Re: LDAPUserOwnerPropagationActions to propogate userOwner

2018-03-07 Thread Francesco Chicchiriccò 

On 07/03/2018 13:14, Alexander Tsvetkov wrote:

On 2018/03/07 08:10:49, Francesco Chicchiriccò  wrote:

On 07/03/2018 09:01, ale...@gmail.com wrote:

Hi,
I have implemented LDAPUserOwnerPropagationActions and it works perfectly when in 
syncope console on group I click Manage Resources -> Select Resource -> click 
Provision.
In Active Directory (AD) managedBy is filled successfully.
Also it works when I edit group and update userOwner and any other attribute 
that is mapped in Mapping. The changes are propagated to AD successfully ( 
LDAPUserOwnerPropagationActions is triggered).
BUT when I edit group and update only userOwner, then this changes are not 
propagated to AD ( LDAPUserOwnerPropagationActions  is not triggered).

DO you have any ideas about this?

Hi,
glad that almost everything is working for you now (BTW: any chance to
share your use case somehow?).

About the last point, you are essentially updating a Group, and as a
consequence of this, you want Users to be propagated: in the general
case, Syncope does not work this way: when you modify a Group, that
Group's provisioning will take place; when you modify a User, that
User's provisioning will take place.

In order to trigger provisioning of a given Group's members instead,
you'll need, after updating the Group itself, to explicitly invoke the
"provision members" / "deprovision members" feature for the given Group.
As always, you can do this either by calling the corresponding REST
endpoint, e.g.

POST /groups/{key}/members/{actionType}

or via Admin Console: select the Group's row, then "provision members" /
"deprovision members"  from the menu.

HTH
Regards.

Hi Francesco,
Thanks for your efforts and quick response.

I want to clarify some points to make sure you understand me correctly.

About the last point, you are essentially updating a Group, and as a
consequence of this, you want Users to be propagated

No, I'm updating "Group Ownership" (userOwner) for Group (GroupTO.userOwner), 
so as a consequence, I want Group to be propagated. I want managedBy to be filled in 
Active Directory (AD) with evaluated value (based on ConnObjectLink).

And solution with "provision members" doesn't work.
So, I edit group, update only "Group Ownership" (userOwner), save group. UserOwner is not 
propagated to AD (as well as LDAPUserOwnerPropagationActions is not triggered). And if I press 
"Provision members", "Group Ownership" changes are not propagated to AD.
Only select group -> "Manage Resources" -> Select Resource -> "Provision" let's to 
propagate "Group Ownership" (field managedBy becomes updated in AD).
I guess "Provision members" will propagate only the members of the group.

So the problem remains,  updating "Group Ownership" does'n lead the Group to be 
propagated to Active Directory.


I see your point now - sorry for misunderstanding.

The point here is that "userOwner" is not part of the Group mapping (as 
I assume it is only injected by LDAPUserOwnerPropagationActions), correct?


Syncope will automatically generate propagation tasks towards an 
External Resource R only if one of the mapped attributes shows a 
difference between Syncope and R.


HTH
Regards.

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Re: LDAPUserOwnerPropagationActions to propogate userOwner

2018-03-07 Thread Alexander Tsvetkov 


On 2018/03/07 08:10:49, Francesco Chicchiriccò  wrote: 
> On 07/03/2018 09:01, ale...@gmail.com wrote:
> > Hi,
> > I have implemented LDAPUserOwnerPropagationActions and it works perfectly 
> > when in syncope console on group I click Manage Resources -> Select 
> > Resource -> click Provision.
> > In Active Directory (AD) managedBy is filled successfully.
> > Also it works when I edit group and update userOwner and any other 
> > attribute that is mapped in Mapping. The changes are propagated to AD 
> > successfully ( LDAPUserOwnerPropagationActions is triggered).
> > BUT when I edit group and update only userOwner, then this changes are not 
> > propagated to AD ( LDAPUserOwnerPropagationActions  is not triggered).
> >
> > DO you have any ideas about this?
> 
> Hi,
> glad that almost everything is working for you now (BTW: any chance to 
> share your use case somehow?).
> 
> About the last point, you are essentially updating a Group, and as a 
> consequence of this, you want Users to be propagated: in the general 
> case, Syncope does not work this way: when you modify a Group, that 
> Group's provisioning will take place; when you modify a User, that 
> User's provisioning will take place.
> 
> In order to trigger provisioning of a given Group's members instead, 
> you'll need, after updating the Group itself, to explicitly invoke the 
> "provision members" / "deprovision members" feature for the given Group.
> As always, you can do this either by calling the corresponding REST 
> endpoint, e.g.
> 
> POST /groups/{key}/members/{actionType}
> 
> or via Admin Console: select the Group's row, then "provision members" / 
> "deprovision members"  from the menu.
> 
> HTH
> Regards.
> 
> -- 
> Francesco Chicchiriccò
> 
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
> 
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
> 
> 

