Hi
Il 08/10/2015 10:04, Smith, Bruce (Mr) ha scritto:
Hi,
I’ve implemented the groovy scripts as suggested and I’ve gotten 98%
of the way there. The system is pulling roles from the database,
creating them in Syncope properly linked to the LDAP resource and they
propagate to the AD correctly. However the resource isn’t capturing
the token value, so it attempts to recreate the existing groups every
time the synchronization task executes from the scheduler. I’d like to
eliminate this. It does it with and without the full reconciliation
option active in the sync task.
If you want to work with an incremental synchronization the full
reconciliation option must be disabled.
Are you sure that your sync groovy script is correct? Check if the sync
token is initialized, you can see it from the core-connid.log or
http://localhost:9080/syncope/rest/resources/{resourceName}
after, make a diff with your resource timestamp field and check if your
query works properly.
This is with the
net.tirasa.connid.bundles.db.scriptedsql.ScriptedSQLConnector
connector. If I use the
org.forgerock.openicf.connectors.scriptedsql.ScriptedSQLConnector with
the same groovy scripts, the logs show that the task sees the roles
from the database query, but it doesn’t create them in Syncope at all.
No errors are thrown in the logs when this happens. Both resources and
sync tasks for the two connectors are identically configured.
I've never worked with OpenIcf ScriptedSqlConnector.
Regards
Marco
I know this has to be something simple, but I cannot spot anything
explitictly throwing errors.
Thank you in advance,
Bruce
*From:*Marco Di Sabatino Di Diodoro [mailto:[email protected]]
*Sent:* Tuesday, September 22, 2015 5:55 PM
*To:* [email protected]
*Subject:* Re: How to suck in roles from a database
Hi Bruce,
great to hear you are working fine with Apache Syncope and thank you
for the compliments.
Il 22/09/2015 16:21, Smith, Bruce (Mr) ha scritto:
Firstly, let me pass on my team's appreciation for the excellent software
package that is Syncope. We love working with the combination of easy GUI and
powerful backend.
What we are trying to achieve with Syncope is the complete automation of
creating Active Directory accounts, home drives and email boxes for our
students at the moment they are registered for a course at our university.
We've gotten to the stage where Syncope is sucking in the user records from
the database and propagating the user to Active Directory via the connid.ad
connector. Manually created roles are also propagating properly. Home drives
and email boxes will be handled by Powershell scripts called via the connid.cmd
connector.
Our current issue seems simple, but I can't quite figure out how to import
roles from the database and also link the roles to the users using the database
as the source. We use AD groups based on our internal subject code and add
students to each group based on what subjects they are registered for. We have
three tables in the staging database storing student details, subject details
and the link data between student and subject.
Today, I found out that the db.table connector only supports account
creation and not role creation.
The simplest way to sync roles from your database is to use the
Scripted Sql connector [1]. This connector provides great flexibility
(groovy script) in the interaction with a db resource.
What would be the simplest way to suck the role definition from the
database into Syncope?
You canimplement the groovy script to retrieve the roles from your
database[2].
Regards
Marco
[1] https://connid.atlassian.net/wiki/display/BASE/Scripted+SQL
[2]
https://cwiki.apache.org/confluence/display/SYNCOPE/Configure+a+Scripted+SQL+resource
We want to avoid manual creation of the role via the GUI or automation via
calling the REST interface as we are trying to get rid of custom-written,
unsupported data transformation programs and replace them with a managed
solution like Syncope.
Thanks,
Bruce Smith
Nelson Mandela Metropolitan University
________________________________
NOTICE: Please note that this eMail, and the contents thereof, is subject
to the standard NMMU eMail disclaimer which may be found at:
http://www.nmmu.ac.za/disclaimer/email.htm
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
<http://people.apache.org/%7Emdisabatino/>
------------------------------------------------------------------------
NOTICE: Please note that this eMail, and the contents thereof, is
subject to the standard NMMU eMail disclaimer which may be found at:
http://www.nmmu.ac.za/disclaimer/email.htm
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
