Marco: You said: To build the tree from an Ldap -> Syncope pull, you need to implement a pull action.
I do have a pull action, which is how the realms are being populated from LDAP. But as you can see they're coming in flat. Maybe I'm not understanding what you're trying to guide me to do. If the JEXL you describe is only for propagation, do I not need one for pull? Thank you! On Fri, Jul 23, 2021 at 2:26 AM Marco Di Sabatino Di Diodoro < [email protected]> wrote: > Hi > Il 22/07/21 20:28, Adam Levine ha scritto: > > Marco: > > Thank you for responding. > > I can create the realms from LDAP -> Syncope. That's not a problem. > It's the multiple hierarchy that doesn't want to work, and it could be a > limitation. > Let me show pictures > > Here you can see the tree under people: > > [image: image.png] > > And here's how it appears in Syncope: > > [image: image.png] > > I am guessing that the issue is the 'fullpath' attribute having a direct > mapping to 'l' instead of a jexl that would concat the ou path into a an > 'ou/ou/ou' string. > > We used the fullpath attribute to be able to implement a jexl function > that converts the syncope format to a dn for ldap: > syncope:fullPath2Dn(fullPath, 'ou') + ',o=isp' > This function is used only in propagation. > > To build the tree from an Ldap -> Syncope pull, you need to implement a > pull action. > > M > > > Or is there another issue at hand? > > Thank you! > > > On Thu, Jul 22, 2021 at 1:53 AM Marco Di Sabatino Di Diodoro < > [email protected]> wrote: > >> Hi >> >> Il 19/07/21 10:36, Adam Levine ha scritto: >> > I'm able to create realms based on a group tree from LDAP, thanks to >> > the guidance on other emails and following the demo deploy. I do get >> > exceptions when trying to refresh on a pull (have to delete the realms >> > manually first). >> >> What kind of exception? >> >> > >> > Problem: The created realms are flat in hierarchy (all the same >> > depth), instead of matching the LDAP groups that have several depths. >> In order to set a depth for each realm to be created, you need to use a >> pull action. >> > >> > Using Apache DS >> > >> > I saw a post that said to reference the demo ldap-orgunit >> > configuration, as it provided the even/odd realm trees. But when I >> > look at the demo, the ldap org only has ou=[People|Groups], and it >> > doesn't have any pull/provision tasks attached to it. >> > >> > Am I missing something? Guidance is greatly appreciated! >> >> The data in the demo is used for testing. If you want to try to create >> an ou on Apache DS from Syncope, please perform the following steps: >> >> 1) From Syncope console, go to root realm (/) >> 2) Create a new realm where the parent is / and assign >> resource-ldap-orgunit resource >> 3) Click Finish >> >> Now you are able to see a new OU on Apache DS >> >> M >> >> > >> > Thank you! >> >> -- >> Dott. Marco Di Sabatino Di Diodoro >> Tel. +39 3939065570 >> >> Tirasa S.r.l. >> Viale Vittoria Colonna, 97 - 65127 Pescara >> Tel +39 0859116307 / FAX +39 0859111173 >> http://www.tirasa.net >> >> Apache Syncope PMC Member >> http://people.apache.org/~mdisabatino/ >> >> -- > Dott. Marco Di Sabatino Di Diodoro > Tel. +39 3939065570 > > Tirasa S.r.l. > Viale Vittoria Colonna, 97 - 65127 Pescara > Tel +39 0859116307 / FAX +39 0859111173http://www.tirasa.net > > Apache Syncope PMC Memberhttp://people.apache.org/~mdisabatino/ > >