Hi Francesco,
Thanks for your efforts and quick response.

I want to clarify some points to make sure you understand me correctly.
> About the last point, you are essentially updating a Group, and as a 
> consequence of this, you want Users to be propagated
No, I'm updating "Group Ownership" (userOwner) for Group (GroupTO.userOwner), 
so as a consequence, I want Group to be propagated. I want managedBy to be 
filled in Active Directory (AD) with evaluated value (based on ConnObjectLink).

And solution with "provision members" doesn't work.
So, I edit group, update only "Group Ownership" (userOwner), save group. 
UserOwner is not propagated to AD (as well as LDAPUserOwnerPropagationActions 
is not triggered). And if I press "Provision members", "Group Ownership" 
changes are not propagated to AD. 
Only select group -> "Manage Resources" -> Select Resource -> "Provision" let's 
to propagate "Group Ownership" (field managedBy becomes updated in AD).
I guess "Provision members" will propagate only the members of the group.

So the problem remains,  updating "Group Ownership" does'n lead the Group to be 
propagated to Active Directory.

Any ideas?

Re: LDAPUserOwnerPropagationActions to propogate userOwner

2018-03-07 Thread Francesco Chicchiriccò 

On 07/03/2018 09:01, ale...@gmail.com wrote:

Hi,
I have implemented LDAPUserOwnerPropagationActions and it works perfectly when in 
syncope console on group I click Manage Resources -> Select Resource -> click 
Provision.
In Active Directory (AD) managedBy is filled successfully.
Also it works when I edit group and update userOwner and any other attribute 
that is mapped in Mapping. The changes are propagated to AD successfully ( 
LDAPUserOwnerPropagationActions is triggered).
BUT when I edit group and update only userOwner, then this changes are not 
propagated to AD ( LDAPUserOwnerPropagationActions  is not triggered).

DO you have any ideas about this?


Hi,
glad that almost everything is working for you now (BTW: any chance to 
share your use case somehow?).


About the last point, you are essentially updating a Group, and as a 
consequence of this, you want Users to be propagated: in the general 
case, Syncope does not work this way: when you modify a Group, that 
Group's provisioning will take place; when you modify a User, that 
User's provisioning will take place.


In order to trigger provisioning of a given Group's members instead, 
you'll need, after updating the Group itself, to explicitly invoke the 
"provision members" / "deprovision members" feature for the given Group.
As always, you can do this either by calling the corresponding REST 
endpoint, e.g.


POST /groups/{key}/members/{actionType}

or via Admin Console: select the Group's row, then "provision members" / 
"deprovision members"  from the menu.


HTH
Regards.

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

LDAPUserOwnerPropagationActions to propogate userOwner

2018-03-07 Thread aletsv 
Hi,
I have implemented LDAPUserOwnerPropagationActions and it works perfectly when 
in syncope console on group I click Manage Resources -> Select Resource -> 
click Provision.
In Active Directory (AD) managedBy is filled successfully.
Also it works when I edit group and update userOwner and any other attribute 
that is mapped in Mapping. The changes are propagated to AD successfully ( 
LDAPUserOwnerPropagationActions is triggered).
BUT when I edit group and update only userOwner, then this changes are not 
propagated to AD ( LDAPUserOwnerPropagationActions  is not triggered).

DO you have any ideas about this?

Best regards,
Alexander Tsvetkov