Hi,

I'll ask a small question here, before I start to implement my own action.

We have most of the basic functionality working now (automatic user name 
creation and password assignments etc. ) and through the template functionality 
for the external resources able to assign users to basic groups within Syncope 
and propagate these group memberships to AD too while pulling users from the 
external HR resource etc.

My question though regards dynamic assignments of users to groups based on an 
attribute for example. This works fine internally and the users are assigned to 
a group dynamically based on an existing cost center attribute value in the HR 
system, but those minor changes are not propagated towards AD as a change 
within the memberships for that group object.  By this I mean that the group in 
AD is still empty, while the console shows that the membership is there within 
Synope as a dynamic group membership.

As for a resource, you have the propagation actions for provisioning users like 
the ldapmembership, ldappassword etc. and these seem to work pretty much out if 
the box when you assign "regular" group memberships during a pull.   A change 
in the user will trigger a propagation action towards the external AD resource.

But the dynamic assignment of groups do not seem to propagate as I thought that 
it maybe could. So, I guess that assigning dynamic memberships according to 
some cost center value during an initial pull, will not trigger a group 
membership propagation action automatically towards  AD for that group object?  
Is Syncope even designed for that?

I guess we need to assign groups through a pull action for the cost center part 
during update, because the group membership will change through time though 
during updates?  Not a big job either, but I decided to ask just in case. It 
would be cleaner to have it done as a standard configuration change from the 
console or maybe added as a feature.

Regards,

Mikael


Mikael Ekblom
Systemutvecklare/System developer
Arcada, IT

Jan-Magnus Janssons plats 1,
FIN-00560 Helsingfors,
Finland

TFn: +358 207 699 467
Mobil: +358 207 699 467

Reply via email to