On 14/01/22 00:35, fab...@fabln.ovh wrote:
Hi,I am running Syncope version 2.1.10. I am trying to synchronize groups membership via SCIM to SYNCOPE and then from SYNCOPE to LDAP (openldap). The problem I have is that when I create users and then groups with members in Syncope, the users and groups are created properly in LDAP but the group don't have the members. If I edit the users in Syncope and add them to the group, then the group in LDAP is synchronized properly and contains the correct members. Is it possible to synchronize from Syncope to LDAP group members from the group in Syncope, or do the users in Syncope need to contain the group list ? My configuration: I created the users local_user1 and local_user2 in Syncope. I have the file local_group20.json to create the group "local_group20" with the 2 members "local_user1" and "local_user2" via SCIM: { "schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"], "displayName":"local_group20", "externalId": "local_group20", "members":[{ "value":"d5ecdf7e-de2a-4c6a-acdf-7ede2a9c6aaa", "display":"local_user1" },{ "value":"2366d4ee-700e-4578-a6d4-ee700e05787c", "display":"local_user2" } ] } I create the groups with the members in SYNCOPE via SCIM: $ curl -k -vX POST -H "Accept: application/scim+json" -H "Content-Type: application/scim+json" -H "Authorization: Bearer $TOKEN" -d @local_group20.json http://localhost:18080/syncope/scim/v2/Groups I can see the group "local_group20" is created fine in Syncope, with the 2 members in it. I have an LDAP connector in Syncope, with a propagation action "LDAPMembershipPropagationActions" and a PUSH task (note: there are no actions available in the PUSH task). When I run the PUSH task, the group is created in LDAP but without the members local_user1 and local_user2. If I edit the users local_user1 and local_user2 in Syncope, and add them to the group "local_group20" and run the PUSH task again, they appear in the LDAP group members.Any idea ?
Hi Fabien, it seems you went pretty far with your use case above: e.g. to use Syncope to provision users, groups and memberships via SCIM2 to LDAP. Let me recap the flow: 1. users are created in Syncope (how? via SCIM?), with the LDAP resource assigned 2. group is created in Syncope via SCIM, with 2 members first question: can you see the group membership in Syncope, for the 2 users created at step 1? 3. the Push Task is run second question: is the Push Task configured for both users and groups? 4. you can see both users and group on LDAP, but no members for the group 5. you edit the 2 users in Syncope by adding group membership 6. the Push Task is run again, with expected result Is all above correct? Can you provide answers? Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
