P.S.
Sorry, the link [1] is referring to the first row of the response ;)
" Syncope can do the work for you if rightly setup and configured."
Best regards,
Andrea
Il 26/07/19 09:40, Andrea Patricelli ha scritto:
Hi Ramón González,
Definitely what Tavernt said. Syncope can do the work for you if
rightly setup and configured.
Here are some references:
- To setup a Syncope environment [2]
- To configure a (source) SQL server connector and resource through
Database table or Scripted SQL connector [3] [4] and an Active
Directory (destination) connector and resource [5].
Once configured resources, you have to pull [6] users into Syncope and
define some logic in Java or Groovy (the business rules addressed by
Tavernt), i.e. [7], if you need to make so processing before sending
users to AD resource. While pulling you can automatically assign, in
different ways, users to AD and link Syncope users to SQL server and AD.
Moreover, once users have assigned AD and SQL server resources, at
each change, Syncope takes care of synchronizing entities towards
resources. To have an idea of what a pull task is and how to
configure (also scheduling) it, please take a look at [8].
Thanks also to Tavernt for the precise overview of the whole flow.
Best regards,
Andrea
[1]
https://syncope.apache.org/docs/2.1/reference-guide.html#identity-stores
[2]
https://syncope.apache.org/docs/2.1/getting-started#obtain-apache-syncope
[3]
https://syncope.apache.org/docs/2.1/reference-guide.html#connector-bundles
[4] https://connid.atlassian.net/wiki/spaces/BASE/pages/5570562/Database
[5]
https://connid.atlassian.net/wiki/spaces/BASE/pages/360482/Active+Directory+JNDI
[6]
https://syncope.apache.org/docs/2.1/reference-guide.html#provisioning-pull
[7] https://syncope.apache.org/docs/2.1/reference-guide.html#pullactions
[8] https://syncope.apache.org/docs/2.1/reference-guide.html#tasks-pull
Il 26/07/19 09:13, Tavernt Muchenje ha scritto:
Hi RG,
Yes, that’s the role of IdM to provision users/account to downstream
systems (AD in this case).
Apache Syncope can easily be configured to read and pull users from
SQL server DB and apply some business rules before creating the users
in AD.
In addition you can schedule how often you need to check for user
changes in SQL.
Cheers
---
signature_1995866963
Tavernt J. Muchenje (MBA, CCSP, CISSP)
Managing Director | Enterprise Security Architect
I’CURITY SOLUTIONS (PTY) LTD
M: +27 (0)72 727 8371
W: www.icurity.co.za <http://www.icurity.co.za>
BEE: Level 1
*From: *Ramón González <[email protected]>
*Reply-To: *<[email protected]>
*Date: *Friday, 26 July 2019 at 02:32
*To: *<[email protected]>
*Subject: *Update user info in Active Directory from SQL Server
Hello,
An HR department uses an app to manage employee info such as manager,
position, phone number, cellphone, birthday, emergency contact, etc.
This info is stored in *SQL Server.*
Is it possible to update user info in *Active Directory (AD)* from
SQL Server?
Right now, user info is updated in SQL Server but is outdated in AD.
Thanks in advance.
Regards,
RG
--
Dott. Andrea Patricelli
Tel. +39 3204524292
Engineer @ Tirasa S.r.l.
Viale Vittoria Colonna 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
--
Dott. Andrea Patricelli
Tel. +39 3204524292
Engineer @ Tirasa S.r.l.
Viale Vittoria Colonna 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
