Il 27/03/2017 18:07, Tech ha scritto:
Just checked: the code is correct, but should be just positioned into
the beforeProvisioning, now it's correctly working.
Thanks for the support!
You're welcome
M
On 27.03.17 17:53, Tech wrote:
As described at the beginning of the thread, we have a pull process
taking information from a database.
We associated the code to the action to take on the pull.
We want to pull the user into the system and to associate it to the
role based on the specific column.
As far as I understand now we should just use userpatch but put it in
BeforeProvisioning instead of BeforeUpdate?
Thanks
On 27.03.17 17:41, Marco Di Sabatino Di Diodoro wrote:
Il 27/03/2017 17:12, Tech ha scritto:
We used the After because we realized that in the first time we run
the code the users were just created and only in the second time
the code was executed the users were associated to the groups,
while we wanted to have everything done at the same time.
"we run the code the users were just created"
during a create you must work with beforeProvisioning or beforeAssing
"in the second time"
What do you mean with this? You run sync task again?
Here the code:
@Transactional
@Override
public <A extends AnyTO, M extends AnyPatch> SyncDelta
beforeUpdate(
final ProvisioningProfile<?, ?> profile,
final SyncDelta delta,
final A any,
final M anyPatch) throws JobExecutionException {
if (any instanceof UserTO) {
final UserTO userTO = ((UserTO) any);
String userName = userTO.getUsername();
try {
Set<AttrTO> attrs = userTO.getPlainAttrs();
for (AttrTO attr : attrs) {
if
(attr.getSchema().equalsIgnoreCase("group_column")) {
Group oGroup =
groupDAO.findByName(attr.getValues().get(0).toString());
String oGroupName = oGroup.getName();
String oGroupKey = oGroup.getKey();
MembershipTO membershipTO = new
MembershipTO.Builder().group(oGroupKey).build();
LOG.warn("CHECK " + userName + " >
membership before " + userTO.getMembershipMap().size());
boolean res =
userTO.getMemberships().add(membershipTO);
LOG.warn("CHECK " + userName + " >
membership after " + userTO.getMembershipMap().size());
for (int i = 0; i <
userTO.getMemberships().size(); i++) {
LOG.warn("CHECK " + userName + " >
print membership groupKey: " +
userTO.getMemberships().get(i).getGroupKey());
LOG.warn("CHECK " + userName + " >
print membership groupName: " +
userTO.getMemberships().get(i).getGroupName());
}
}
}
} catch (Exception e) {
LOG.warn("Something happened...");
}
}
return delta;
}
"beforeUpdate" is called only if the user is already in Syncope, you
have to manipulate the UserPatch
final UserPatch userPatch = (UserPatch) anyMod;
final MembershipPatch membershipPatch = new
MembershipPatch.Builder().group(/oGroup.getKey()/).build();
userPatch.getMemberships().add(membershipPatch);
The UserTO is the old object before the sync task is happen.
Regards
Marco
On 27.03.17 16:24, Marco Di Sabatino Di Diodoro wrote:
Il 27/03/2017 15:03, Tech ha scritto:
I can also mention that printing the content of:
userTO.getMembership().get(0).getGroupKey()
I can see correctly the group key, so the group is correctly
assigned, but probably just not "committed"
During the after you can no longer change the user, it's too late.
Why do you say that during the before action the assignment
doesn't work?
Please, paste your code
Thanks
M
On 27/03/17 13:21, Tech wrote:
Hello again,
we saw that actually implement the membership in our case is not
really working with a before, but we should implement in an after.
The group already exists in the system and we tried to implement
in this way:
@Transactional
@Override
public void after(
final ProvisioningProfile<?, ?> profile,
final SyncDelta delta,
final EntityTO any,
final ProvisioningReport result) throws
JobExecutionException {
if (any instanceof UserTO) {
final UserTO userTO = (UserTO) any;
try {
Set<AttrTO> attrs = userTO.getPlainAttrs();
for (AttrTO attr : attrs) {
if
(attr.getSchema().equalsIgnoreCase("column_group")) {
Group oGroup =
groupDAO.findByName(attr.getValues().get(0).toString());
final MembershipTO membershipTO = new
MembershipTO.Builder().group(oGroup.getKey()).build();
LOG.warn("Membership before
"+userTO.getMembershipMap().size()); // This will print 0
userTO.getMemberships().add(membershipTO);
LOG.warn("Membership after
"+userTO.getMembershipMap().size()); // This will print 1:
something happened here
}
}
} catch (Exception e) {
LOG.warn("Something happened...");
}
}
}
After the userTO.getMembership().add(membershipTO) we see that
the "size()" value changes from 0 to 1, therefore we assume that
the membership has been assigned, but when we enter in the
console interface and we check the groups, nothing has changed
and we see that the user doesn't belong to any group.
