On 07/05/21 19:50, Martin van Es wrote:
Another question. How would I print debug (core.log) statements in a Groovy propagation action script?
Not very related to the subject, but you can find a relevant example here: https://github.com/apache/syncope/blob/2_1_X/fit/core-reference/src/test/resources/rest/SearchScript.groovy#L104 Other samples from Groovy files in the same dir and scriptedsql sibling. Statements will go to core-connid.log Regards.
On Fri, May 7, 2021 at 1:49 PM Martin van Es <mrva...@gmail.com <mailto:mrva...@gmail.com>> wrote: Hi, I've been playing around with Syncope again and was trying to sync a src LDAP scheme that contains multiple organizations, which contain multiple Groups and People branches. All of these branches contain organisation specific users, possibly sharing the same uid (login name). You might call this a multi-tennant lay-out. I was hoping Realms could keep these tennants separated and the usernames uniquely scoped to the realm (automatically). It turns out, that plainly assigning uid to internal attribute username won't work, for two reasons: 1. admin isn't allowed (in my docker test deploy) because there's already a global user called admin, even if I provision the user in a separate Realm?) 2. I can't reuse uid's assigned to username, even when I use a different Realm, so I'd have to assign entryUUID to username and create a separate user_id attribute mapped to uid for all users? Secondly, some of the organisation DN's contain (forward) slashes in the dc part of their DN, which makes configuring the resource awkward (I need to escape the slash using a backslash in the Base Contexts to Synchronize) but worse: it renders membership matching impossible (the entryDN of the user can not be found from the member DN in the group although the matching DN string is correct as inspected from debug output) so I guess that's a bug to be solved in Syncope at some time, because it works as expected for organisations without the slashes in the dc part. Best regards, Martin -- If 'but' was any useful, it would be a logic operator -- If 'but' was any useful, it would be a logic operator
-- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
