Re: Synchronizing subsets

Mon, 26 Oct 2015 01:18:07 -0700 

On 23/10/2015 23:08, Manfredo Hopp wrote:

Hi,
is it possible to synchronize a resource's subset (eg accounts with a specific membership) similar to the filtering in Push Tasks. 

Hi,

synchronization from Syncope either relies on ConnId's SEARCH [1] or 
SYNC [2], depending on whether you've set the the "Full reconciliation" 
flag on the related SyncTask.



While the latter does not allow any form of restriction (e.g. when 
calling SYNC you are only barely allowed to ask for latest 
modifications), the former could be actually empowered to implement some 
kind of "filtered synchronization" from external resource.


So, we could introduce three different types of synchronization:

 1. full reconciliation - SEARCH without search fitler
 2. partial reconciliation - SEARCH with search filter
 3. changelog - SYNC


This would require a mean to specify a search filter expression for each 
supported ObjectClass [3] - which will also likely require conversion 
from such filter expression into proper Filter [4] instance.



Being this change quite relevant, and also requiring modifications in 
the internal storage schema and REST transfer objects, it would need to 
be targeted to 2.0.0 (at least).

If interested, please open an issue on JIRA about it.


FYI, some connectors provide "proprietary" (e.g. via custom conf 
properties, not at ConnId framework level) handles to achieve similar 
result:



 * the Active Directory bundle [5] has "Root suffixes", "Base contexts 
for user / group entry searches" and "Custom user / group search filter"
 * the LDAP bundle [6] has "accountSearchFilter", "groupSearchFilter" 
and "accountSynchronizationFilter"



Naturally, this needs to be done per-connector (or per-resource) rather 
than per-SyncTask as instead would be with the enhancement described above.


Regards.


[1] 
http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/framework/api/operations/SearchApiOp.html
[2] 
http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/framework/api/operations/SyncApiOp.html
[3] 
http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/framework/common/objects/ObjectClass.html
[4] 
http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/framework/common/objects/filter/Filter.html

[5] https://connid.atlassian.net/wiki/pages/viewpage.action?pageId=360482
[6] https://connid.atlassian.net/wiki/display/BASE/LDAP

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
























					Reply via email to