Is there any other missing action that should be taken?
Thanks
On 06.03.17 17:12, Tech wrote:
Yes, finally working, thanks a lot!
On 06/03/17 16:51, Marco Di Sabatino Di Diodoro wrote:
Il 06/03/2017 16:40, Tech ha scritto:
Actually you were right, we used already a "beforeUpdate".
Here the code, there is nothing strange apparently, the
boolean "result" returns "true", but the user is not added to
the group
/
/
/@Transactional//
// @Override//
// public <A extends AnyTO, M extends AnyPatch> SyncDelta
beforeUpdate(//
// final ProvisioningProfile<?, ?> profile,//
// final SyncDelta delta,//
// final A any,//
// final M anyPatch) throws JobExecutionException {//
//
// if (anyPatch instanceof UserPatch) {//
// final UserTO user = ((UserTO) any);//
// Group oGroup = null;/
/ String oGroupColumn = "group_colum";/
/ Set<AttrTO> attrs = user.getPlainAttrs();//
/
/ for(AttrTO attr : attrs) {//
//if(attr.getSchema().equalsIgnoreCase( oGroupColumn)){//
// LOG.warn("We check the schema:"+
attr.getSchema()); //Found//
// LOG.warn("Content:
"+attr.getValues().get(0).toString()); //Found//
// oGroup =
groupDAO.findByName(attr.getValues().get(0).toString());//
// LOG.warn("Group Key:
"+oGroup.getKey()); //Group key correctly retrieved//
// final MembershipTO membershipTO = new
MembershipTO.Builder().group(oGroup.getKey()).build();//
// LOG.warn("Check membership :"+
membershipTO.getGroupKey()); //Correct, it corresponds to the
previous group key//
// LOG.warn("Get user key:"+
user.getUsername()); // Correct, it corresponds to what found
in Syncope DB//
// boolean result =
user.getMemberships().add(membershipTO); //
// LOG.warn("Was the user added to the
group?: "+result); // Returns true//
// }//
// group = user.getPlainAttrMap().get("role");//
// }//
// return delta;//
// }//
//
/
If you're working in the beforeUpdate you need to update the
UserPatch object:
final UserPatch userPatch = (UserPatch) anyMod;
final MembershipPatch membershipPatch = new
MembershipPatch.Builder().group(/oGroup.getKey()/).build();
userPatch.getMemberships().add(membershipPatch);
Regards
Marco
On 06/03/17 16:10, Marco Di Sabatino Di Diodoro wrote:
Hi,
Il 06/03/2017 15:45, Tech ha scritto:
Hello,
as suggested, we started to work on the easiest case, we
created the Group1 in Syncope manually and we inserted into
the database column "Group" the entry "Group1".
We implemented only an "after" in this case: we pulled the
information into Syncope and after the java is running.
Following the log we see that:
* we are able to find the user, and his userkey
* we are able to find the group column (a new custom
field into Syncope)
* we are able to find the group key of the group into
Syncope, based on the group column found in the
previous point
* we create the membership based on the group key (final
MembershipTO membershipTO = new
MembershipTO.Builder().group(group.getKey()).build();)
* we add the membership to the user.
Checking the return value of the last "add(membershipTO)",
we see that it's returning a "true", therefore we think
that everything went well, but when we enter into the admin
console of Syncope, the user has not being assigned to the
Group1.
Is there a missing step?
you're near the solution. I presume you're working with
UserTO. So, to update an user during the pull process, you
must implement the assignment of the membership during
beforeProvision, beforeAssign or beforeUpdate.
Updating the UserTO in the "after" is too late. The only way
to update an user in the after is with the DAO.
Regards
Marco
Thanks
On 03/03/17 19:49, Marco Di Sabatino Di Diodoro wrote:
Hi,
Il 03/03/2017 15:53, Tech ha scritto:
Hello Francesco,
we went through the directory
core/src/test/resources/scriptedsql, but we didn't find
any concrete example that might help us to implement what
we might need to do, we were expecting that the solution
was in the PullActions, but we didn't understood that
that was addressing only __ACCOUNT__ and not groups.
