On 22/12/23 13:26, Eugen Stan wrote:
Hi,
I wanted to ask if Syncope is / can be used to store linux group ID's .
We have some users and groups in Azure AD and I would like to have available
for linux systems
- sync those users and groups
- generate the grup GID for linux (integer in high range - 9000 - 30000)
- generate the UID for linux ( integer in high range - 9000 - 30000)
- generate the linux group name ?!
- generate the linux user name (first part of email ?! )
- periodically sync the groups and users to all linux hosts - there is a
project for this already that integrates with linux
https://github.com/google/nsscache
Has anyone done something similar with Syncope?
Syncope seems to have most of the bits we need for this job. (edited)
Is there a better way of handling this?
Hi, the use case depicted above seems quite reasonable to me - and we've been
implementing something similar with some our my company's customers as well.
At high level, you need to define a few External Resources:
1. Azure AD (via Azure connector [1], bundled) for pull
2. Various Linux boxes (via CMD connector [2], bundled or UNIX connector [3],
not bundled and unmantained but still functional), for propagation
You could attach a Pull Actions class to resource (1) to take care of
generating what needed for resources (2).
As alternative for (2), you might instead configure a single LDAP resource (via
LDAP connector [5]) to populate an OpenLDAP instance and configure all Linux
boxes to get users and groups from there.
HTH
Regards.
[1] https://github.com/Tirasa/ConnIdAzureBundle/
[2] https://github.com/Tirasa/ConnIdCMDBundle
[3] https://github.com/Tirasa/ConnIdUNIXBundle
[4] https://syncope.apache.org/docs/3.0/reference-guide.html#pullactions
[5] https://github.com/Tirasa/ConnIdLDAPBundle
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/