Any comments on this? Colm.
---------- Forwarded message ---------- From: Colm O hEigeartaigh <[email protected]> Date: Mon, Sep 3, 2012 at 4:13 PM Subject: Re: Syncope Role propagation/synchronization To: [email protected] Thanks again for your reply. I'd like to summarize my understanding of this issue, by listing the following tasks that are required in relation to supporting role synchronization/propagation (amongst others): a) Role propagation. There is no way to create a group or role on an external resource. It should be possible to map a role in Syncope to an LDAP group for example. Covered by SYNCOPE-172. b) Role sychronization. We should be able to map LDAP groups to Roles in Syncope. We should also be able to reflect LDAP "member" attributes of Groups by updating the users in Syncope with the corresponding roles. Also covered by SYNCOPE-172. c) Add workflow support for Roles. Covered by SYNCOPE-173. d) Support dynamic role memberships. For example if a user in the LDAP backend has a "memberOf" attribute, the synchronized User in Syncope is assigned a Role(s) that has an attribute that matches the updated resource attribute (if one exists). Covered by SYNCOPE-140. Also see SYNCOPE-26. Am I leaving anything out, or are there any errors in the above? Thanks, Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
