is possible to add a template. The template can be
used for setting default values on entities during a pull task.
To configure a template go to Topology --> select the external
resource to pull --> Pull Task and click the Template icon [1 Pull
Templates].
[1]
https://syncope.apache.org/docs/reference-guide.html#provisioning-pull
If a User is associated to a Group in your Database, and you like
assign the corresponding User as a member of the corresponding
Group in Syncope, you must implement a Pull Action [1]. Connid
doesn't implement the assignment of a membership, so to obviate we
can use a pull action.
[1] https://syncope.apache.org/docs/reference-guide.html#pullactions
We want the user being created into Syncope associated to the
already existing group "employee", but we don't see how to create
this association.
Is there any reference that we should check?
Thanks
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/