You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Manfredo Hopp <mh...@gmail.com> on 2014/11/19 21:39:57 UTC
role mapping resources
Hello, is it possible to map roles with a resource?
Thanks
Re: role mapping resources
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 21/11/2014 17:15, Manfredo Hopp wrote:
> My case is your point 2 with possibly scripted SQL, how is group
> provisioning implemented/expected in that case?
Group provisioning works very similarly to user provisioning: create a
resource, define a suitable role mapping for that resource and, when you
assign such resource to a role, this role will be propagated as a group
in the external resource.
Then it comes to the connector for external resource: I am familiar with
Active Directory and LDAP (for which Syncope also provides some helper
classes for keeping membership and password management), but not very
much with the Scripted SQL connector [1]: AFAICT that connector just
gives you the possibility to write groovy scripts that will be invoked
for each operation (create / update / delete / ...).
Marco, can you provide some examples of such scripts? It seems to me
that the Scripted SQL connector is also capable of handling __GROP__
objectclass (for role provisioning) besides __ACCOUNT__ (for user
provisioning): am I right?
Regards.
[1] https://connid.atlassian.net/wiki/display/BASE/Scripted+SQL
> 2014-11-20 4:28 GMT-03:00 Francesco Chicchiriccò <ilgrosso@apache.org
> <ma...@apache.org>>:
>
> On 19/11/2014 21:39, Manfredo Hopp wrote:
>
> Hello, is it possible to map roles with a resource?
>
>
> Hi Manfredo,
> please provide some further detail: with Syncope you can assign
> external resource(s) to a role; this will
>
> 1. provision any user assigned to that role to the related
> external resource(s) - if such resource(s) have user mapping defined
> 2. provision such role to the related external resource(s) - if
> such resource(s) have role mapping defined and support group
> provisioning (currently only Active Directory, LDAP and possibly
> scripted SQL)
> 3. (only for LDAP & Active Directory) maintain Syncope membership
> (e.g. Syncope user is assigned to Syncope role) to external
> membership (e.g. LDAP user is in LDAP group)
>
> HTH
> Regards.
>
>
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
Re: role mapping resources
Posted by Manfredo Hopp <mh...@gmail.com>.
My case is your point 2 with possibly scripted SQL, how is group
provisioning implemented/expected in that case?
Regards
2014-11-20 4:28 GMT-03:00 Francesco Chicchiriccò <il...@apache.org>:
> On 19/11/2014 21:39, Manfredo Hopp wrote:
>
>> Hello, is it possible to map roles with a resource?
>>
>
> Hi Manfredo,
> please provide some further detail: with Syncope you can assign external
> resource(s) to a role; this will
>
> 1. provision any user assigned to that role to the related external
> resource(s) - if such resource(s) have user mapping defined
> 2. provision such role to the related external resource(s) - if such
> resource(s) have role mapping defined and support group provisioning
> (currently only Active Directory, LDAP and possibly scripted SQL)
> 3. (only for LDAP & Active Directory) maintain Syncope membership (e.g.
> Syncope user is assigned to Syncope role) to external membership (e.g. LDAP
> user is in LDAP group)
>
> HTH
> Regards.
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Involved at The Apache Software Foundation:
> member, Syncope PMC chair, Cocoon PMC, Olingo PMC
> http://people.apache.org/~ilgrosso/
>
>
Re: role mapping resources
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 19/11/2014 21:39, Manfredo Hopp wrote:
> Hello, is it possible to map roles with a resource?
Hi Manfredo,
please provide some further detail: with Syncope you can assign external
resource(s) to a role; this will
1. provision any user assigned to that role to the related external
resource(s) - if such resource(s) have user mapping defined
2. provision such role to the related external resource(s) - if such
resource(s) have role mapping defined and support group provisioning
(currently only Active Directory, LDAP and possibly scripted SQL)
3. (only for LDAP & Active Directory) maintain Syncope membership
(e.g. Syncope user is assigned to Syncope role) to external membership
(e.g. LDAP user is in LDAP group)
HTH
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/