Removal of DynGroups and DynRealms

Mon, 16 Mar 2026 09:48:07 -0700 

Hi all,

 

while going through our customized code for Syncope 3.0.x to migrate it to
Syncope 4.0.x I searched for the refreshDynMemberships method in the Github
repo and didn't find it. 

Then I found Syncope-1948(
<https://issues.apache.org/jira/browse/SYNCOPE-1948>
https://issues.apache.org/jira/browse/SYNCOPE-1948) for Syncope 4.1.0-M0 and
the off-hand remark that DynGroups are removed as a feature. 

This should, in my opinion, at least be part of the changelog and may be
done in a major release and not a minor one.

 

This is a problem for us because before when we switched to Apache Syncope,
we also migrated our group concept, which heavily relies on nested groups.
We implemented this using the dynamic groups and modified the behavior of
user and group updates to play nicely with changing the FIQL-conditions of
existing groups. Since this also has a rather heavy toll on performance we
didn't want to release it to the public yet. Attached to this E-Mail you
will find our changes, which handle changing dynamic member conditions of
groups and propagating the changes to arbitrarily deep nested groups.

 

Additionally, to this we used the feature for more standard cases like
having a group with all users having 'eduPersonAffiliaton==employee' as a
member, this should work correctly in Syncope 3 without any code changes,
and I don't see how it would work in Syncope 4.1.x.

 

The added manager/managingGroup feature is not a viable substitute for this
and I don't see how it can be. Also please don't get me wrong, I quite like
the manager/managingGroup feature for all objects. And implementing the
nesting via plain attributes and then doing the same this way feels... like
a step backward.

 

In conclusion I have one thing to say: Please move the removal of DynGroups
and DynRealms as a feature into the next major release so we have enough
time to adjust.

 

Kind regards,

Markus

 

---

Markus Okon

[er/ihm; he/him]

Gruppe Nutzermanagement und Entwicklung

Technische Universität Darmstadt

Hochschulrechenzentrum, Alexanderstraße 2, 64283 Darmstadt

http://www.hrz.tu-darmstadt.de

Attachment: CustomGroupDataBinder.java
Description: Binary data

Attachment: CustomJPAJSONGroupDAO.java
Description: Binary data

Attachment: GroupMembershipMatcher.java
Description: Binary data

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to