Hi Fabio, I try to write down what I understand based on your answer. Syncope can hold any value for any property. A property has the value of the last source that is synchronized or the last change made in the user interface of Syncope or the last change send to Syncope using the restful service(s).
By using virtual atrributes we could solve this issue you suggest. I will look into this feature. Thanks. Ernst 2012/10/22 Fabio Martelli <[email protected]> > > Il giorno 22/ott/2012, alle ore 17.04, ernst Developer ha scritto: > > > Hi, > > > > Today I ran into a problem with a provisioning loop. I try to describe my > > setup. After that I describe the problem, and conclude with some > > questions/requests. > > > > We have an initial authoritative source for creates (AD). > > With synchronization capabilities of the AD connector, the > inserts/updates > > are synchronized to Syncope. > > Syncope provisions these users inserts and updates to all connectors. So > > far so good. > > > > Some properties (i.e. PROP1 and PROP2) of users are maintained in one of > > the target systems (TARGET1). > > For the properties PROP1 and PROP2 we can functionally define TARGET1 as > > authoritative source after the user is created via the provisioning by > > Syncope in this TARGET1 system. > > > > In TARGET1 the user can also reset the password. This password is updated > > into Syncope by TARGET1, by executing a restful request to Syncope. > > > > What we see now is that the password is provisioned to all target > systems, > > including TARGET1. This also happens for PROP1 and PROP2. These > properties > > are updated with the values from Syncope in TARGET1. > > > > Here we have a problem. The user has updated/changed the values of PROP1 > > and PROP2 in TARGET1. They are overwritten by the values in Syncope. > > > > What I would like to have is a way to identify in Syncope what the > > authoritative source of a field is. And when an update arrives in > Syncope, > > the target systems are only updated with values for properties they are > not > > authoritative for. > > > > What do you think about this? Is that possible? > > Hi Ernst, > at the moment there is not a specific way to realize this feature. > Probably, by using virtual attributes, you can implement something really > close to your requirement. > > The ownership of virtual attributes are not on charge to Syncope but to > the resources only. > > Best regards, > F. > >
