You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Jesse van Bekkum <be...@gmail.com> on 2013/11/07 15:49:44 UTC
Synchronizing role membership with the scripted SQL connector
Hi
I haven been configuring the scripted SQL connector to be able to
synchronize users into Syncope. First a remark, I found that the
synchronization only worked if I set "auto commit" to true. If it is set to
false it somehow keeps old data in memory. Took me quite a while to find
out. Perhaps someone can add that to the wiki?
And now my real question:
I have been trying to syncronize memberships. I have already created my
roles, and I want to import users, and assign them to roles, depending on
their attributes. Anybody know how to setup the mapping to do this? I could
not find any examples. I tried to assign the role name, but that did not
work.
With kind regards
Jesse van Bekkum
iWelcome
Re: Synchronizing role membership with the scripted SQL connector
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 08/11/2013 09:22, Jesse van Bekkum wrote:
> Thanks Francesco
>
> The auto-commit feature is in the configuration tab of the connector.
> I am using MySQL.
>
> When it was switched off, all my select queries gave data of the
> database situation of the first time a query was executed, and not the
> data as it is currently.
Understood: guess the best place for such information is page [2]:
please start a new thread on connid-dev@googlegroups.com for this, thanks.
Regards.
> About the group membership: a pity that that is not supported. I'll
> look at the sync actions class
>
> Jesse
>
>
> On 8 November 2013 08:58, Francesco Chicchiriccò <ilgrosso@apache.org
> <ma...@apache.org>> wrote:
>
> On 07/11/2013 15:49, Jesse van Bekkum wrote:
>
> Hi
>
> I haven been configuring the scripted SQL connector to be able
> to synchronize users into Syncope. First a remark, I found
> that the synchronization only worked if I set "auto commit" to
> true. If it is set to false it somehow keeps old data in
> memory. Took me quite a while to find out. Perhaps someone can
> add that to the wiki?
>
>
> Hi,
> where exactly have you set "auto commit to true"? Which DBMS are
> you working with?
>
>
> And now my real question:
> I have been trying to syncronize memberships. I have already
> created my roles, and I want to import users, and assign them
> to roles, depending on their attributes. Anybody know how to
> setup the mapping to do this? I could not find any examples. I
> tried to assign the role name, but that did not work.
>
>
> Memberships are not handled at all by ConnId, the framework used
> to deal with external resources; only ACCOUNT (e.g. users in
> Syncope) and GROUP (e.g. roles in Syncope).
>
> The LDAP and Active Directory connectors provide a "ldapGroups"
> attribute with special handling, but that's the LDAP and Active
> Directory connectors, not a general framework feature available to
> all connectors.
>
> The easiest way to implement your requirement is to provide a
> SyncActions implementation that will be triggered upon
> synchronization from that specific resource and can implement the
> logic to assign users to roles, depending on their attributes.
>
> HTH
> Regards.
>
> [1]
> https://cwiki.apache.org/confluence/display/SYNCOPE/SyncActionsClass
>
[2] https://connid.atlassian.net/wiki/display/BASE/Database+Table
--
Francesco Chicchiriccò
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/
Re: Synchronizing role membership with the scripted SQL connector
Posted by Jesse van Bekkum <be...@gmail.com>.
Thanks Francesco
The auto-commit feature is in the configuration tab of the connector. I am
using MySQL.
When it was switched off, all my select queries gave data of the database
situation of the first time a query was executed, and not the data as it is
currently.
About the group membership: a pity that that is not supported. I'll look at
the sync actions class
Jesse
On 8 November 2013 08:58, Francesco Chicchiriccò <il...@apache.org>wrote:
> On 07/11/2013 15:49, Jesse van Bekkum wrote:
>
>> Hi
>>
>> I haven been configuring the scripted SQL connector to be able to
>> synchronize users into Syncope. First a remark, I found that the
>> synchronization only worked if I set "auto commit" to true. If it is set to
>> false it somehow keeps old data in memory. Took me quite a while to find
>> out. Perhaps someone can add that to the wiki?
>>
>
> Hi,
> where exactly have you set "auto commit to true"? Which DBMS are you
> working with?
>
>
> And now my real question:
>> I have been trying to syncronize memberships. I have already created my
>> roles, and I want to import users, and assign them to roles, depending on
>> their attributes. Anybody know how to setup the mapping to do this? I could
>> not find any examples. I tried to assign the role name, but that did not
>> work.
>>
>
> Memberships are not handled at all by ConnId, the framework used to deal
> with external resources; only ACCOUNT (e.g. users in Syncope) and GROUP
> (e.g. roles in Syncope).
>
> The LDAP and Active Directory connectors provide a "ldapGroups" attribute
> with special handling, but that's the LDAP and Active Directory connectors,
> not a general framework feature available to all connectors.
>
> The easiest way to implement your requirement is to provide a SyncActions
> implementation that will be triggered upon synchronization from that
> specific resource and can implement the logic to assign users to roles,
> depending on their attributes.
>
> HTH
> Regards.
>
> [1] https://cwiki.apache.org/confluence/display/SYNCOPE/SyncActionsClass
>
> --
> Francesco Chicchiriccò
>
> ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
> http://people.apache.org/~ilgrosso/
>
>
Re: Synchronizing role membership with the scripted SQL connector
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 07/11/2013 15:49, Jesse van Bekkum wrote:
> Hi
>
> I haven been configuring the scripted SQL connector to be able to
> synchronize users into Syncope. First a remark, I found that the
> synchronization only worked if I set "auto commit" to true. If it is
> set to false it somehow keeps old data in memory. Took me quite a
> while to find out. Perhaps someone can add that to the wiki?
Hi,
where exactly have you set "auto commit to true"? Which DBMS are you
working with?
> And now my real question:
> I have been trying to syncronize memberships. I have already created
> my roles, and I want to import users, and assign them to roles,
> depending on their attributes. Anybody know how to setup the mapping
> to do this? I could not find any examples. I tried to assign the role
> name, but that did not work.
Memberships are not handled at all by ConnId, the framework used to deal
with external resources; only ACCOUNT (e.g. users in Syncope) and GROUP
(e.g. roles in Syncope).
The LDAP and Active Directory connectors provide a "ldapGroups"
attribute with special handling, but that's the LDAP and Active
Directory connectors, not a general framework feature available to all
connectors.
The easiest way to implement your requirement is to provide a
SyncActions implementation that will be triggered upon synchronization
from that specific resource and can implement the logic to assign users
to roles, depending on their attributes.
HTH
Regards.
[1] https://cwiki.apache.org/confluence/display/SYNCOPE/SyncActionsClass
--
Francesco Chicchiriccò
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/