On 15/10/2015 07:56, Korhonen Tommi wrote:
Hello!
How does one create a propagation task? There is no Create button on
Propagation Tasks tab like in Synchronization Tasks tab or Push Tasks
tab.
I’d like to create a task that keeps users data synchronized between
Syncope and LDAP. If user is created/deleted/modified in either one
(Syncope or LDAP), both are synchronized to contain same data. As I
understand, synchronization tasks are for Syncope->LDAP
synchronization, Pull Tasks for LDAP->Syncope and Propagation tasks
for both ways Syncope<->LDAP. Is this corrent?
Hi Tommi,
let's try to make things a bit clearer.
*Propagation**
*When assigning an external resource to an user (or a role), you are
telling Syncope to send internal modifications to such external resource.
Thus, if you create an user A with resource R, or doing update or
delete, Syncope will create, for every single operation, a
PropagationTask that will contain all the details for performing such
operation on the given external resource, via the related connector.
This happens for every resource associated to the user, either directly
or via role membership.
Example 1: user 'tommi' created with resource 'LDAP' -> PropagationTask
<tommi,LDAP,CREATE> is generated.
Example 2: user 'tommi' updated -> PropagationTask <tommi,LDAP,UPDATE>
is generated.
Example 3: user 'tommi' updated by assigning to role 'employee' (which
has resource 'ORACLE' assigned) -> PropagationTasks <tommi,LDAP,UPDATE>
and <tommi,ORACLE,CREATE> are generated.
Example 4: user 'tommi' updated by removing resource 'LDAP' ->
PropagationTask <tommi,LDAP,DELETE> is generated.
Syncope will also take care of immediate execution of such propagation
tasks. From the admin console you have also the options for inspecting
the execution(s) (if successful or in error, with the related message)
or to trigger the same task again.
FYI, since the number of PropagationTasks might grow considerably,
especially in production environments, you can control their amount by
selecting the create, update and delete trace levels in the resource
edit window.
*Synchronization*
In order to synchronize external resources with Syncope, you need to
create one or more SyncTasks.
If you configure everything correctly, Syncope will periodically query
the related external resource for modifications (create, update, delete)
and, once obtained the data, attempt to match internal users (and roles)
and modify internal data accordingly.
About this, a common need is to automatically assign the synchronizing
resource to the users created internally via SyncTask.
You can easily configure this by adding an user template to the
SyncTask, which barely has such resource assigned.
Example: user 'tommi' reported as newly created in LDAP, cannot find an
existing match in Syncope so decision is made to create a new user in
Syncope; when creating 'tommi' in Syncope, the relevant user template is
evaluated and, if such template has the 'LDAP' resource assigned, such
resource will also be assigned to 'tommi'. As a result, any further
modification in Syncope to 'tommi' will be propagated back to LDAP (see
above).
SyncTasks can be manually triggered or scheduled for period execution.
*Push
*This operation is useful under particular conditions, as opposite of
propagation and synchronization which are instead quite common.
Essentially, you can create a PushTask when you want to (re)initialize
an external resource with the data from Syncope.
*Relevant documentation*
We are currently in the middle of an effort for providing better
documentation (see SYNCOPE-700 [1]), but until it is ready, here is some
wiki pages that provide some useful information on the topic.
Summary of CRUD operations (for users and roles):
https://cwiki.apache.org/confluence/display/SYNCOPE/User+action+flows
https://cwiki.apache.org/confluence/display/SYNCOPE/Role+action+flows
General concepts about provisioning, propagation, synchronization and push
https://cwiki.apache.org/confluence/display/SYNCOPE/Provisioning
https://cwiki.apache.org/confluence/display/SYNCOPE/Propagation
https://cwiki.apache.org/confluence/display/SYNCOPE/Synchronization
https://cwiki.apache.org/confluence/display/SYNCOPE/Push
Other general concepts useful when dealing with external resources:
https://cwiki.apache.org/confluence/display/SYNCOPE/Connectors+and+resources
https://cwiki.apache.org/confluence/display/SYNCOPE/Schema%2C+attributes+and+mapping
[1] https://issues.apache.org/jira/browse/SYNCOPE-700
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
