On 19/11/2014 21:08, Manish Baid wrote:
Hello,
We are evaluating Syncope to be our provisioning engine, I could not
find a way to achieve following MUST HAVE requirement in our project:
Associate MULTIPLE target resource entitlements (ex. ldap groups) to a
ROLE: such that user assigned to the role will be provisioned
corresponding resource entitlements.
Hi,
with Syncope you can assign external resource(s) to a role; this will
1. provision any user assigned to that role to the related external
resource(s) - if such resource(s) have user mapping defined
2. provision such role to the related external resource(s) - if such
resource(s) have role mapping defined and support group provisioning
(currently only Active Directory, LDAP and possibly scripted SQL)
3. (only for LDAP & Active Directory) maintain Syncope membership
(e.g. Syncope user is assigned to Syncope role) to external membership
(e.g. LDAP user is in LDAP group)
Coming to your question: could you please provide an example of Syncope
role mapped to several LDAP groups?
A role can be assigned to multiple external resource(s) and you can of
course define multiple LDAP resources using the same LDAP connector
instance, but I am not sure of what you are trying to achieve.
Observation: Single Resource entitlement can be synchronized
(reconciled) as ROLE in syncope and assigned to the user.
Corresponding feature in proprietory software -->
Oralce Identity Manager: Access Policy
IBM Tivoli Identity Manager: Provisioning Policy
Could you please clarify the use case you would like to replicate with
Syncope?
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
