Hi, I've implemented the groovy scripts as suggested and I've gotten 98% of the way there. The system is pulling roles from the database, creating them in Syncope properly linked to the LDAP resource and they propagate to the AD correctly. However the resource isn't capturing the token value, so it attempts to recreate the existing groups every time the synchronization task executes from the scheduler. I'd like to eliminate this. It does it with and without the full reconciliation option active in the sync task.
This is with the net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector connector. If I use the org.forgerock.openicf.connectors.scriptedsql.ScriptedSQLConnector with the same groovy scripts, the logs show that the task sees the roles from the database query, but it doesn't create them in Syncope at all. No errors are thrown in the logs when this happens. Both resources and sync tasks for the two connectors are identically configured. I know this has to be something simple, but I cannot spot anything explitictly throwing errors. Thank you in advance, Bruce From: Marco Di Sabatino Di Diodoro [mailto:[email protected]] Sent: Tuesday, September 22, 2015 5:55 PM To: [email protected] Subject: Re: How to suck in roles from a database Hi Bruce, great to hear you are working fine with Apache Syncope and thank you for the compliments. Il 22/09/2015 16:21, Smith, Bruce (Mr) ha scritto: Firstly, let me pass on my team's appreciation for the excellent software package that is Syncope. We love working with the combination of easy GUI and powerful backend. What we are trying to achieve with Syncope is the complete automation of creating Active Directory accounts, home drives and email boxes for our students at the moment they are registered for a course at our university. We've gotten to the stage where Syncope is sucking in the user records from the database and propagating the user to Active Directory via the connid.ad connector. Manually created roles are also propagating properly. Home drives and email boxes will be handled by Powershell scripts called via the connid.cmd connector. Our current issue seems simple, but I can't quite figure out how to import roles from the database and also link the roles to the users using the database as the source. We use AD groups based on our internal subject code and add students to each group based on what subjects they are registered for. We have three tables in the staging database storing student details, subject details and the link data between student and subject. Today, I found out that the db.table connector only supports account creation and not role creation. The simplest way to sync roles from your database is to use the Scripted Sql connector [1]. This connector provides great flexibility (groovy script) in the interaction with a db resource. What would be the simplest way to suck the role definition from the database into Syncope? You can implement the groovy script to retrieve the roles from your database[2]. Regards Marco [1] https://connid.atlassian.net/wiki/display/BASE/Scripted+SQL [2] https://cwiki.apache.org/confluence/display/SYNCOPE/Configure+a+Scripted+SQL+resource We want to avoid manual creation of the role via the GUI or automation via calling the REST interface as we are trying to get rid of custom-written, unsupported data transformation programs and replace them with a managed solution like Syncope. Thanks, Bruce Smith Nelson Mandela Metropolitan University ________________________________ NOTICE: Please note that this eMail, and the contents thereof, is subject to the standard NMMU eMail disclaimer which may be found at: http://www.nmmu.ac.za/disclaimer/email.htm -- Dott. Marco Di Sabatino Di Diodoro Tel. +39 3939065570 Tirasa S.r.l. Viale D'Annunzio 267 - 65127 Pescara Tel +39 0859116307 / FAX +39 0859111173 http://www.tirasa.net Apache Syncope PMC Member http://people.apache.org/~mdisabatino/ ________________________________ NOTICE: Please note that this eMail, and the contents thereof, is subject to the standard NMMU eMail disclaimer which may be found at: http://www.nmmu.ac.za/disclaimer/email.htm
