Il giorno 22/ott/2012, alle ore 17.04, ernst Developer ha scritto: > Hi, > > Today I ran into a problem with a provisioning loop. I try to describe my > setup. After that I describe the problem, and conclude with some > questions/requests. > > We have an initial authoritative source for creates (AD). > With synchronization capabilities of the AD connector, the inserts/updates > are synchronized to Syncope. > Syncope provisions these users inserts and updates to all connectors. So > far so good. > > Some properties (i.e. PROP1 and PROP2) of users are maintained in one of > the target systems (TARGET1). > For the properties PROP1 and PROP2 we can functionally define TARGET1 as > authoritative source after the user is created via the provisioning by > Syncope in this TARGET1 system. > > In TARGET1 the user can also reset the password. This password is updated > into Syncope by TARGET1, by executing a restful request to Syncope. > > What we see now is that the password is provisioned to all target systems, > including TARGET1. This also happens for PROP1 and PROP2. These properties > are updated with the values from Syncope in TARGET1. > > Here we have a problem. The user has updated/changed the values of PROP1 > and PROP2 in TARGET1. They are overwritten by the values in Syncope. > > What I would like to have is a way to identify in Syncope what the > authoritative source of a field is. And when an update arrives in Syncope, > the target systems are only updated with values for properties they are not > authoritative for. > > What do you think about this? Is that possible?
Hi Ernst, at the moment there is not a specific way to realize this feature. Probably, by using virtual attributes, you can implement something really close to your requirement. The ownership of virtual attributes are not on charge to Syncope but to the resources only. Best regards, F.
