On 26/10/2015 09:17, Francesco Chicchiriccò wrote:
On 23/10/2015 23:08, Manfredo Hopp wrote:
Hi,
is it possible to synchronize a resource's subset (eg accounts with a
specific membership) similar to the filtering in Push Tasks.
Hi,
synchronization from Syncope either relies on ConnId's SEARCH [1] or
SYNC [2], depending on whether you've set the the "Full
reconciliation" flag on the related SyncTask.
While the latter does not allow any form of restriction (e.g. when
calling SYNC you are only barely allowed to ask for latest
modifications), the former could be actually empowered to implement
some kind of "filtered synchronization" from external resource.
So, we could introduce three different types of synchronization:
1. full reconciliation - SEARCH without search fitler
2. partial reconciliation - SEARCH with search filter
3. changelog - SYNC
This would require a mean to specify a search filter expression for
each supported ObjectClass [3] - which will also likely require
conversion from such filter expression into proper Filter [4] instance.
Being this change quite relevant, and also requiring modifications in
the internal storage schema and REST transfer objects, it would need
to be targeted to 2.0.0 (at least).
If interested, please open an issue on JIRA about it.
FYI, some connectors provide "proprietary" (e.g. via custom conf
properties, not at ConnId framework level) handles to achieve similar
result:
* the Active Directory bundle [5] has "Root suffixes", "Base contexts
for user / group entry searches" and "Custom user / group search filter"
* the LDAP bundle [6] has "accountSearchFilter", "groupSearchFilter"
and "accountSynchronizationFilter"
Naturally, this needs to be done per-connector (or per-resource)
rather than per-SyncTask as instead would be with the enhancement
described above.
FYI I have opened
https://issues.apache.org/jira/browse/SYNCOPE-732
Regards.
[1]
http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/framework/api/operations/SearchApiOp.html
[2]
http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/framework/api/operations/SyncApiOp.html
[3]
http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/framework/common/objects/ObjectClass.html
[4]
http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/framework/common/objects/filter/Filter.html
[5] https://connid.atlassian.net/wiki/pages/viewpage.action?pageId=360482
[6] https://connid.atlassian.net/wiki/display/BASE/LDAP
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
