On 06/07/2016 16:35, Jonas Israelsson wrote:
I saw in M4 a new feature called Realm Provisioning.
Curious on what it it supposed to do. I have the need to place users
in realms preferably based on a ldap attribute.
It this a use case for this function ?
May I ask for an example on how to use it? Tried different
combinations but all I get is complaints in the log that it's unable
to create realms.
As you're using the standalone distribution, just assign the
"resource-ldap-orgunit" resource to one of pre-defined realms (say
"odd"): after saving, you will find "ou=odd,o=isp" in the embedded
ApacheDS.
Essentially, the realm provisioning feature allows to manage LDAP's and
Active Directory's organization / organizational units (depending on the
mapping - take a look at resource-ldap-orgunit provisioning rules for
details) from within Syncope.
About
I have the need to place users in realms preferably based on a ldap
attribute
you might want to add your own PullActions implementation, and to
configure it in your pull task.
Take a look at [1] for an example: you will have access to the LDAP
attribute via
delta.getObject().getAttributeByName("your_attribute_name")
and then you can set the realm via userTO.setRealm().
Finally, consider that standalone distribution won't allow this kind of
extensions, you will need to setup a Maven project.
HTH
Regards.
[1]
https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/pushpull/DBPasswordPullActions.java#L64-L75
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC,
CXF Committer, OpenJPA Committer, PonyMail PPMC
http://home.apache.org/~ilgrosso/
