Il 22/03/2017 14:02, imilosevic ha scritto:
Hi all,
I have an issue that happens when I try to push users to the Active
Directory specific group, they instead are mapped only to the membership of
the connector for that resource.
If I add multiple memberships to the connector, it will provision users to
all groups that are part of it.
I have also tried to do the mapping but with no luck.
What is the right way of provisioning users to the wanted group?
Thank you!
--
View this message in context:
http://syncope-user.1051894.n5.nabble.com/AD-Mapping-User-To-Specific-Groups-tp5709105.html
Sent from the syncope-user mailing list archive at Nabble.com.
Hi, actually I have not got your point.
What are the "memberships" you are speaking of? Are you referring to the
membership you can specify on the connector instance configuration panel?
If you want to perform membership provisioning you have to map active
directory user groups with syncope groups and then use
LDAPMembershipPropagationAction to manage groups and group memberships
propagation.
So, you can
1. configure propagation action for AD resource [1]
2. provide a group mapping [2]
3. create a new group (assign it to AD resource) and check if it is
successfully propagated on AD
4. assign a user to the group and check if it becomes member of the
group on AD
If you need existing AD groups on Syncope you can synchronize them or
replicate them manually and perform a push operation by providing the
right matching rule (link).
Regards,
F.
[1] http://syncope.apache.org/docs/reference-guide.html#propagationactions
[2] http://syncope.apache.org/docs/reference-guide.html#mapping
--
Fabio Martelli
https://it.linkedin.com/pub/fabio-martelli/1/974/a44
http://blog.tirasa.net/author/fabio/index.html
Tirasa - Open Source Excellence
http://www.tirasa.net/
Apache Syncope PMC
http://people.apache.org/~fmartelli/
