Hi Francesco, > Yes: you can define what attributes, roles and resources a synchronized user should have by editing the user template associated to > the synchronization task (look at [1] for an example).
Cool thanks. I think there may be a bug here in that this is working fine when you add a resource by editing the user template before the task executes for the first time, but if you later add it in after the user has already been synchronized to Syncope and run the task again, the resource does not show up on the previously synchronized user. Shall I open a JIRA for this? A minor suggestion - the configuration page for the LDAP Connector is a bit confusing, as the configuration options seem to appear in a random order. Should we move to either alphabetical or else a more coherent flow as appears here: https://code.google.com/p/connid/wiki/LDAP ? Thanks, Colm. On Fri, Aug 10, 2012 at 4:34 PM, Francesco Chicchiriccò <[email protected] > wrote: > On 10/08/2012 17.26, Colm O hEigeartaigh wrote: > > Great thanks, selecting 'full reconciliation' did the trick. Do you know > is there a fix planned to only use the delta with Apache DS? > > > Not that I know, but we can discuss this on [email protected] you > want. > > Another question: After importing user entries from an Apache DS backend, > they don't have the corresponding "Resource" selected. So to update a user > entry I need to manually select the corresponding Connector before the > change gets propagated back. Is this expected? > > > Yes: you can define what attributes, roles and resources a synchronized > user should have by editing the user template associated to the > synchronization task (look at [1] for an example). > > Regards. > > [1] > https://cwiki.apache.org/confluence/display/SYNCOPE/Synchronize+Active+Directory+with+SQL+database#SynchronizeActiveDirectorywithSQLdatabase-Provideausertemplate > > On Fri, Aug 10, 2012 at 1:25 PM, Francesco Chicchiriccò < > [email protected]> wrote: > >> On 10/08/2012 14.09, Colm O hEigeartaigh wrote: >> >>> Hi all, >>> >>> A quick sanity check: Is there any reason why I can't synchronize from >>> an Apache DS backend in Syncope? I can create users in Syncope and >>> propagate them to the resource fine, but I can't do the reverse. >>> >> >> Hi Colm, >> synchronization from an external resource might fail for many different >> reasons: I'd suggest to increase the level for the >> 'org.apache.syncope.core.scheduling' logger in order to have some insight >> about the failure. >> >> Generally speaking, you can perform a proper synchronization only when >> the underlying connector supports the SYNC operation (and has the >> correspondent capability enabled in Syncope). The LDAP connector, >> specifically, only supports that for Sun Directory Server and OpenDS / >> OpenDJ. >> >> When SYNC operation is not supported / enabled, you can only perform a >> 'full reconciliation' - the difference is that with the latter all entries >> are sent at every request from the external resource, while the former only >> sends the delta compared to prior call. >> >> You can choose full reconciliation from the admin console, when editing >> the resource. >> >> Regards. >> > -- > Francesco Chicchiriccò > > ASF Member, Apache Cocoon PMC and Apache Syncope PPMC > Memberhttp://people.apache.org/~ilgrosso/ > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
