2015-05-07 4:22 GMT-03:00 Francesco Chicchiriccò <[email protected]>:
> On 06/05/2015 18:42, Manfredo Hopp wrote: > >> Hi, >> >> 1. why can roles only be mapped through scripted connector? db.table >> seems to be cleaner. >> > > Each connector bundle can on its own decide to support ACCOUNT (e.g. > users) and / or GROUP (e.g. roles): to my knowledge, only LDAP, Scripted > SQL and Active Directory connector bundles support GROUP (besides ACCOUNT). > > 2. why is role mapping panel showing accountid checkbox. Is this an >> accounT? or is it group? >> > > "AccountId" refers to the mapping item which refers to the key value which > is used to bind the internal user / role to external entities; I agree this > is misleading, we'll change that in 2.0.0. > > 3. why is role sync task expecting __UID__ ? is it a user? >> > > __UID__ is the name of a special attribute returned by ConnId, and > generally associated with the key value on the external resource (say the > primary key value on a database table). > It is used both for ACCOUNT and GROUP > > 4. What use is the field Rolename in mapping panel for, when __UID__ is >> used for mapping name? >> > > It is the role name, which is not unique (as instead role id, see below): > there could be more roles with the same name, provided that they don't > share the same parent role. > Unfortunately this is also used as link to resource, so changing Rolename looses link. It would be nice this to work independently. > FYI, __UID__ is not used anymore when defining resource mapping in Syncope > (either for users and roles) since Syncope 1.2.0 (which depends on ConnId > 1.4.0.0). Its not used on resources mapping definition but has to be returned on script! > > > 5. what use is the field RoleId in mapping panel? >> > > It is the role unique identifier, e.g. a number. Cannot be assigned. Its automatically generated. > > > 6. Is it possible to assign more than 1 owner to a scpecific role? >> > > Role owners can either be a (single) user or another role: if you want to > have more owners of a role, just define another role, put such users into > this role and make it owner of the first role. > > HTH > Regards. > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Involved at The Apache Software Foundation: > member, Syncope PMC chair, Cocoon PMC, Olingo PMC > http://people.apache.org/~ilgrosso/ > > >
