On 30/08/2013 14:15, hugh lewis wrote:
Hi Francesco,
Thank you for your reply.
I installed the cmd connector, and I discovered that it passes the
fields as environment variables. So I can use that for now as my proof
of concept, and maybe look at modifying the openam connector to use
its Restful communication parts in future.
Fine.
One question - the password is passed as a
"org.identityconnectors.common.security.GuardedString". I guess I
could write a command line java command to decode that, then pass it
back to my curl script. But this seems a little "duct tape"-ish. Is
there another way of getting at the password from a bash/powershell
prompt? Im not a java programmer, so if this is something that
requires some java know-how I guess I can consult a colleague!
GuardedString is an encrypted format defined by ConnId, for which only a
Java implementation exists so I guess you need to involve one of your
colleagues: to ease his work I've prepared a simple gist [7] of what is
needed to decrypt the password.
Hope this helps.
Regards.
On 30 August 2013 10:28, Francesco Chicchiriccò <[email protected]
<mailto:[email protected]>> wrote:
On 30/08/2013 10:56, hugh lewis wrote:
Hi There,
i am currently evaluating syncope for my employer. I have
successfully provisioned accounts from a flat file (extracted
from our employee database) to various ldap and database
targets. i would also like to provision accounts to our red
hat IPA system. I can provision directly into IPA's ldap
backend, but this is not ideal as there are a number of things
(kerberos etc) not set when you create accounts via ldap.
IPA does have a json interface for provisioning accounts. I
dont see a json plugin in connid. Is there a way to provision
accounts directly to a RESTful target?
I notice a new CMD connid - I guess I could call curl directly
via this connector and call IPA's provisioning that way? Only
problem is, the CMD connector is very new and I cant find any
documentation about how it receives the data from syncope (I
would need to know how the data is passed so I can form the
json file to pass to curl.
Hi and thanks for your interest in Apache Syncope.
I think you have some options here:
1. Use the ConnId LDAP connector to provision the LDAP backend
(RedHat 389 is very well supported as recently reported [1]) -
this connector is by far the most stable but you have reported
above some drawbacks of acting at this level, in your case.
2. Use the ConnId CMD connector - as you've noticed, this is
quite new; it is meant to be deployed on a remote connector server
[2] in order to execute arbitrary provisioning commands in the
remote host environment; it is particularly useful when you need
to run some operating system command (say 'useradd' on Linux, for
example) on a remote server.
About the data exchange format, it is missing, you are right,
there is an open issue for that [3] but you can take a look at
some examples for Windows and Powershell [4] [5] - besides the
technology difference, the data is exchanged in the same way.
3. Write your own RESTful connector - this might seem the hardest
path but it would allow you to take the complete control over the
RESTful communication: FYI, the ConnId OpenAM connector [6] is
coded in this way and can be taken as example.
For any question or help specifically related to ConnId you can
contact [email protected]
<mailto:[email protected]>.
Regards.
[1] http://blog.tirasa.net/blogs/index.php/how-to-add-389-directory
[2] https://connid.atlassian.net/wiki/display/BASE/Connector+Servers
[3] https://connid.atlassian.net/browse/CMD-1
[4]
http://blog.tirasa.net/blogs/index.php/coffeetime/execute-adamsync-from-another-host
[5]
http://blog.tirasa.net/blogs/index.php/wiseit/apache-syncope-and-powershell-scripts
[6] https://github.com/Tirasa/ConnIdOpenAMBundle
[7] https://gist.github.com/ilgrosso/6389336
--
Francesco Chicchiriccò
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/
