Follow up: I configured my connector, resource, mapping, and pull from the Demo system.
On Fri, Jul 23, 2021 at 9:40 AM Adam Levine <[email protected]> wrote: > Marco: > > You said: To build the tree from an Ldap -> Syncope pull, you need to > implement a pull action. > > I do have a pull action, which is how the realms are being populated > from LDAP. But as you can see they're coming in flat. Maybe I'm not > understanding what you're trying to guide me to do. If the JEXL you > describe is only for propagation, do I not need one for pull? > > Thank you! > > > On Fri, Jul 23, 2021 at 2:26 AM Marco Di Sabatino Di Diodoro < > [email protected]> wrote: > >> Hi >> Il 22/07/21 20:28, Adam Levine ha scritto: >> >> Marco: >> >> Thank you for responding. >> >> I can create the realms from LDAP -> Syncope. That's not a problem. >> It's the multiple hierarchy that doesn't want to work, and it could be a >> limitation. >> Let me show pictures >> >> Here you can see the tree under people: >> >> [image: image.png] >> >> And here's how it appears in Syncope: >> >> [image: image.png] >> >> I am guessing that the issue is the 'fullpath' attribute having a direct >> mapping to 'l' instead of a jexl that would concat the ou path into a an >> 'ou/ou/ou' string. >> >> We used the fullpath attribute to be able to implement a jexl function >> that converts the syncope format to a dn for ldap: >> syncope:fullPath2Dn(fullPath, 'ou') + ',o=isp' >> This function is used only in propagation. >> >> To build the tree from an Ldap -> Syncope pull, you need to implement a >> pull action. >> >> M >> >> >> Or is there another issue at hand? >> >> Thank you! >> >> >> On Thu, Jul 22, 2021 at 1:53 AM Marco Di Sabatino Di Diodoro < >> [email protected]> wrote: >> >>> Hi >>> >>> Il 19/07/21 10:36, Adam Levine ha scritto: >>> > I'm able to create realms based on a group tree from LDAP, thanks to >>> > the guidance on other emails and following the demo deploy. I do get >>> > exceptions when trying to refresh on a pull (have to delete the realms >>> > manually first). >>> >>> What kind of exception? >>> >>> > >>> > Problem: The created realms are flat in hierarchy (all the same >>> > depth), instead of matching the LDAP groups that have several depths. >>> In order to set a depth for each realm to be created, you need to use a >>> pull action. >>> > >>> > Using Apache DS >>> > >>> > I saw a post that said to reference the demo ldap-orgunit >>> > configuration, as it provided the even/odd realm trees. But when I >>> > look at the demo, the ldap org only has ou=[People|Groups], and it >>> > doesn't have any pull/provision tasks attached to it. >>> > >>> > Am I missing something? Guidance is greatly appreciated! >>> >>> The data in the demo is used for testing. If you want to try to create >>> an ou on Apache DS from Syncope, please perform the following steps: >>> >>> 1) From Syncope console, go to root realm (/) >>> 2) Create a new realm where the parent is / and assign >>> resource-ldap-orgunit resource >>> 3) Click Finish >>> >>> Now you are able to see a new OU on Apache DS >>> >>> M >>> >>> > >>> > Thank you! >>> >>> -- >>> Dott. Marco Di Sabatino Di Diodoro >>> Tel. +39 3939065570 >>> >>> Tirasa S.r.l. >>> Viale Vittoria Colonna, 97 - 65127 Pescara >>> Tel +39 0859116307 / FAX +39 0859111173 >>> http://www.tirasa.net >>> >>> Apache Syncope PMC Member >>> http://people.apache.org/~mdisabatino/ >>> >>> -- >> Dott. Marco Di Sabatino Di Diodoro >> Tel. +39 3939065570 >> >> Tirasa S.r.l. >> Viale Vittoria Colonna, 97 - 65127 Pescara >> Tel +39 0859116307 / FAX +39 0859111173http://www.tirasa.net >> >> Apache Syncope PMC Memberhttp://people.apache.org/~mdisabatino/ >> >>
