Hi Mikael,
if I understand your environment, the problem can be seen as the general
situation where there are two distinct external resources, each with a
different unique id, matching two distinct attributes in Syncope.
In such situations, at least one of the resources bears one or more
attributes that can be used to match users on Syncope, even if the key
is not (yet) available (say Firstname + Surname, even though I know I am
over-simplifying).
The tool to leverage here are the Pull Policies [1], in particular the
Pull Correlation Rules [2].
HTH
Regards.
[1] https://syncope.apache.org/docs/reference-guide.html#policies-pull
[2]
https://syncope.apache.org/docs/reference-guide.html#pull-correlation-rules
On 14/06/2017 16:05, Mikael Ekblom wrote:
Hi,
We have a small challenge here that includes two primary pull sources,
where the UID for these sources are not the same or cannot be set to
the same value. The only common UID(National Identification Number)
that could be used as a kind of primary key for users pulled from both
sources (that would make this an easy case) can change to my surprise
when it comes to foreign exchange students.This is when they get
Finnish versions of the NIN. It will not be possible to set any
previousUID column to both sources either (for payroll particularly)
and I would like to avoid having to build any separate repository only
due to this case.
So, what I do during provision and within beforeProvision to be
precise, is that I check if I get any existing match for the pulled
user based on the NIN. If I do, I like to create a new syndelta with
the information from the existing user together with the fields that
should be added. If no match is found, then the provisioning should
continue as before.
What I do is to create a new syncdelta with the UID changed to the
existing UID for the account matching, set the connector object with
the required fields, create an AnyTO object and an anyPatch object and
send this to beforeupdate together with the new delta.
Everything is fine so far.
Within beforeUpdate, I can see that I get all the required fields for
that connector object. AbstractAnyDataBinder though claims that I have
a required attribute missing: eduPersonUniqueId, that I can see that
is present within both objects (AnyTO and AnyPatch ) sent to the
beforeUpdate and it is also available as a field within the connector
object for the sync delta.
What am I missing? Should I recreate the syncdelta object again within
beforeUpdate together with the AnyTO and AnyPatch objects too, to be
sure? What is required for beforeUpdate to function properly? Is it
even possible to revert to beforeUpdate from say beforeProvision if a
possible match is found? It should I think. It is a bit troublesome to
check for yourself, when the API-documentation is not that detailed…J
Regards,
Mikael
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
