On 13/08/2012 15.15, Colm O hEigeartaigh wrote:
Hi Francesco,
> Yes: you can define what attributes, roles and resources a
synchronized user should have by editing the user template associated to
> the synchronization task (look at [1] for an example).
Cool thanks. I think there may be a bug here in that this is working
fine when you add a resource by editing the user template before the
task executes for the first time, but if you later add it in after the
user has already been synchronized to Syncope and run the task again,
the resource does not show up on the previously synchronized user.
Shall I open a JIRA for this?
Has this resource the 'Updated matched identities' flagged as well?
Do you see any error in the task execution message? I would expect that
there could be some problem when subscribing an existing user to an
external resource, with no password (see SYNCOPE-136).
A minor suggestion - the configuration page for the LDAP Connector is
a bit confusing, as the configuration options seem to appear in a
random order. Should we move to either alphabetical or else a more
coherent flow as appears here:
https://code.google.com/p/connid/wiki/LDAP
?
AFAIK, the presentation order in the Syncope admin console is derived
from the order defined on each connector bundle.
For the LDAP bundle [2], there is no ordering defined at all (check
@ConfigurationProperty annotation), while for the DB bundle [3],
ordering is well defined.
Regards.
[2]
http://connid.googlecode.com/svn/bundles/ldap/tags/org.connid.bundles.ldap-1.3.1/src/main/java/org/identityconnectors/ldap/LdapConfiguration.java
[3]
http://connid.googlecode.com/svn/bundles/db/tags/db-2.1.2/table/src/main/java/org/identityconnectors/databasetable/DatabaseTableConfiguration.java
On Fri, Aug 10, 2012 at 4:34 PM, Francesco Chicchiriccò
<[email protected] <mailto:[email protected]>> wrote:
On 10/08/2012 17.26, Colm O hEigeartaigh wrote:
Great thanks, selecting 'full reconciliation' did the trick. Do
you know is there a fix planned to only use the delta with Apache DS?
Not that I know, but we can discuss this on
[email protected] <mailto:[email protected]>
if you want.
Another question: After importing user entries from an Apache DS
backend, they don't have the corresponding "Resource" selected.
So to update a user entry I need to manually select the
corresponding Connector before the change gets propagated back.
Is this expected?
Yes: you can define what attributes, roles and resources a
synchronized user should have by editing the user template
associated to the synchronization task (look at [1] for an example).
Regards.
[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/Synchronize+Active+Directory+with+SQL+database#SynchronizeActiveDirectorywithSQLdatabase-Provideausertemplate
On Fri, Aug 10, 2012 at 1:25 PM, Francesco Chicchiriccò
<[email protected] <mailto:[email protected]>> wrote:
On 10/08/2012 14.09, Colm O hEigeartaigh wrote:
Hi all,
A quick sanity check: Is there any reason why I can't
synchronize from an Apache DS backend in Syncope? I can
create users in Syncope and propagate them to the
resource fine, but I can't do the reverse.
Hi Colm,
synchronization from an external resource might fail for many
different reasons: I'd suggest to increase the level for the
'org.apache.syncope.core.scheduling' logger in order to have
some insight about the failure.
Generally speaking, you can perform a proper synchronization
only when the underlying connector supports the SYNC
operation (and has the correspondent capability enabled in
Syncope). The LDAP connector, specifically, only supports
that for Sun Directory Server and OpenDS / OpenDJ.
When SYNC operation is not supported / enabled, you can only
perform a 'full reconciliation' - the difference is that with
the latter all entries are sent at every request from the
external resource, while the former only sends the delta
compared to prior call.
You can choose full reconciliation from the admin console,
when editing the resource.
Regards.
--
Francesco Chicchiriccò
ASF Member, Apache Cocoon PMC and Apache Syncope PPMC Member
http://people.apache.org/~ilgrosso/
