Hi
Il 22/07/21 20:28, Adam Levine ha scritto:
Marco:
Thank you for responding.
I can create the realms from LDAP -> Syncope. That's not a
problem. It's the multiple hierarchy that doesn't want to work, and
it could be a limitation.
Let me show pictures
Here you can see the tree under people:
image.png
And here's how it appears in Syncope:
image.png
I am guessing that the issue is the 'fullpath' attribute having a
direct mapping to 'l' instead of a jexl that would concat the ou path
into a an 'ou/ou/ou' string.
We used the fullpath attribute to be able to implement a jexl function
that converts the syncope format to a dn for ldap:
syncope:fullPath2Dn(fullPath, 'ou') + ',o=isp'
This function is used only in propagation.
To build the tree from an Ldap -> Syncope pull, you need to implement a
pull action.
M
Or is there another issue at hand?
Thank you!
On Thu, Jul 22, 2021 at 1:53 AM Marco Di Sabatino Di Diodoro
<[email protected] <mailto:[email protected]>> wrote:
Hi
Il 19/07/21 10:36, Adam Levine ha scritto:
> I'm able to create realms based on a group tree from LDAP,
thanks to
> the guidance on other emails and following the demo deploy. I do
get
> exceptions when trying to refresh on a pull (have to delete the
realms
> manually first).
What kind of exception?
>
> Problem: The created realms are flat in hierarchy (all the same
> depth), instead of matching the LDAP groups that have several
depths.
In order to set a depth for each realm to be created, you need to
use a
pull action.
>
> Using Apache DS
>
> I saw a post that said to reference the demo ldap-orgunit
> configuration, as it provided the even/odd realm trees. But when I
> look at the demo, the ldap org only has ou=[People|Groups], and it
> doesn't have any pull/provision tasks attached to it.
>
> Am I missing something? Guidance is greatly appreciated!
The data in the demo is used for testing. If you want to try to
create
an ou on Apache DS from Syncope, please perform the following steps:
1) From Syncope console, go to root realm (/)
2) Create a new realm where the parent is / and assign
resource-ldap-orgunit resource
3) Click Finish
Now you are able to see a new OU on Apache DS
M
>
> Thank you!
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale Vittoria Colonna, 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net <http://www.tirasa.net>
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
<http://people.apache.org/~mdisabatino/>
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale Vittoria Colonna, 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
