On 03/10/2014 08:24 AM, Petr Viktorin wrote:
On 03/07/2014 04:39 PM, Marco Di Sabatino Di Diodoro wrote:
Hi all,
Il giorno 03/feb/2014, alle ore 11:41, Francesco Chicchiriccò
<ilgro...@apache.org <mailto:ilgro...@apache.org>> ha scritto:
On 31/01/2014 18:57, Dmitri Pal wrote:
On 01/31/2014 08:17 AM, Francesco Chicchiriccò wrote:
Are you saying that we should split our development in two:
(1) smart proxy, exposing the RESTful interface, developed on the
basis of [8]
(2) actual ConnId connector, dealing with the proxy above for
implementing its own logic
Correct
If so, could you please point to the source code of [8]?
Will then this eventually become part of FreeIPA?
Quite soon. I would leave it to the team to suggest whether user and
host provisioning smart proxies should be a same smart proxy or
different so that they can be installed independently from each other
but use the same approach. IMO haveing them separately but share the
same code and approach will be more valuable to the project. But I am
open to other ideas here.
I am actually not sure if it is "lightweight" connector could
actually
be better than a "loaded" connector (e.g. without proxy), from a
deployment point of view, unless you are saying either that (a) a
smart proxy is already available that can be reused
The idea can be reused as a starting point. IMO the easiest would
be to
look at the patches and use same machinery but implement different
commands.
or that (b) incorporating the smart proxy that we are going to
develop
into FreeIPA will easily happen.
If done right: i.e. following process and style then yes.
Please become familiar with the coding style [9] page on the wiki and
other contributer guidelines [10].
Also having a design page created as a result of the preliminary
investigation would go a long way towards acceptance and quality of
the
feature.
We will gladly guide you on the way if you have specific questions
[...]
Ok then, we'll do it as follows.
We are currently experimenting with FreeIPA, to get familiar with
technology and options; once we will be confident enough to start the
actual work on the connector, we will check the status of the smart
proxy patches from [11].
If the implementation status will be close to be ready and about to be
included in the official distribution, we will follow the suggestions
above and develop a REST-based connector.
We start to implementing a FreeIPA ConnId connector for Apache Syncope.
We have to implement all identity operations defined by the ConnId
framework.
I would like to know the implementation status of the Smart/Proxy and if
we can use it to all the identity operations.
I'm reviewing the Foreman Smart proxy patches now. They're not in the
FreeIPA repository yet. However the remaining issues were with
packaging, code organization, naming.
The Smart Proxy is now specific to Foreman provisioning; it is not a
full REST interface so it will probably not support all operations you
need.
For a full REST interface, patches are welcome but the core FreeIPA
team has other priorities at the moment. The RFE ticket is here:
https://fedorahosted.org/freeipa/ticket/4168.
For user provisioning you do not need a full REST api. You need to have
a similar proxy but just for user related operations.
So the smart proxy can be used as a model to do what you need to
implement for Syncope integration.
What are the operations you need to implement? Can you list them?
Otherwise, we will instead specialize the CMD connector [12] to
feature the FreeIPA command-line interface (as suggested at the
beginning of this thread). There will be potentially need, in this
case, to include the ConnId connector server into the Syncope
deployment architecture, but this is a supported pattern.
Have you looked at JSON-RPC interface mentioned earlier in this
thread, and [6]? It might be cleaner to use that than the command-line
interface.
[1] http://syncope.apache.org/
[2] http://tirasa.github.io/ConnId/
[3] http://java.net/projects/identityconnectors/
[4] https://github.com/Tirasa/ConnIdFreeIPABundle
[5]
http://tirasa.github.io/ConnId/apidocs/base/org/identityconnectors/framework/spi/operations/package-summary.html
[6]
https://www.redhat.com/archives/freeipa-users/2013-January/msg00109.html
[7] http://www.freeipa.org/page/Documentation
[8] http://www.freeipa.org/page/V3/Smart_Proxy
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
