Re: role mapping resources

Sat, 22 Nov 2014 07:47:06 -0800 

On 21/11/2014 17:15, Manfredo Hopp wrote:
My case is your point 2 with possibly scripted SQL, how is group provisioning implemented/expected in that case? 


Group provisioning works very similarly to user provisioning: create a 
resource, define a suitable role mapping for that resource and, when you 
assign such resource to a role, this role will be propagated as a group 
in the external resource.



Then it comes to the connector for external resource: I am familiar with 
Active Directory and LDAP (for which Syncope also provides some helper 
classes for keeping membership and password management), but not very 
much with the Scripted SQL connector [1]: AFAICT that connector just 
gives you the possibility to write groovy scripts that will be invoked 
for each operation (create / update / delete / ...).



Marco, can you provide some examples of such scripts? It seems to me 
that the Scripted SQL connector is also capable of handling __GROP__ 
objectclass (for role provisioning) besides __ACCOUNT__ (for user 
provisioning): am I right?


Regards.

[1] https://connid.atlassian.net/wiki/display/BASE/Scripted+SQL


2014-11-20 4:28 GMT-03:00 Francesco Chicchiriccò <[email protected] 
<mailto:[email protected]>>:


    On 19/11/2014 21:39, Manfredo Hopp wrote:

        Hello, is it possible to map roles with a resource?


    Hi Manfredo,
    please provide some further detail: with Syncope you can assign
    external resource(s) to a role; this will

     1. provision any user assigned to that role to the related
    external resource(s) - if such resource(s) have user mapping defined
     2. provision such role to the related external resource(s) - if
    such resource(s) have role mapping defined and support group
    provisioning (currently only Active Directory, LDAP and possibly
    scripted SQL)
     3. (only for LDAP & Active Directory) maintain Syncope membership
    (e.g. Syncope user is assigned to Syncope role) to external
    membership (e.g. LDAP user is in LDAP group)

    HTH
    Regards.



--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/























					Reply via email to