Re: LDAPUserOwnerPropagationActions to propogate userOwner
On 07/03/2018 13:14, Alexander Tsvetkov wrote: On 2018/03/07 08:10:49, Francesco Chicchiriccòwrote: On 07/03/2018 09:01, ale...@gmail.com wrote: Hi, I have implemented LDAPUserOwnerPropagationActions and it works perfectly when in syncope console on group I click Manage Resources -> Select Resource -> click Provision. In Active Directory (AD) managedBy is filled successfully. Also it works when I edit group and update userOwner and any other attribute that is mapped in Mapping. The changes are propagated to AD successfully ( LDAPUserOwnerPropagationActions is triggered). BUT when I edit group and update only userOwner, then this changes are not propagated to AD ( LDAPUserOwnerPropagationActions is not triggered). DO you have any ideas about this? Hi, glad that almost everything is working for you now (BTW: any chance to share your use case somehow?). About the last point, you are essentially updating a Group, and as a consequence of this, you want Users to be propagated: in the general case, Syncope does not work this way: when you modify a Group, that Group's provisioning will take place; when you modify a User, that User's provisioning will take place. In order to trigger provisioning of a given Group's members instead, you'll need, after updating the Group itself, to explicitly invoke the "provision members" / "deprovision members" feature for the given Group. As always, you can do this either by calling the corresponding REST endpoint, e.g. POST /groups/{key}/members/{actionType} or via Admin Console: select the Group's row, then "provision members" / "deprovision members" from the menu. HTH Regards. Hi Francesco, Thanks for your efforts and quick response. I want to clarify some points to make sure you understand me correctly. About the last point, you are essentially updating a Group, and as a consequence of this, you want Users to be propagated No, I'm updating "Group Ownership" (userOwner) for Group (GroupTO.userOwner), so as a consequence, I want Group to be propagated. I want managedBy to be filled in Active Directory (AD) with evaluated value (based on ConnObjectLink). And solution with "provision members" doesn't work. So, I edit group, update only "Group Ownership" (userOwner), save group. UserOwner is not propagated to AD (as well as LDAPUserOwnerPropagationActions is not triggered). And if I press "Provision members", "Group Ownership" changes are not propagated to AD. Only select group -> "Manage Resources" -> Select Resource -> "Provision" let's to propagate "Group Ownership" (field managedBy becomes updated in AD). I guess "Provision members" will propagate only the members of the group. So the problem remains, updating "Group Ownership" does'n lead the Group to be propagated to Active Directory. I see your point now - sorry for misunderstanding. The point here is that "userOwner" is not part of the Group mapping (as I assume it is only injected by LDAPUserOwnerPropagationActions), correct? Syncope will automatically generate propagation tasks towards an External Resource R only if one of the mapped attributes shows a difference between Syncope and R. HTH Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
Re: LDAPUserOwnerPropagationActions to propogate userOwner
On 2018/03/07 08:10:49, Francesco Chicchiriccòwrote: > On 07/03/2018 09:01, ale...@gmail.com wrote: > > Hi, > > I have implemented LDAPUserOwnerPropagationActions and it works perfectly > > when in syncope console on group I click Manage Resources -> Select > > Resource -> click Provision. > > In Active Directory (AD) managedBy is filled successfully. > > Also it works when I edit group and update userOwner and any other > > attribute that is mapped in Mapping. The changes are propagated to AD > > successfully ( LDAPUserOwnerPropagationActions is triggered). > > BUT when I edit group and update only userOwner, then this changes are not > > propagated to AD ( LDAPUserOwnerPropagationActions is not triggered). > > > > DO you have any ideas about this? > > Hi, > glad that almost everything is working for you now (BTW: any chance to > share your use case somehow?). > > About the last point, you are essentially updating a Group, and as a > consequence of this, you want Users to be propagated: in the general > case, Syncope does not work this way: when you modify a Group, that > Group's provisioning will take place; when you modify a User, that > User's provisioning will take place. > > In order to trigger provisioning of a given Group's members instead, > you'll need, after updating the Group itself, to explicitly invoke the > "provision members" / "deprovision members" feature for the given Group. > As always, you can do this either by calling the corresponding REST > endpoint, e.g. > > POST /groups/{key}/members/{actionType} > > or via Admin Console: select the Group's row, then "provision members" / > "deprovision members" from the menu. > > HTH > Regards. > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Member at The Apache Software Foundation > Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail > http://home.apache.org/~ilgrosso/ > > Hi Francesco, Thanks for your efforts and quick response. I want to clarify some points to make sure you understand me correctly. > About the last point, you are essentially updating a Group, and as a > consequence of this, you want Users to be propagated No, I'm updating "Group Ownership" (userOwner) for Group (GroupTO.userOwner), so as a consequence, I want Group to be propagated. I want managedBy to be filled in Active Directory (AD) with evaluated value (based on ConnObjectLink). And solution with "provision members" doesn't work. So, I edit group, update only "Group Ownership" (userOwner), save group. UserOwner is not propagated to AD (as well as LDAPUserOwnerPropagationActions is not triggered). And if I press "Provision members", "Group Ownership" changes are not propagated to AD. Only select group -> "Manage Resources" -> Select Resource -> "Provision" let's to propagate "Group Ownership" (field managedBy becomes updated in AD). I guess "Provision members" will propagate only the members of the group. So the problem remains, updating "Group Ownership" does'n lead the Group to be propagated to Active Directory. Any ideas?
Re: LDAPUserOwnerPropagationActions to propogate userOwner
On 07/03/2018 09:01, ale...@gmail.com wrote: Hi, I have implemented LDAPUserOwnerPropagationActions and it works perfectly when in syncope console on group I click Manage Resources -> Select Resource -> click Provision. In Active Directory (AD) managedBy is filled successfully. Also it works when I edit group and update userOwner and any other attribute that is mapped in Mapping. The changes are propagated to AD successfully ( LDAPUserOwnerPropagationActions is triggered). BUT when I edit group and update only userOwner, then this changes are not propagated to AD ( LDAPUserOwnerPropagationActions is not triggered). DO you have any ideas about this? Hi, glad that almost everything is working for you now (BTW: any chance to share your use case somehow?). About the last point, you are essentially updating a Group, and as a consequence of this, you want Users to be propagated: in the general case, Syncope does not work this way: when you modify a Group, that Group's provisioning will take place; when you modify a User, that User's provisioning will take place. In order to trigger provisioning of a given Group's members instead, you'll need, after updating the Group itself, to explicitly invoke the "provision members" / "deprovision members" feature for the given Group. As always, you can do this either by calling the corresponding REST endpoint, e.g. POST /groups/{key}/members/{actionType} or via Admin Console: select the Group's row, then "provision members" / "deprovision members" from the menu. HTH Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
LDAPUserOwnerPropagationActions to propogate userOwner
Hi, I have implemented LDAPUserOwnerPropagationActions and it works perfectly when in syncope console on group I click Manage Resources -> Select Resource -> click Provision. In Active Directory (AD) managedBy is filled successfully. Also it works when I edit group and update userOwner and any other attribute that is mapped in Mapping. The changes are propagated to AD successfully ( LDAPUserOwnerPropagationActions is triggered). BUT when I edit group and update only userOwner, then this changes are not propagated to AD ( LDAPUserOwnerPropagationActions is not triggered). DO you have any ideas about this? Best regards, Alexander Tsvetkov