Hi Francesco, Thank you for your reply.
I installed the cmd connector, and I discovered that it passes the fields as environment variables. So I can use that for now as my proof of concept, and maybe look at modifying the openam connector to use its Restful communication parts in future. One question - the password is passed as a "org.identityconnectors.common.security.GuardedString". I guess I could write a command line java command to decode that, then pass it back to my curl script. But this seems a little "duct tape"-ish. Is there another way of getting at the password from a bash/powershell prompt? Im not a java programmer, so if this is something that requires some java know-how I guess I can consult a colleague! Thanks again, Elf On 30 August 2013 10:28, Francesco Chicchiriccò <[email protected]> wrote: > On 30/08/2013 10:56, hugh lewis wrote: > >> Hi There, >> >> i am currently evaluating syncope for my employer. I have successfully >> provisioned accounts from a flat file (extracted from our employee >> database) to various ldap and database targets. i would also like to >> provision accounts to our red hat IPA system. I can provision directly >> into IPA's ldap backend, but this is not ideal as there are a number of >> things (kerberos etc) not set when you create accounts via ldap. >> >> IPA does have a json interface for provisioning accounts. I dont see a >> json plugin in connid. Is there a way to provision accounts directly to a >> RESTful target? >> >> I notice a new CMD connid - I guess I could call curl directly via this >> connector and call IPA's provisioning that way? Only problem is, the CMD >> connector is very new and I cant find any documentation about how it >> receives the data from syncope (I would need to know how the data is >> passed so I can form the json file to pass to curl. >> > > Hi and thanks for your interest in Apache Syncope. > > I think you have some options here: > > 1. Use the ConnId LDAP connector to provision the LDAP backend (RedHat > 389 is very well supported as recently reported [1]) - this connector is by > far the most stable but you have reported above some drawbacks of acting at > this level, in your case. > > 2. Use the ConnId CMD connector - as you've noticed, this is quite new; > it is meant to be deployed on a remote connector server [2] in order to > execute arbitrary provisioning commands in the remote host environment; it > is particularly useful when you need to run some operating system command > (say 'useradd' on Linux, for example) on a remote server. > About the data exchange format, it is missing, you are right, there is an > open issue for that [3] but you can take a look at some examples for > Windows and Powershell [4] [5] - besides the technology difference, the > data is exchanged in the same way. > > 3. Write your own RESTful connector - this might seem the hardest path > but it would allow you to take the complete control over the RESTful > communication: FYI, the ConnId OpenAM connector [6] is coded in this way > and can be taken as example. > > > For any question or help specifically related to ConnId you can contact > [email protected]. > > Regards. > > [1] > http://blog.tirasa.net/blogs/**index.php/how-to-add-389-**directory<http://blog.tirasa.net/blogs/index.php/how-to-add-389-directory> > [2] > https://connid.atlassian.net/**wiki/display/BASE/Connector+**Servers<https://connid.atlassian.net/wiki/display/BASE/Connector+Servers> > [3] > https://connid.atlassian.net/**browse/CMD-1<https://connid.atlassian.net/browse/CMD-1> > [4] http://blog.tirasa.net/blogs/**index.php/coffeetime/execute-** > adamsync-from-another-host<http://blog.tirasa.net/blogs/index.php/coffeetime/execute-adamsync-from-another-host> > [5] http://blog.tirasa.net/blogs/**index.php/wiseit/apache-** > syncope-and-powershell-scripts<http://blog.tirasa.net/blogs/index.php/wiseit/apache-syncope-and-powershell-scripts> > [6] > https://github.com/Tirasa/**ConnIdOpenAMBundle<https://github.com/Tirasa/ConnIdOpenAMBundle> > > -- > Francesco Chicchiriccò > > ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member > http://people.apache.org/~**ilgrosso/<http://people.apache.org/~ilgrosso/> > >
