On 03/04/2018 20:29, varontron wrote:
Hi,
Wondering about the best way to map an ldap hierarchy in 2.0.8...
Use Case:
-----------
All P and S entities are instances of 'groupOfNames' ObjectClasses, with DNs
like:
cn=P1,ou=groups,dc=ldap,dc=example,dc=com
cn=S3,cn=P1,ou=groups,dc=ldap,dc=example,dc=com
cn=S3,cn=P2,ou=groups,dc=ldap,dc=example,dc=com
I considered a flat mapping of users to each of the “P” level and “S” level,
however that confounds the requirements. For example, if UserA is a member
of S3 and P2, and also S2 and P1, a flatter User-to-Group mapping would not
be able to distinguish the restriction of UserA from S3/P1 stuff. Only a
pre-existing relationship between P and S level, that is then, in turn,
mapped to the user seems to suffice.
What is the most effective method for mapping this hierarchy in Syncope
2.0.8?
Is there a jexl expression for ObjectLink which would preserve this
relationship “as is” with a “cn” or each level (i.e., DN=“cn=S3,cn=P1,ou…?”
or DN=“cn=S4,cn=P1,ou…”)
Is “realms” the way to go, perhaps mapping all “P” levels to realms and “S”
levels to GROUP types?
Are custom anytypes (e.g., “P AnyType” an “S AnyType”) applicable?
Some other option?
You're doing it wrong?
Any insight you can provide will be most helpful.
Not sure if you have solved in the meanwhile, but this should help:
https://syncope.apache.org/docs/reference-guide.html#object-link-realms-hierarchy
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
