You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by "d.cheremnov" <de...@mail.ru> on 2018/08/10 09:52:03 UTC
How do export users, groups and membership from syncope to extern
DB?
Hi!
1.
Activiti DataBase:
CREATE TABLE IF NOT EXISTS `act_id_user` (
`ID_` varchar(64) COLLATE utf8_bin NOT NULL,
`REV_` int(11) DEFAULT NULL,
`FIRST_` varchar(255) COLLATE utf8_bin DEFAULT NULL,
`LAST_` varchar(255) COLLATE utf8_bin DEFAULT NULL,
`EMAIL_` varchar(255) COLLATE utf8_bin DEFAULT NULL,
`PWD_` varchar(255) COLLATE utf8_bin DEFAULT NULL,
`PICTURE_ID_` varchar(64) COLLATE utf8_bin DEFAULT NULL,
PRIMARY KEY (`ID_`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
CREATE TABLE IF NOT EXISTS `act_id_group` (
`ID_` varchar(64) COLLATE utf8_bin NOT NULL,
`REV_` int(11) DEFAULT NULL,
`NAME_` varchar(255) COLLATE utf8_bin DEFAULT NULL,
`TYPE_` varchar(255) COLLATE utf8_bin DEFAULT NULL,
PRIMARY KEY (`ID_`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
CREATE TABLE IF NOT EXISTS `act_id_membership` (
`USER_ID_` varchar(64) COLLATE utf8_bin NOT NULL,
`GROUP_ID_` varchar(64) COLLATE utf8_bin NOT NULL,
PRIMARY KEY (`USER_ID_`,`GROUP_ID_`),
KEY `ACT_FK_MEMB_GROUP` (`GROUP_ID_`),
CONSTRAINT `ACT_FK_MEMB_GROUP` FOREIGN KEY (`GROUP_ID_`) REFERENCES
`act_id_group` (`ID_`),
CONSTRAINT `ACT_FK_MEMB_USER` FOREIGN KEY (`USER_ID_`) REFERENCES
`act_id_user` (`ID_`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
2.
ActivitiUserDBConnector (users, 'table' connector):
https://gyazo.com/e13dda814cf587deb116a4a344faffe1
3. __ACCOUNT__ provision rules (users resource):
https://gyazo.com/387f96a1a4ef597fdb67bc2859d0451e
4.
I added 2 users on the syncode and do Push:
https://gyazo.com/421bdd80f3089c14d8856c4e4f7f8bfb
Question:
1. How to export 'password' field to `act_id_user` table ?
2. Exists groups. I can export the groups to `act_id_group` table, uses
'scriptedsql' connector?
3. How to export an 'user-group' membership to `act_id_membership` table?
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: How do export users, groups and membership from syncope to
extern DB?
Posted by "d.cheremnov" <de...@mail.ru>.
I read doc and
http://syncope-user.1051894.n5.nabble.com/Re-Null-password-td5709805.html
but I need to send the encrypted password from the syncope to the extern
database ...
Best regards,
Dmitriy Cheremnov
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: How do export users, groups and membership from syncope to
extern DB?
Posted by "d.cheremnov" <de...@mail.ru>.
7) ActivitiSchemaScript.groovy:
log.info("Entering "+action+" Script");
// Declare the __ACCOUNT__ attributes
// Make the uid required
uidAIB = new AttributeInfoBuilder("ID_",String.class);
uidAIB.setRequired(true);
accAttrsInfo = new HashSet<AttributeInfo>();
accAttrsInfo.add(uidAIB.build());
accAttrsInfo.add(AttributeInfoBuilder.build("FIRST_", String.class));
accAttrsInfo.add(AttributeInfoBuilder.build("LAST_", String.class));
accAttrsInfo.add(AttributeInfoBuilder.build("EMAIL_", String.class));
accAttrsInfo.add(AttributeInfoBuilder.build("PWD_", String.class));
// Create the __ACCOUNT__ Object class
final ObjectClassInfo ociAccount = new
ObjectClassInfoBuilder().setType("__ACCOUNT__").addAllAttributeInfo(accAttrsInfo).build();
builder.defineObjectClass(ociAccount);
// Declare the __GROUP__ attributes
// Make the gid required
gidAIB = new AttributeInfoBuilder("ID_",String.class);
gidAIB.setRequired(true);
grpAttrsInfo = new HashSet<AttributeInfo>();
grpAttrsInfo.add(gidAIB.build());
grpAttrsInfo.add(AttributeInfoBuilder.build("NAME_", String.class));
// Create the __GROUP__ Object class
final ObjectClassInfo ociGroup = new
ObjectClassInfoBuilder().setType("__GROUP__").addAllAttributeInfo(grpAttrsInfo).build();
builder.defineObjectClass(ociGroup);
log.info("Schema script done");
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: How do export users, groups and membership from syncope to
extern DB?
