> The basic idea is that for propagating / synchronizing users you need a ConnId connector supporting ObjectClass.ACCOUNT (all > available connector bundle) while for propagating / synchronizing roles you need a ConnId connector supporting ObjectClass.GROUP > (only the LDAP connector bundle, currently).
Thanks for the explanation Francesco! I'll turn my attention to experimenting with an LDAP backend so. What do you think about a JIRA to query the underlying Connector to see whether it supports ObjectClass.GROUP, and to disable the ability to add Role Mappings in the Resource if it does not? Colm. On Fri, Feb 8, 2013 at 4:18 PM, Francesco Chicchiriccò <[email protected]>wrote: > On 08/02/2013 17:10, Colm O hEigeartaigh wrote: > >> Hi all, >> >> I'm experimenting with synchronizing roles into Syncope on trunk. >> >> Firstly, what is the difference between a User mapping in a Resource where >> you select "ROLE" as the entity, and the Role Mapping tab where you can >> only select "ROLE"? >> > > When you add a mapping item for users with ROLE entities, you are > propagating the value(s) of a role attribute as part of the user data. Here > you are managing an user (i.e. ObjectClass.ACCOUNT for ConnId). > > When you add a mapping item for roles (only ROLE entities allowed), you > are propagating the role data. Here you are managing a role (i.e. > ObjectClass.GROUP for ConnId). > > > Let's say I have a database table with a Username, Password, some >> attributes, and a Role name. I want to import this Role into Syncope and >> also see that the User has this Role when I edit the User in the Console. >> Is this possible? >> > > The basic idea is that for propagating / synchronizing users you need a > ConnId connector supporting ObjectClass.ACCOUNT (all available connector > bundle) while for propagating / synchronizing roles you need a ConnId > connector supporting ObjectClass.GROUP (only the LDAP connector bundle, > currently). > > Moreover, the use case you report above is for propagating memberships > (i.e. the fact that a user belongs to a role), not the role itself. > Propagating memberships is not supported by the ConnId framework; however, > I've developed some simple actions for achieving this goal, at least for > LDAP as part of SYNCOPE-26. > > Hope this clarifies a bit. > > Regards. > > -- > Francesco Chicchiriccò > > ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member > http://people.apache.org/~**ilgrosso/<http://people.apache.org/~ilgrosso/> > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
