Hi, I've been playing around with Syncope again and was trying to sync a src LDAP scheme that contains multiple organizations, which contain multiple Groups and People branches. All of these branches contain organisation specific users, possibly sharing the same uid (login name). You might call this a multi-tennant lay-out.
I was hoping Realms could keep these tennants separated and the usernames uniquely scoped to the realm (automatically). It turns out, that plainly assigning uid to internal attribute username won't work, for two reasons: 1. admin isn't allowed (in my docker test deploy) because there's already a global user called admin, even if I provision the user in a separate Realm?) 2. I can't reuse uid's assigned to username, even when I use a different Realm, so I'd have to assign entryUUID to username and create a separate user_id attribute mapped to uid for all users? Secondly, some of the organisation DN's contain (forward) slashes in the dc part of their DN, which makes configuring the resource awkward (I need to escape the slash using a backslash in the Base Contexts to Synchronize) but worse: it renders membership matching impossible (the entryDN of the user can not be found from the member DN in the group although the matching DN string is correct as inspected from debug output) so I guess that's a bug to be solved in Syncope at some time, because it works as expected for organisations without the slashes in the dc part. Best regards, Martin -- If 'but' was any useful, it would be a logic operator
