Hi there, I recently asked how to synchronize hierarchical roles from LDAP to Syncope. Francesco replied:
> You need to extend the standard synchronization behavior by writing a custom > SyncActions that, in the beforeProvision() method, > for example, will set the parent role of the role being synchronized > according to its DN from LDAP. To follow up on this: (1) What is necessary to synchronize (propagate) the other way: From Syncope to LDAP? (2) I don't get how this will be working at all (Syncope -> LDAP as well as LDAP -> Syncope) for hierarchical structures, because in "Resources"/"Role Mapping", under "Account Link", there has to be something like this: 'cn=' + name + ',ou=groups,dc=example,dc=com'. So a very specific location in the LDAP, no wildcards, no hierarchies. Cheers, Hermann
