On 2018/03/07 08:10:49, Francesco Chicchiriccò <ilgro...@apache.org> wrote: 
> On 07/03/2018 09:01, ale...@gmail.com wrote:
> > Hi,
> > I have implemented LDAPUserOwnerPropagationActions and it works perfectly 
> > when in syncope console on group I click Manage Resources -> Select 
> > Resource -> click Provision.
> > In Active Directory (AD) managedBy is filled successfully.
> > Also it works when I edit group and update userOwner and any other 
> > attribute that is mapped in Mapping. The changes are propagated to AD 
> > successfully ( LDAPUserOwnerPropagationActions is triggered).
> > BUT when I edit group and update only userOwner, then this changes are not 
> > propagated to AD ( LDAPUserOwnerPropagationActions  is not triggered).
> >
> > DO you have any ideas about this?
> Hi,
> glad that almost everything is working for you now (BTW: any chance to 
> share your use case somehow?).
> About the last point, you are essentially updating a Group, and as a 
> consequence of this, you want Users to be propagated: in the general 
> case, Syncope does not work this way: when you modify a Group, that 
> Group's provisioning will take place; when you modify a User, that 
> User's provisioning will take place.
> In order to trigger provisioning of a given Group's members instead, 
> you'll need, after updating the Group itself, to explicitly invoke the 
> "provision members" / "deprovision members" feature for the given Group.
> As always, you can do this either by calling the corresponding REST 
> endpoint, e.g.
> POST /groups/{key}/members/{actionType}
> or via Admin Console: select the Group's row, then "provision members" / 
> "deprovision members"  from the menu.
> Regards.
> -- 
> Francesco Chicchiriccò
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/

Hi Francesco,
Thanks for your efforts and quick response.

I want to clarify some points to make sure you understand me correctly.
> About the last point, you are essentially updating a Group, and as a 
> consequence of this, you want Users to be propagated
No, I'm updating "Group Ownership" (userOwner) for Group (GroupTO.userOwner), 
so as a consequence, I want Group to be propagated. I want managedBy to be 
filled in Active Directory (AD) with evaluated value (based on ConnObjectLink).

And solution with "provision members" doesn't work.
So, I edit group, update only "Group Ownership" (userOwner), save group. 
UserOwner is not propagated to AD (as well as LDAPUserOwnerPropagationActions 
is not triggered). And if I press "Provision members", "Group Ownership" 
changes are not propagated to AD. 
Only select group -> "Manage Resources" -> Select Resource -> "Provision" let's 
to propagate "Group Ownership" (field managedBy becomes updated in AD).
I guess "Provision members" will propagate only the members of the group.

So the problem remains,  updating "Group Ownership" does'n lead the Group to be 
propagated to Active Directory.

Any ideas?

Reply via email to