Another question. How would I print debug (core.log) statements in a Groovy propagation action script?
Best regards, Martin On Fri, May 7, 2021 at 1:49 PM Martin van Es <mrva...@gmail.com> wrote: > Hi, > > I've been playing around with Syncope again and was trying to sync a src > LDAP scheme that contains multiple organizations, which contain multiple > Groups and People branches. All of these branches contain organisation > specific users, possibly sharing the same uid (login name). You might call > this a multi-tennant lay-out. > > I was hoping Realms could keep these tennants separated and the usernames > uniquely scoped to the realm (automatically). > > It turns out, that plainly assigning uid to internal attribute username > won't work, for two reasons: > > 1. admin isn't allowed (in my docker test deploy) because there's already > a global user called admin, even if I provision the user in a separate > Realm?) > 2. I can't reuse uid's assigned to username, even when I use a different > Realm, so I'd have to assign entryUUID to username and create a separate > user_id attribute mapped to uid for all users? > > Secondly, some of the organisation DN's contain (forward) slashes in the > dc part of their DN, which makes configuring the resource awkward (I need > to escape the slash using a backslash in the Base Contexts to Synchronize) > but worse: it renders membership matching impossible (the entryDN of the > user can not be found from the member DN in the group although the matching > DN string is correct as inspected from debug output) so I guess that's a > bug to be solved in Syncope at some time, because it works as expected for > organisations without the slashes in the dc part. > > Best regards, > Martin > -- > If 'but' was any useful, it would be a logic operator > -- If 'but' was any useful, it would be a logic operator
