You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@syncope.apache.org by Jesse van Bekkum <be...@gmail.com> on 2013/11/07 15:49:44 UTC

Synchronizing role membership with the scripted SQL connector

Hi

I haven been configuring the scripted SQL connector to be able to
synchronize users into Syncope. First a remark, I found that the
synchronization only worked if I set "auto commit" to true. If it is set to
false it somehow keeps old data in memory. Took me quite a while to find
out. Perhaps someone can add that to the wiki?

And now my real question:
I have been trying to syncronize memberships. I have already created my
roles, and I want to import users, and assign them to roles, depending on
their attributes. Anybody know how to setup the mapping to do this? I could
not find any examples. I tried to assign the role name, but that did not
work.

With kind regards

Jesse van Bekkum
iWelcome

Re: Synchronizing role membership with the scripted SQL connector

Posted by Francesco Chicchiriccò <il...@apache.org>.

On 08/11/2013 09:22, Jesse van Bekkum wrote:
> Thanks Francesco
>
> The auto-commit feature is in the configuration tab of the connector. 
> I am using MySQL.
>
> When it was switched off, all my select queries gave data of the 
> database situation of the first time a query was executed, and not the 
> data as it is currently.

Understood: guess the best place for such information is page [2]: 
please start a new thread on connid-dev@googlegroups.com for this, thanks.

Regards.

> About the group membership: a pity that that is not supported. I'll 
> look at the sync actions class
>
> Jesse
>
>
> On 8 November 2013 08:58, Francesco Chicchiriccò <ilgrosso@apache.org 
> <ma...@apache.org>> wrote:
>
>     On 07/11/2013 15:49, Jesse van Bekkum wrote:
>
>         Hi
>
>         I haven been configuring the scripted SQL connector to be able
>         to synchronize users into Syncope. First a remark, I found
>         that the synchronization only worked if I set "auto commit" to
>         true. If it is set to false it somehow keeps old data in
>         memory. Took me quite a while to find out. Perhaps someone can
>         add that to the wiki?
>
>
>     Hi,
>     where exactly have you set "auto commit to true"? Which DBMS are
>     you working with?
>
>
>         And now my real question:
>         I have been trying to syncronize memberships. I have already
>         created my roles, and I want to import users, and assign them
>         to roles, depending on their attributes. Anybody know how to
>         setup the mapping to do this? I could not find any examples. I
>         tried to assign the role name, but that did not work.
>
>
>     Memberships are not handled at all by ConnId, the framework used
>     to deal with external resources; only ACCOUNT (e.g. users in
>     Syncope) and GROUP (e.g. roles in Syncope).
>
>     The LDAP and Active Directory connectors provide a "ldapGroups"
>     attribute with special handling, but that's the LDAP and Active
>     Directory connectors, not a general framework feature available to
>     all connectors.
>
>     The easiest way to implement your requirement is to provide a
>     SyncActions implementation that will be triggered upon
>     synchronization from that specific resource and can implement the
>     logic to assign users to roles, depending on their attributes.
>
>     HTH
>     Regards.
>
>     [1]
>     https://cwiki.apache.org/confluence/display/SYNCOPE/SyncActionsClass
>
[2] https://connid.atlassian.net/wiki/display/BASE/Database+Table

-- 
Francesco Chicchiriccò

ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/

Re: Synchronizing role membership with the scripted SQL connector

Posted by Jesse van Bekkum <be...@gmail.com>.

Thanks Francesco

The auto-commit feature is in the configuration tab of the connector. I am
using MySQL.

When it was switched off, all my select queries gave data of the database
situation of the first time a query was executed, and not the data as it is
currently.

About the group membership: a pity that that is not supported. I'll look at
the sync actions class

Jesse


On 8 November 2013 08:58, Francesco Chicchiriccò <il...@apache.org>wrote:

> On 07/11/2013 15:49, Jesse van Bekkum wrote:
>
>> Hi
>>
>> I haven been configuring the scripted SQL connector to be able to
>> synchronize users into Syncope. First a remark, I found that the
>> synchronization only worked if I set "auto commit" to true. If it is set to
>> false it somehow keeps old data in memory. Took me quite a while to find
>> out. Perhaps someone can add that to the wiki?
>>
>
> Hi,
> where exactly have you set "auto commit to true"? Which DBMS are you
> working with?
>
>
>  And now my real question:
>> I have been trying to syncronize memberships. I have already created my
>> roles, and I want to import users, and assign them to roles, depending on
>> their attributes. Anybody know how to setup the mapping to do this? I could
>> not find any examples. I tried to assign the role name, but that did not
>> work.
>>
>
> Memberships are not handled at all by ConnId, the framework used to deal
> with external resources; only ACCOUNT (e.g. users in Syncope) and GROUP
> (e.g. roles in Syncope).
>
> The LDAP and Active Directory connectors provide a "ldapGroups" attribute
> with special handling, but that's the LDAP and Active Directory connectors,
> not a general framework feature available to all connectors.
>
> The easiest way to implement your requirement is to provide a SyncActions
> implementation that will be triggered upon synchronization from that
> specific resource and can implement the logic to assign users to roles,
> depending on their attributes.
>
> HTH
> Regards.
>
> [1] https://cwiki.apache.org/confluence/display/SYNCOPE/SyncActionsClass
>
> --
> Francesco Chicchiriccò
>
> ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
> http://people.apache.org/~ilgrosso/
>
>

Re: Synchronizing role membership with the scripted SQL connector

Posted by Francesco Chicchiriccò <il...@apache.org>.

On 07/11/2013 15:49, Jesse van Bekkum wrote:
> Hi
>
> I haven been configuring the scripted SQL connector to be able to 
> synchronize users into Syncope. First a remark, I found that the 
> synchronization only worked if I set "auto commit" to true. If it is 
> set to false it somehow keeps old data in memory. Took me quite a 
> while to find out. Perhaps someone can add that to the wiki?

Hi,
where exactly have you set "auto commit to true"? Which DBMS are you 
working with?

> And now my real question:
> I have been trying to syncronize memberships. I have already created 
> my roles, and I want to import users, and assign them to roles, 
> depending on their attributes. Anybody know how to setup the mapping 
> to do this? I could not find any examples. I tried to assign the role 
> name, but that did not work.

Memberships are not handled at all by ConnId, the framework used to deal 
with external resources; only ACCOUNT (e.g. users in Syncope) and GROUP 
(e.g. roles in Syncope).

The LDAP and Active Directory connectors provide a "ldapGroups" 
attribute with special handling, but that's the LDAP and Active 
Directory connectors, not a general framework feature available to all 
connectors.

The easiest way to implement your requirement is to provide a 
SyncActions implementation that will be triggered upon synchronization 
from that specific resource and can implement the logic to assign users 
to roles, depending on their attributes.

HTH
Regards.

[1] https://cwiki.apache.org/confluence/display/SYNCOPE/SyncActionsClass

-- 
Francesco Chicchiriccò

ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/