Posted by "d.cheremnov" <de...@mail.ru>.
Hi, Andrea!
Thank you!
1) Connection
https://gyazo.com/d25aca2f48287371177d5c6213f7b9f1
>>please add a mapping for the USER password in the (flag the field as
>>password attribute).
2) Resource - User provision
https://gyazo.com/3e9edde7a20ac748964a0538c3d7af76
>>Moreover assign DBPasswordPropagationActions to the resource sued to
>>propagate users. Then you should find "password" variable populated in
>>the groovy scripts.
3) Resource
https://gyazo.com/2a4f2df6abc89ffbddef49d1dcb075ec?token=7190100397f6510ddc166361f95eba43
4) ActivitiCreateScript.groovy:
log.info("Entering " + action + " Script");
def sql = new Sql(connection);
switch (objectClass) {
case "__ACCOUNT__":
def storeUsers = sql.rows("SELECT ID_ FROM act_id_user WHERE ID_=
?", [id])
if (storeUsers.size() == 0) {
log.info("Create new user. Attributes: " + attributes);
def firstnameAttributes = attributes.get("FIRST_");
def lastnameAttributes = attributes.get("LAST_");
def emailAttributes = attributes.get("EMAIL_");
//def passwordAttributes = attributes.get("PASSWORD");
sql.execute("INSERT INTO act_id_user
(ID_,REV_,FIRST_,LAST_,EMAIL_,PWD_) values (?,?,?,?,?,?)",
[
id,
1,
firstnameAttributes.isEmpty() ? null :
firstnameAttributes.get(0),
lastnameAttributes.isEmpty() ? null :
lastnameAttributes.get(0),
emailAttributes.isEmpty() ? null :
emailAttributes.get(0),
//passwordAttributes.isEmpty() ? null :
passwordAttributes.get(0)
password
]);
} else {
def logMessage = "Exists user. ID_: " + id;
log.info(logMessage);
throw new Exception(logMessage);
}
break
case "__GROUP__":
def storeGroups = sql.rows("SELECT ID_ FROM act_id_group WHERE ID_=
?", [id])
if (storeGroups.size() == 0) {
log.info("Create new group. Attributes: " + attributes);
def nameAttributes = attributes.get("NAME_");
def typeAttributes = attributes.get("TYPE_");
sql.execute("INSERT INTO act_id_group (ID_,REV_,NAME_,TYPE_)
values (?,?,?,?)",
[
id,
1,
nameAttributes.isEmpty() ? null :
nameAttributes.get(0),
typeAttributes.isEmpty() ? null :
typeAttributes.get(0)
]);
} else {
def logMessage = "Exists group. ID_: " + id;
log.info(logMessage);
throw new Exception(logMessage);
}
break
default:
id;
}
return id;
5) Result of push:
https://gyazo.com/8850d539a0111e3bff3f1eb329551eb8
PWD_ = null :(
I created:
public class MyDBPasswordPropagationActions implements PropagationActions {
private static final String PASSWORD_NAME = "PASSWORD";
@Autowired
private UserDAO userDAO;
@Transactional(readOnly = true)
@Override
public void before(final PropagationTask task, final ConnectorObject
beforeObj) {
if (AnyTypeKind.USER == task.getAnyTypeKind()) {
User user = userDAO.find(task.getEntityKey());
if (user != null && user.getPassword() != null &&
user.getCipherAlgorithm() != null) {
Attribute passwordAttribute =
AttributeBuilder.build(PASSWORD_NAME, user.getPassword());
Set<Attribute> attributes = new
HashSet<>(task.getAttributes());
attributes.add(passwordAttribute);
task.setAttributes(attributes);
}
}
}
}
and get password:
def passwordAttributes = attributes.get("PASSWORD");
It works... :)
Best regards,
Dmitry
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: How do export users, groups and membership from syncope to extern
DB?
Posted by Andrea Patricelli <an...@apache.org>.
Hi,
please add a mapping for the USER password in the (flag the field as
password attribute).
Moreover assign DBPasswordPropagationActions to the resource sued to
propagate users. Then you should find "password" variable populated in
the groovy scripts.
Best regards,
Andrea
Il 12/08/2018 06:57, d.cheremnov ha scritto:
> Thank you!
