[
https://issues.apache.org/jira/browse/SYNCOPE-1182?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16108908#comment-16108908
]
ASF subversion and git services commented on SYNCOPE-1182:
----------------------------------------------------------
Commit bf35449ca00082ad5fecad7230c0db39257d922f in syncope's branch
refs/heads/2_0_X from [~ilgrosso]
[ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=bf35449 ]
[SYNCOPE-1182] Get rid of GetApiOp
> Use Remote Key in the Mapping to fetch external entities
> --------------------------------------------------------
>
> Key: SYNCOPE-1182
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1182
> Project: Syncope
> Issue Type: Improvement
> Components: core
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Fix For: 2.0.5, 2.1.0
>
>
> For several operations, but in particular *before* and *after* executing a
> Propagation Task, Syncope queries the External Resource to see if a matching
> item is found, and it does that via ConnId's
> [GetApiOp|https://github.com/Tirasa/ConnId/blob/master/java/connector-framework/src/main/java/org/identityconnectors/framework/api/operations/GetApiOp.java].
> Such operation is implemented at Framework level, e.g. before reaching out
> any effective Connector, via a [plain
> search|https://github.com/Tirasa/ConnId/blob/master/java/connector-framework-internal/src/main/java/org/identityconnectors/framework/impl/api/local/operations/GetImpl.java]
> where the key is the special {{\_\_UID__}} attribute and the value is the
> one passed as argument, alongside with ObjectClass.
> Using {{GetApiOp}} used to make entirely sense in the old days of ConnId 1.3
> and Syncope 1.1, when the Mapping Item identified as {{AccountId}} (now
> {{Remote Key}}) was forced to [blank the external attribute
> name|https://pasteboard.co/GCRf497.png]: in such cases, in fact,
> {{\_\_UID__}} was used as external attribute.
> ConnId 1.4 slightly changed the way how the {{\_\_UID__}} attribute is
> managed: as a result, since Syncope 1.2, it is mandatory to [specify an
> external attribute name for the Remote Key|https://pasteboard.co/GCRixXp.png].
> To give an idea, the 1.1 sample would result in querying the External
> Resource for
> {{\_\_UID__ == 'ilgrosso'}}
> while the 2.0 sample from *should* result in
> {{uid == 'ilgrosso'}}
> but will instead produce the same query as in the past.
> The problem here is that what actually {{\_\_UID__}} means is left to any
> Connector's implementation: LDAP configures that via the {{UidAttribute}}
> property (and {{GidAttribute}} in 1.5.2-SNAPSHOT), AD does something similar,
> others do differently.
> From one side, in fact, the {{Remote Key}} is defined in Syncope at high
> level (e.g. as part of the Resource configuration, in the Mapping), while the
> raw {{\_\_UID__}} is still used under the hoods in some cases (before
> executing a Propagation Task, as said above, for example), hence it is the
> low level configuration (not Resource's but Connector's) that comes into play.
> The improvement is to get rid of {{GetApiOp}} and replace its usage in
> Syncope with search, using as key the External attribute name defined in the
> mapping, rather than {{\_\_UID__}}.
> With reference to LDAP, in fact, with such change Users will be looked up by
> {{uid}}, Groups by {{cn}} and Realms by {{ou}} (if respective Mappings were
> set in these ways).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
![https://pasteboard.co/GCRf497.png]:](https://pasteboard.co/GCRf497.png]:){kind=link}
