Hi all, I am trying to get a handle on what is currently supported in Syncope with respect to roles stored in an LDAP resource.
One way of working with roles is given here in a previous thread: http://syncope-dev.1063484.n5.nabble.com/Role-membership-attributes-synchronization-td5512256.html So you can map a role attribute to an LDAP memberOf attribute (for example). I have the following questions: a) This works for propagation, but does it also work for synchronization? So if the memberOf attribute changes in the backend, will the Role have the updated attribute value? I think this doesn't work, but just want to check. b) Must the Role (Group) pointed to already exist in LDAP or is there any way of creating it from Syncope? c) Is there any way of importing roles from an LDAP backend via search? So for example, your users do not have a "memberOf" attribute, but instead you have some "ou=groups" with a "member" attribute pointing back to the relevant users in the group. Is there any way of importing this group information into Syncope? Thanks, Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
