Hi Markus, see my replies below. Regards.
On 16/03/26 17:47, Okon, Markus wrote:
Hi all, while going through our customized code for Syncope 3.0.x to migrate it to Syncope 4.0.x I searched for the refreshDynMemberships method in the Github repo and didn't find it. Then I found Syncope-1948(https://issues.apache.org/jira/browse/SYNCOPE-1948 <https://issues.apache.org/jira/browse/SYNCOPE-1948>) for Syncope 4.1.0-M0 and the off-hand remark that DynGroups are removed as a feature. This should, in my opinion, at least be part of the changelog and may be done in a major release and not a minor one.
Syncope 4.1 Capriccio is not a minor version, strictly speaking, as we don't fully implement semantic versioning. We normally consider minor versions the ones changing only the last digit (e.g. 3.0.14 Vs 3.0.15). For a background about our current release strategy, you can have a look at the dev@ thread https://lists.apache.org/thread/2g2l25n55slzyzff1syh6wvycwjsdp9c I agree about the changelog, so I went ahead and added a section to https://cwiki.apache.org/confluence/display/SYNCOPE/Capriccio
This is a problem for us because before when we switched to Apache Syncope, we also migrated our group concept, which heavily relies on nested groups. We implemented this using the dynamic groups and modified the behavior of user and group updates to play nicely with changing the FIQL-conditions of existing groups. Since this also has a rather heavy toll on performance we didn't want to release it to the public yet. Attached to this E-Mail you will find our changes, which handle changing dynamic member conditions of groups and propagating the changes to arbitrarily deep nested groups. Additionally, to this we used the feature for more standard cases like having a group with all users having 'eduPersonAffiliaton==employee' as a member, this should work correctly in Syncope 3 without any code changes, and I don't see how it would work in Syncope 4.1.x. The added manager/managingGroup feature is not a viable substitute for this and I don't see how it can be. Also please don't get me wrong, I quite like the manager/managingGroup feature for all objects. And implementing the nesting via plain attributes and then doing the same this way feels... like a step backward.
I am glad to hear you were able to produce some improvements, that unfortunately remained lying in your own deployment without having the chance to become part of the Syncope project. You see, this would be the sense of adopting an open source solution and being part of a community. I also understand you can have troubles with migration of your use cases to Syncope 4.1. AFAICT, there are many ways to implement your requirements in your own Syncope deployment - as you are doing anyway - by relying on one or more of the various extension and customization capabilities that Syncope offers. As an example, you can intercept User and Any Object create / update / delete events to add and remove those from Groups when certain conditions occur - like as when their eduPersonAffiliaton's value is 'employee'. This can be done either in LogicActions (for REST calls) or PullActions (for Pull).
In conclusion I have one thing to say: Please move the removal of DynGroups and DynRealms as a feature into the next major release so we have enough time to adjust.
There is only one way for anything to land on the Syncope code: some contributor shall take charge of it and work with the community to make it play nicely with the existing product. From a practical point of view, this boils down to some discussion on dev@, opening issue(s) on JIRA and working on one or more Pull Requests. Last time we had unfortunately to close https://github.com/apache/syncope/pull/1159 because the work was abandoned after a while: this makes a hard way to build community and product improvements.
Kind regards, Markus --- Markus Okon [er/ihm; he/him] Gruppe Nutzermanagement und Entwicklung Technische Universität Darmstadt Hochschulrechenzentrum, Alexanderstraße 2, 64283 Darmstadt http://www.hrz.tu-darmstadt.de
-- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA https://about.me/ilgrosso
