On 07/03/2018 13:14, Alexander Tsvetkov wrote:
On 2018/03/07 08:10:49, Francesco Chicchiriccò <[email protected]> wrote:
On 07/03/2018 09:01, [email protected] wrote:
Hi,
I have implemented LDAPUserOwnerPropagationActions and it works perfectly when in
syncope console on group I click Manage Resources -> Select Resource -> click
Provision.
In Active Directory (AD) managedBy is filled successfully.
Also it works when I edit group and update userOwner and any other attribute
that is mapped in Mapping. The changes are propagated to AD successfully (
LDAPUserOwnerPropagationActions is triggered).
BUT when I edit group and update only userOwner, then this changes are not
propagated to AD ( LDAPUserOwnerPropagationActions is not triggered).
DO you have any ideas about this?
Hi,
glad that almost everything is working for you now (BTW: any chance to
share your use case somehow?).
About the last point, you are essentially updating a Group, and as a
consequence of this, you want Users to be propagated: in the general
case, Syncope does not work this way: when you modify a Group, that
Group's provisioning will take place; when you modify a User, that
User's provisioning will take place.
In order to trigger provisioning of a given Group's members instead,
you'll need, after updating the Group itself, to explicitly invoke the
"provision members" / "deprovision members" feature for the given Group.
As always, you can do this either by calling the corresponding REST
endpoint, e.g.
POST /groups/{key}/members/{actionType}
or via Admin Console: select the Group's row, then "provision members" /
"deprovision members"Â from the menu.
HTH
Regards.
Hi Francesco,
Thanks for your efforts and quick response.
I want to clarify some points to make sure you understand me correctly.
About the last point, you are essentially updating a Group, and as a
consequence of this, you want Users to be propagated
No, I'm updating "Group Ownership" (userOwner) for Group (GroupTO.userOwner),
so as a consequence, I want Group to be propagated. I want managedBy to be filled in
Active Directory (AD) with evaluated value (based on ConnObjectLink).
And solution with "provision members" doesn't work.
So, I edit group, update only "Group Ownership" (userOwner), save group. UserOwner is not
propagated to AD (as well as LDAPUserOwnerPropagationActions is not triggered). And if I press
"Provision members", "Group Ownership" changes are not propagated to AD.
Only select group -> "Manage Resources" -> Select Resource -> "Provision" let's to
propagate "Group Ownership" (field managedBy becomes updated in AD).
I guess "Provision members" will propagate only the members of the group.
So the problem remains, updating "Group Ownership" does'n lead the Group to be
propagated to Active Directory.
I see your point now - sorry for misunderstanding.
The point here is that "userOwner" is not part of the Group mapping (as
I assume it is only injected by LDAPUserOwnerPropagationActions), correct?
Syncope will automatically generate propagation tasks towards an
External Resource R only if one of the mapped attributes shows a
difference between Syncope and R.
HTH
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
