RE: ActiveDirectory group provisioning userowner to managedby
Hi Marco I'll try your suggestion. Thanks for the guidance. I'll let you know if I succeeded Regards, Lukas From: Marco Di Sabatino Di Diodoro [mailto:marco.disabat...@tirasa.net] Sent: Friday, March 2, 2018 3:40 PM To: user@syncope.apache.org; Funk, Lukas Subject: Re: ActiveDirectory group provisioning userowner to managedby Hi, Il 02/03/2018 13:16, Lukas Funk ha scritto: Hi I'm fairly new to syncope but with the help to the various documentation, examples and the blog I got quite far being able to propagate users, groups and memberships from syncope to active directory. Fine. Now, I'm facing the problem how to map the groups' userowner to the active directory attribute managedBy. Are there any resources around which explains this how this can be solved? To be able to populate an owner on a group of AD you need to implement a propagation action that enhances the "managedBy" attribute. So inside the propagation action of a group: 1. read the owner of the group and derive the DN of the user 2. assign the DN to managedBy attribute To derive the dn of the user you can take a look at [1], where it is done for groups. Regards M [1] https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/LDAPMembershipPropagationActions.java Your help is much appreciated. Regards, Lukas Funk -- Dott. Marco Di Sabatino Di Diodoro Tel. +39 3939065570 Tirasa S.r.l. Viale D'Annunzio 267 - 65127 Pescara Tel +39 0859116307 / FAX +39 085973 http://www.tirasa.net Apache Syncope PMC Member http://people.apache.org/~mdisabatino/<http://people.apache.org/%7Emdisabatino/> smime.p7s Description: S/MIME cryptographic signature
Re: ActiveDirectory group provisioning userowner to managedby
Hi, Il 02/03/2018 13:16, Lukas Funk ha scritto: Hi I’m fairly new to syncope but with the help to the various documentation, examples and the blog I got quite far being able to propagate users, groups and memberships from syncope to active directory. Fine. Now, I’m facing the problem how to map the groups’ userowner to the active directory attribute managedBy. Are there any resources around which explains this how this can be solved? To be able to populate an owner on a group of AD you need to implement a propagation action that enhances the "managedBy" attribute. So inside the propagation action of a group: 1. read the owner of the group and derive the DN of the user 2. assign the DN to managedBy attribute To derive the dn of the user you can take a look at [1], where it is done for groups. Regards M [1] https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/LDAPMembershipPropagationActions.java Your help is much appreciated. Regards, Lukas Funk -- Dott. Marco Di Sabatino Di Diodoro Tel. +39 3939065570 Tirasa S.r.l. Viale D'Annunzio 267 - 65127 Pescara Tel +39 0859116307 / FAX +39 085973 http://www.tirasa.net Apache Syncope PMC Member http://people.apache.org/~mdisabatino/
ActiveDirectory group provisioning userowner to managedby
Hi I'm fairly new to syncope but with the help to the various documentation, examples and the blog I got quite far being able to propagate users, groups and memberships from syncope to active directory. Now, I'm facing the problem how to map the groups' userowner to the active directory attribute managedBy. Are there any resources around which explains this how this can be solved? Your help is much appreciated. Regards, Lukas Funk smime.p7s Description: S/MIME cryptographic signature