2015-05-07 10:40 GMT-03:00 Francesco Chicchiriccò <[email protected]>:
> On 07/05/2015 15:37, Manfredo Hopp wrote: > > 2015-05-07 4:22 GMT-03:00 Francesco Chicchiriccò <[email protected]>: > >> On 06/05/2015 18:42, Manfredo Hopp wrote: >> >>> Hi, >>> >>> 1. why can roles only be mapped through scripted connector? db.table >>> seems to be cleaner. >>> >> >> Each connector bundle can on its own decide to support ACCOUNT (e.g. >> users) and / or GROUP (e.g. roles): to my knowledge, only LDAP, Scripted >> SQL and Active Directory connector bundles support GROUP (besides ACCOUNT). >> >> 2. why is role mapping panel showing accountid checkbox. Is this an >>> accounT? or is it group? >>> >> >> "AccountId" refers to the mapping item which refers to the key value >> which is used to bind the internal user / role to external entities; I >> agree this is misleading, we'll change that in 2.0.0. >> >> 3. why is role sync task expecting __UID__ ? is it a user? >>> >> >> __UID__ is the name of a special attribute returned by ConnId, and >> generally associated with the key value on the external resource (say the >> primary key value on a database table). >> It is used both for ACCOUNT and GROUP >> >> 4. What use is the field Rolename in mapping panel for, when __UID__ is >>> used for mapping name? >>> >> >> It is the role name, which is not unique (as instead role id, see >> below): there could be more roles with the same name, provided that they >> don't share the same parent role. >> > > Unfortunately this is also used as link to resource, so changing > Rolename looses link. It would be nice this to work independently. > > > This because of the way how you have defined your mapping. > What I am saying is there is no way of defining a mapping wich changes roleName without loosing link! Result I cannot change RoleName! > > > >> FYI, __UID__ is not used anymore when defining resource mapping in >> Syncope (either for users and roles) since Syncope 1.2.0 (which depends on >> ConnId 1.4.0.0). > > > Its not used on resources mapping definition but has to be returned on > script! > > > Correct. > > >> 5. what use is the field RoleId in mapping panel? >>> >> >> It is the role unique identifier, e.g. a number. > > > Cannot be assigned. Its automatically generated. > > > Obviously. > > >> 6. Is it possible to assign more than 1 owner to a scpecific role? >>> >> >> Role owners can either be a (single) user or another role: if you want >> to have more owners of a role, just define another role, put such users >> into this role and make it owner of the first role. >> >> HTH >> Regards. >> > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellencehttp://www.tirasa.net/ > > Involved at The Apache Software Foundation: > member, Syncope PMC chair, Cocoon PMC, Olingo > PMChttp://people.apache.org/~ilgrosso/ > >
