On 2018/03/07 08:10:49, Francesco Chicchiriccò <ilgro...@apache.org> wrote:
> On 07/03/2018 09:01, ale...@gmail.com wrote:
> > Hi,
> > I have implemented LDAPUserOwnerPropagationActions and it works perfectly
> > when in syncope console on group I click Manage Resources -> Select
> > Resource -> click Provision.
> > In Active Directory (AD) managedBy is filled successfully.
> > Also it works when I edit group and update userOwner and any other
> > attribute that is mapped in Mapping. The changes are propagated to AD
> > successfully ( LDAPUserOwnerPropagationActions is triggered).
> > BUT when I edit group and update only userOwner, then this changes are not
> > propagated to AD ( LDAPUserOwnerPropagationActions is not triggered).
> >
> > DO you have any ideas about this?
>
> Hi,
> glad that almost everything is working for you now (BTW: any chance to
> share your use case somehow?).
>
> About the last point, you are essentially updating a Group, and as a
> consequence of this, you want Users to be propagated: in the general
> case, Syncope does not work this way: when you modify a Group, that
> Group's provisioning will take place; when you modify a User, that
> User's provisioning will take place.
>
> In order to trigger provisioning of a given Group's members instead,
> you'll need, after updating the Group itself, to explicitly invoke the
> "provision members" / "deprovision members" feature for the given Group.
> As always, you can do this either by calling the corresponding REST
> endpoint, e.g.
>
> POST /groups/{key}/members/{actionType}
>
> or via Admin Console: select the Group's row, then "provision members" /
> "deprovision members"Â from the menu.
>
> HTH
> Regards.
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
>
>
Hi Francesco,
Thanks for your efforts and quick response.
I want to clarify some points to make sure you understand me correctly.
> About the last point, you are essentially updating a Group, and as a
> consequence of this, you want Users to be propagated
No, I'm updating "Group Ownership" (userOwner) for Group (GroupTO.userOwner),
so as a consequence, I want Group to be propagated. I want managedBy to be
filled in Active Directory (AD) with evaluated value (based on ConnObjectLink).
And solution with "provision members" doesn't work.
So, I edit group, update only "Group Ownership" (userOwner), save group.
UserOwner is not propagated to AD (as well as LDAPUserOwnerPropagationActions
is not triggered). And if I press "Provision members", "Group Ownership"
changes are not propagated to AD.
Only select group -> "Manage Resources" -> Select Resource -> "Provision" let's
to propagate "Group Ownership" (field managedBy becomes updated in AD).
I guess "Provision members" will propagate only the members of the group.
So the problem remains, updating "Group Ownership" does'n lead the Group to be
propagated to Active Directory.
Any ideas?
