Il 23/07/21 16:58, Adam Levine ha scritto:
Follow up: I configured my connector, resource, mapping, and pull
from the Demo system.
The demo handles the depth of ou only in propagation.
In order to create realms from a pull that respecting the hierarchy,
it's necessary that in your pull action you go to set the parent realm.
As you can see, this information is not provided to Syncope, which means
that all realms are at the same level. How can you do this? You could
parse the dn of the ou.
Regards
M
On Fri, Jul 23, 2021 at 9:40 AM Adam Levine <adam.l.lev...@gmail.com
<mailto:adam.l.lev...@gmail.com>> wrote:
Marco:
You said: To build the tree from an Ldap -> Syncope pull, you
need to implement a pull action.
I do have a pull action, which is how the realms are being
populated from LDAP. But as you can see they're coming in flat.
Maybe I'm not understanding what you're trying to guide me to
do. If the JEXL you describe is only for propagation, do I not
need one for pull?
Thank you!
On Fri, Jul 23, 2021 at 2:26 AM Marco Di Sabatino Di Diodoro
<marco.disabat...@tirasa.net <mailto:marco.disabat...@tirasa.net>>
wrote:
Hi
Il 22/07/21 20:28, Adam Levine ha scritto:
Marco:
Thank you for responding.
I can create the realms from LDAP -> Syncope. That's not a
problem. It's the multiple hierarchy that doesn't want to
work, and it could be a limitation.
Let me show pictures
Here you can see the tree under people:
image.png
And here's how it appears in Syncope:
image.png
I am guessing that the issue is the 'fullpath' attribute
having a direct mapping to 'l' instead of a jexl that would
concat the ou path into a an 'ou/ou/ou' string.
We used the fullpath attribute to be able to implement a jexl
function that converts the syncope format to a dn for ldap:
syncope:fullPath2Dn(fullPath, 'ou') + ',o=isp'
This function is used only in propagation.
To build the tree from an Ldap -> Syncope pull, you need to
implement a pull action.
M
Or is there another issue at hand?
Thank you!
On Thu, Jul 22, 2021 at 1:53 AM Marco Di Sabatino Di Diodoro
<marco.disabat...@tirasa.net
<mailto:marco.disabat...@tirasa.net>> wrote:
Hi
Il 19/07/21 10:36, Adam Levine ha scritto:
> I'm able to create realms based on a group tree from
LDAP, thanks to
> the guidance on other emails and following the demo
deploy. I do get
> exceptions when trying to refresh on a pull (have to
delete the realms
> manually first).
What kind of exception?
>
> Problem: The created realms are flat in hierarchy (all
the same
> depth), instead of matching the LDAP groups that have
several depths.
In order to set a depth for each realm to be created, you
need to use a
pull action.
>
> Using Apache DS
>
> I saw a post that said to reference the demo ldap-orgunit
> configuration, as it provided the even/odd realm
trees. But when I
> look at the demo, the ldap org only has
ou=[People|Groups], and it
> doesn't have any pull/provision tasks attached to it.
>
> Am I missing something? Guidance is greatly appreciated!
The data in the demo is used for testing. If you want to
try to create
an ou on Apache DS from Syncope, please perform the
following steps:
1) From Syncope console, go to root realm (/)
2) Create a new realm where the parent is / and assign
resource-ldap-orgunit resource
3) Click Finish
Now you are able to see a new OU on Apache DS
M
>
> Thank you!
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale Vittoria Colonna, 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net <http://www.tirasa.net>
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
<http://people.apache.org/~mdisabatino/>
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale Vittoria Colonna, 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net <http://www.tirasa.net>
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
<http://people.apache.org/~mdisabatino/>
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale Vittoria Colonna, 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