>
>>> Please take a look at [1]. Especially to commented description:
>>> "password: password string, clear text".
>>> N.B. If you want to enable cleartext passwords please flag
>>> clearTextPasswordToScript in connector configuration.
> 0)
> Parameter
> password.cipher.algorithm = [BCRYPT]
>
> https://gyazo.com/d25dc0e11c788ad004f8bb2a483b5c02
>
> 1)
> Connector (scriptedsql):
>
> https://gyazo.com/34ed370b64e9eb21581c32d6c3622357
>
> 2)
> Resource:
>
> https://gyazo.com/8394ce3f9a4dc7310cd1cfa853d2c013
>
> 3)
> User provision:
>
> https://gyazo.com/6fd7a2100c5479064e338c1adced4989
>
> 4)
> Push task:
>
> https://gyazo.com/b2da710a39aad58611942bedd529f2ae
>
> 5)
> ActivitiCreateScript.groovy:
>
> log.info("Entering " + action + " Script. attributes: " + attributes);
> def sql = new Sql(connection);
> def firstnameAttributes = attributes.get("FIRST_");
> def lastnameAttributes = attributes.get("LAST_");
> def emailAttributes = attributes.get("EMAIL_");
> //def pwdAttributes = attributes.get("__HASHED_PASSWORD__");
>
> switch ( objectClass ) {
> case "__ACCOUNT__":
> sql.execute("INSERT INTO act_id_user (ID_,REV_,FIRST_,LAST_,EMAIL_,PWD_)
> values (?,?,?,?,?,?)",
> [
> id,
> 1,
> firstnameAttributes.isEmpty() ? null : firstnameAttributes.get(0),
> lastnameAttributes.isEmpty() ? null : lastnameAttributes.get(0),
> emailAttributes.isEmpty() ? null : emailAttributes.get(0),
> password
> ])
> break
>
> case "__GROUP__":
> log.info("Create new group...");
> break
>
> default:
> id;
> }
> return id;
>
> 6) Result of push task:
>
> https://gyazo.com/b7c677f7c5f708cdc3f28af7fbe10a91
>
> https://gyazo.com/7bcbf9a34383ffb761a0556881f5fa96
>
> but password and PWD_ = null
>
>
>
>
> --
> Sent from: http://syncope-user.1051894.n5.nabble.com/
--
Dott. Andrea Patricelli
Tel. +39 3204524292
Developer @ Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
Re: How do export users, groups and membership from syncope to
extern DB?
Posted by "d.cheremnov" <de...@mail.ru>.
Thank you!
>>Please take a look at [1]. Especially to commented description:
>>"password: password string, clear text".
>>N.B. If you want to enable cleartext passwords please flag
>>clearTextPasswordToScript in connector configuration.
0)
Parameter
password.cipher.algorithm = [BCRYPT]
https://gyazo.com/d25dc0e11c788ad004f8bb2a483b5c02
1)
Connector (scriptedsql):
https://gyazo.com/34ed370b64e9eb21581c32d6c3622357
2)
Resource:
https://gyazo.com/8394ce3f9a4dc7310cd1cfa853d2c013
3)
User provision:
https://gyazo.com/6fd7a2100c5479064e338c1adced4989
4)
Push task:
https://gyazo.com/b2da710a39aad58611942bedd529f2ae
5)
ActivitiCreateScript.groovy:
log.info("Entering " + action + " Script. attributes: " + attributes);
def sql = new Sql(connection);
def firstnameAttributes = attributes.get("FIRST_");
def lastnameAttributes = attributes.get("LAST_");
def emailAttributes = attributes.get("EMAIL_");
//def pwdAttributes = attributes.get("__HASHED_PASSWORD__");
switch ( objectClass ) {
case "__ACCOUNT__":
sql.execute("INSERT INTO act_id_user (ID_,REV_,FIRST_,LAST_,EMAIL_,PWD_)
values (?,?,?,?,?,?)",
[
id,
1,
firstnameAttributes.isEmpty() ? null : firstnameAttributes.get(0),
lastnameAttributes.isEmpty() ? null : lastnameAttributes.get(0),
emailAttributes.isEmpty() ? null : emailAttributes.get(0),
password
])
break
case "__GROUP__":
log.info("Create new group...");
break
default:
id;
}
return id;
6) Result of push task:
https://gyazo.com/b7c677f7c5f708cdc3f28af7fbe10a91
https://gyazo.com/7bcbf9a34383ffb761a0556881f5fa96
but password and PWD_ = null
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: How do export users, groups and membership from syncope to
extern DB?
