On 18/04/2013 20:12, Martin van Es wrote:
Hi Fransesco,
On Tue, Apr 16, 2013 at 2:37 PM, Francesco Chicchiriccò
<[email protected] <mailto:[email protected]>> wrote:
On 16/04/2013 14:26, Martin van Es wrote:
I was wondering if it's possible to automatically provisioin
certain resource for one account based on a condition
(attribute) set in the source resource.
Hi Martin,
I've understood that you want to assign upon synchronization role
A, B or C to users from a CSVDir resource where A has assigned a
LDAP resource, B a DB resource and C both. Is this correct?
If so, you need to define a SyncJobActionsClass [1] or
SyncActionsClass [2] (depending on the Syncope version you are
running) and implement the logic "assign role A, B or C to
synchronizing user" in the before() method.
I was googling on syncope role membership and found this snippet on [1]
> The possible implementations could be:
> 1. I could ignore role/membership attribute mappings during synchronization
(this is
the current implementation ---> no issue to open)
> 2. I can try to synchronize these information also:
> a. Role attribute mappings could be used to assign syncope roles
dynamically during
synchronization
Example, again: let's suppose we are synchronizing an LDAP user user1
with memberOf "cn=B,ou=groups,dc=tirasa,dc=net"; in this case Syncope
will try to assign role B (i.e. Syncope role with same value of
"membershipsOnLDAP") to Syncope user matching user1 on LDAP.
This would match my question for conditional resources. Since you participated
in this thread and it's more than a year old, can you tell me what the status
of implementation 2 is? Is it completely off radar?
Hi Martin,
that's a very old thread!
That discussion was referring to pre-1.0.0; after that, in 1.1.0 many
things have changed in that area, mainly due to SYNCOPE-26 [2].
Basically, with LDAP and Active Directory connectors, you can actually
propagate / synchronize memberships from / to Syncope by empowering two
specific action classes (LDAPMembershipPropagationActions and
LDAPMembershipSyncActions), and a good schema mapping that will include
both user and role mapping.
An example of this is contained in the standalone distribution, so take
a look there if you want to get more details.
As a side note, consider that for LDAP the object classes 'groupOfNames'
or 'groupOfUniqueNames' are used for groups.
Regards.
[1]
http://mail-archives.apache.org/mod_mbox/incubator-syncope-dev/201202.mbox/%[email protected]%3E
[2] https://issues.apache.org/jira/browse/SYNCOPE-26
--
Francesco Chicchiriccò
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/