What steps should be followed to assign the User1 to
Group1 in Syncope when the information into the database
are something like
USERNAME | GROUP
User1 | Group1
User2 | Group1
?
The Scripted Sqlallows to synchronize users, groups or any
type. Groovy script gives the possibility to specify which
type of object you like to manage, for example, during a
search you can add different case statement one for each type:
switch ( objectClass ) {
case "__ACCOUNT__":
sql.eachRow("SELECT * FROM Users " + where",
{result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
NAME:it.name, ...,....])} );
break
case "__GROUPS__":
sql.eachRow("SELECT * FROM Groups " + where",
{result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
NAME:it.name, ...,....])} );
break
case "__DEPARTMENT__":
sql.eachRow("SELECT * FROM Departments " + where",
{result.add([__UID__:it.id, __NAME__:it.id, NAME:it.name,
DEPARTMENT:it.department, ...,....])} );
break
default:
result;
}
In order to assign a group to a user, you must implement a
pull action. But before doing this, you have to know if
thegroups already exist on Syncope or are to be created
simultaneously with the users. In the first case you need
to implement a simpler action:
final UserTO userTO = (UserTO) entity;
Group group = groupDAO.findByName(groupName);
if (group == null) {
throw new RuntimeException("Group not found");
}
final MembershipTO membershipTO = new
MembershipTO.Builder().group(group.getKey()).build();
userTO.getMemberships().add(membershipTO);
second case you must create the group (with dao)
Group group = groupDAO.findByName(groupName);
if (group == null) {
group = entityFactory.newEntity(Group.class);
group.setRealm(realmDAO.getRoot());
group.setName(groupName);
group = groupDAO.save(courseGroup);
}
and then assign it to the user during the after action.
Regards
M
Thanks
On 01/03/17 14:40, Francesco Chicchiriccò wrote:
Hi,
are you sure that you are using the Scripted SQL connector?
The Database Table connector, in fact, only provides
support for the __ACCOUNT__ ObjectClass, e.g. only for
users, as suggested by the error below.
In order to use the Scripted SQL connector, you must
also provide the adequate Groovy scripts matching your
own database schema; some samples can be found under the
core/src/test/resources/scriptedsql
directory of your generated Maven project.
HTH
Regards.
On 27/02/2017 17:47, Tech wrote:
Hello,
coming back to this point: we prepared the code to
integrate the group propagation from a DB to Syncope
but we encountered some problems.
Before integrating the code that we developed, we
started to add the concept of Group into our system.
* Our database has a column called "role", where the
only content is "GroupTest".
* We created the group "GroupTest" also in Syncope to
have a 1:1 relation.
* We created the type "role" and we put it into the
"BaseGroup" schema.
* We go back to the resources and we Edit provision
rules, we add a Group that we map with name:role.
Since now on, every Pull, also the one for the Users,
will terminate in a FAILURE with the error:
org.quartz.JobExecutionException: While pulling from
connector [See nested exception:
java.lang.IllegalArgumentException: Operation requires
an Account ObjectClass.]
at
org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
at
org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
at
org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
at
org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
Removing the mapping of the group, everything will turn
back to normality.
Any idea why this could happen?
Thanks!
On 06/02/17 17:58, Marco Di Sabatino Di Diodoro wrote:
Il 06/02/2017 17:41, Marco Di Sabatino Di Diodoro ha
scritto:
Hi,
Il 06/02/2017 17:11, Tech ha scritto:
Dear experts,
we're pulling information from a database. We want
to assign automatically a group to a user.
The original table has a format like
-- "USERNAME" : "user01"
-- "ROLE": "employee"
In a pull task is possible to add a template. The
template can be used for setting default values on
entities during a pull task.
To configure a template go to Topology --> select the
external resource to pull --> Pull Task and click the
Template icon [1 Pull Templates].
[1]
https://syncope.apache.org/docs/reference-guide.html#provisioning-pull
If a User is associated to a Group in your Database,
and you like assign the corresponding User as a member
of the corresponding Group in Syncope, you must
implement a Pull Action [1]. Connid doesn't implement
the assignment of a membership, so to obviate we can
use a pull action.
[1]
https://syncope.apache.org/docs/reference-guide.html#pullactions
We want the user being created into Syncope
associated to the already existing group "employee",
but we don't see how to create this association.
Is there any reference that we should check?
Thanks
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/