Posted by "d.cheremnov" <de...@mail.ru>.
Hi!
>>Do you want to propagate users to an external SQL database right?
Yes.
We want to create/edit/delete users, groups, membership in syncope and
export to external databases.
We are ready to use customization
(http://syncope.apache.org/docs/getting-started.html#maven-project).
We can create if required "...Action" classes or Groove scripts.
>>Which version of Syncope are you running?
v 2.1
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: How do export users, groups and membership from syncope to extern
DB?
Posted by Andrea Patricelli <an...@apache.org>.
Hi,
Do you want to propagate users to an external SQL database right?
Which version of Syncope are you running?
Il 10/08/2018 11:52, d.cheremnov ha scritto:
> Hi!
>
> 1.
> Activiti DataBase:
>
> CREATE TABLE IF NOT EXISTS `act_id_user` (
> `ID_` varchar(64) COLLATE utf8_bin NOT NULL,
> `REV_` int(11) DEFAULT NULL,
> `FIRST_` varchar(255) COLLATE utf8_bin DEFAULT NULL,
> `LAST_` varchar(255) COLLATE utf8_bin DEFAULT NULL,
> `EMAIL_` varchar(255) COLLATE utf8_bin DEFAULT NULL,
> `PWD_` varchar(255) COLLATE utf8_bin DEFAULT NULL,
> `PICTURE_ID_` varchar(64) COLLATE utf8_bin DEFAULT NULL,
> PRIMARY KEY (`ID_`)
> ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
>
> CREATE TABLE IF NOT EXISTS `act_id_group` (
> `ID_` varchar(64) COLLATE utf8_bin NOT NULL,
> `REV_` int(11) DEFAULT NULL,
> `NAME_` varchar(255) COLLATE utf8_bin DEFAULT NULL,
> `TYPE_` varchar(255) COLLATE utf8_bin DEFAULT NULL,
> PRIMARY KEY (`ID_`)
> ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
>
>
> CREATE TABLE IF NOT EXISTS `act_id_membership` (
> `USER_ID_` varchar(64) COLLATE utf8_bin NOT NULL,
> `GROUP_ID_` varchar(64) COLLATE utf8_bin NOT NULL,
> PRIMARY KEY (`USER_ID_`,`GROUP_ID_`),
> KEY `ACT_FK_MEMB_GROUP` (`GROUP_ID_`),
> CONSTRAINT `ACT_FK_MEMB_GROUP` FOREIGN KEY (`GROUP_ID_`) REFERENCES
> `act_id_group` (`ID_`),
> CONSTRAINT `ACT_FK_MEMB_USER` FOREIGN KEY (`USER_ID_`) REFERENCES
> `act_id_user` (`ID_`)
> ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
>
> 2.
> ActivitiUserDBConnector (users, 'table' connector):
>
> https://gyazo.com/e13dda814cf587deb116a4a344faffe1
>
> 3. __ACCOUNT__ provision rules (users resource):
>
> https://gyazo.com/387f96a1a4ef597fdb67bc2859d0451e
>
> 4.
>
> I added 2 users on the syncode and do Push:
>
> https://gyazo.com/421bdd80f3089c14d8856c4e4f7f8bfb
>
>
>
> Question:
>
> 1. How to export 'password' field to `act_id_user` table ?
Please take a look at [1]. Especially to commented description:
"password: password string, clear text".
N.B. If you want to enable cleartext passwords please flag
clearTextPasswordToScript in connector configuration.
>
> 2. Exists groups. I can export the groups to `act_id_group` table, use
> 'scriptedsql' connector?
Yes you can. By properly managing objectClass in Groovy script.
>
> 3. How to export an 'user-group' membership to `act_id_membership` table?
You need a custom PropagationActions, something like [2].
In this custom action you have to implement the "before" method where
you can, for example, create your own connid attribute to pass to groovy
scripts, say __MEMBERSHIPS__. In __MEMBERSHIPS__ you can pass list of
the groups of the user and then use this attribute in the groovy script
(see examples in the code at [1]) in order to populate act_id_membership
table.
>
> --
> Sent from: http://syncope-user.1051894.n5.nabble.com/
HTH,
Andrea
[1]
https://github.com/apache/syncope/blob/2_0_X/fit/core-reference/src/test/resources/scriptedsql/CreateScript.groovy
[2]
https://github.com/apache/syncope/blob/2_0_X/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/LDAPMembershipPropagationActions.java
--
Dott. Andrea Patricelli
Tel. +39 3204524292
Developer @ Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member