On 30/08/2013 10:56, hugh lewis wrote:
Hi There,
i am currently evaluating syncope for my employer. I have
successfully provisioned accounts from a flat file (extracted from our
employee database) to various ldap and database targets. i would also
like to provision accounts to our red hat IPA system. I can provision
directly into IPA's ldap backend, but this is not ideal as there are a
number of things (kerberos etc) not set when you create accounts via ldap.
IPA does have a json interface for provisioning accounts. I dont see
a json plugin in connid. Is there a way to provision accounts
directly to a RESTful target?
I notice a new CMD connid - I guess I could call curl directly via
this connector and call IPA's provisioning that way? Only problem is,
the CMD connector is very new and I cant find any documentation about
how it receives the data from syncope (I would need to know how the
data is passed so I can form the json file to pass to curl.
Hi and thanks for your interest in Apache Syncope.
I think you have some options here:
1. Use the ConnId LDAP connector to provision the LDAP backend (RedHat
389 is very well supported as recently reported [1]) - this connector is
by far the most stable but you have reported above some drawbacks of
acting at this level, in your case.
2. Use the ConnId CMD connector - as you've noticed, this is quite
new; it is meant to be deployed on a remote connector server [2] in
order to execute arbitrary provisioning commands in the remote host
environment; it is particularly useful when you need to run some
operating system command (say 'useradd' on Linux, for example) on a
remote server.
About the data exchange format, it is missing, you are right, there is
an open issue for that [3] but you can take a look at some examples for
Windows and Powershell [4] [5] - besides the technology difference, the
data is exchanged in the same way.
3. Write your own RESTful connector - this might seem the hardest path
but it would allow you to take the complete control over the RESTful
communication: FYI, the ConnId OpenAM connector [6] is coded in this way
and can be taken as example.
For any question or help specifically related to ConnId you can contact
[email protected].
Regards.
[1] http://blog.tirasa.net/blogs/index.php/how-to-add-389-directory
[2] https://connid.atlassian.net/wiki/display/BASE/Connector+Servers
[3] https://connid.atlassian.net/browse/CMD-1
[4]
http://blog.tirasa.net/blogs/index.php/coffeetime/execute-adamsync-from-another-host
[5]
http://blog.tirasa.net/blogs/index.php/wiseit/apache-syncope-and-powershell-scripts
[6] https://github.com/Tirasa/ConnIdOpenAMBundle
--
Francesco Chicchiriccò
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/
