On 26/08/20 18:39, te...@net-c.com wrote: > > Hi, > I'm actually assessing some open source software being able to manage > workflows, identities, etc. Syncope looks great and I've started to read the > documentation to have a better view of features and possibilities. > > One question comes to me, if you are able to give me more hints about, I > would be really thankful. > > Managing objects stored in an openLDAP seems to lean on a java connector > using connId API with attributes and object mapping properties. Correct ? > > The connId for LDAP included into bundles and the architecture of Syncope > looks able to manage identities (user) and groups memberships by default > (with some others stuff like AnyObject, memberships...). > > However, openLDAP gives many more possibilities with its schema by writing > custom classes, attributes and elaborating complex tree hierarchy where > relationships can be imagined between users and custom structures > (organizationalUnit-like) thanks to custom attributes for example. > > I just wonder if it is possible to handle such a complex LDAP directory tree > with Syncope ? Extending the question, is it possible to handle and manage > through Syncope any kind of ldap schema and directory tree ? > > Thanks a lot. And thanks for you work. > > Anthony. > Hi Anthony, glad of your interest in Apache Syncope.
Syncope is mostly a Provisioning Engine, striving to keep identity data as much synchronized as possible across a different set of formats and technologies. For such a reason, it relies on ConnId to perform the actual communication with the variegated universe of Identity Stores: DBMS, LDAP, REST and SOAP web services, and many many others. ConnId provides an abstraction layer to attempt to create an uniform view for reading and writing identity data from / to the stores mentioned above; thus, the challenge to create a layer not too far from, and not close to actual implementation is always open. Nevertheless, coming to your specific questions, we do provide in Syncope a way to represent (a) LDAP schema and (b) directory tree. About the former, I would suggest to take a look at [1]: Syncope's concepts were somewhat inspired by LDAP - the most ancient and diffuse identity technology around - so we define schemas (LDAP attribute type's counterpart) and any type classes (LDAP object class' counterpart). About the latter, please check [2]. For both it is of fundamental importance to (a) provide a good mapping [3] and (b) refine and adjust the corners where static mapping cannot reach via Groovy or Java implementations [4]. Hope this clarifies. Regards. [1] http://syncope.apache.org/docs/2.1/reference-guide.html#type-management [2] http://syncope.apache.org/docs/2.1/reference-guide.html#realms [3] http://syncope.apache.org/docs/2.1/reference-guide.html#mapping [4] http://syncope.apache.org/docs/2.1/reference-guide.html#implementations -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/