You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by "Ben.H" <be...@accenturefederal.com> on 2018/09/26 15:29:04 UTC
Mapping external resource with ACCOUNT and GROUP data
My setup:
I have users who are assigned groups, and the groups have anytime extensions
on them so that when I add a group to a user I have to enter the groups
extended data for that user.
I am trying to persist user data to an external database. I need to store
the account/user data in one table, which works fine, as all the fields are
in the account object class. However, I also need to store the groups and
there extended information in a separate table; username, groupname, and
group associated data. However I seem to be able to only map data from
ACCOUNT or GROUP but not the extension data for the groups.
The only work around I have been able to find is I can map group information
as long as I call out each group by name (i.e.
memberships[groupname].attribute). This means for each group and anytime a
group is added I would have to add fields to the mapping as well as updating
the scripts.
Any help would be appreciated.
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Mapping external resource with ACCOUNT and GROUP data
Posted by roccom <fo...@gmail.com>.
Hi,
I have updated my groovy script pull action to use the code in 2.1.2 version
of LDAPMembershipPullActions but I am still having compilation issues. Here
is my groovy script for the pull action implementation.
pullImplementation.groovy
<http://syncope-user.1051894.n5.nabble.com/file/t339152/pullImplementation.groovy>
From core.log after running a pull action:
WARN org.apache.syncope.core.provisioning.api.job.SchedTaskJobDelegate -
While building JPAImplementation[groovy_membership_pull2]
org.codehaus.groovy.control.MultipleCompilationErrorsException: startup
failed:
script1583340431938380385395.groovy: 138: [Static type checking] - Cannot
find matching method
org.apache.syncope.core.provisioning.java.pushpull.SchedulingPullActions#beforeUpdate(org.apache.syncope.core.provisioning.api.pushpull.ProvisioningProfile,
org.identityconnectors.framework.common.objects.SyncDelta,
<UnionType:org.apache.syncope.common.lib.to.EntityTO+org.apache.syncope.common.lib.to.GroupTO>,
org.apache.syncope.common.lib.patch.AnyPatch). Please check if the declared
type is correct and if the method exists.
@ line 138, column 13.
super.beforeUpdate(profile, delta, entity, anyPatch);
^
script1583340431938380385395.groovy: 143: [Static type checking] - Cannot
find matching method java.lang.Object#getLeftEnd(). Please check if the
declared type is correct and if the method exists.
@ line 143, column 76.
ore.get(uMembership.getLeftEnd().getKey(
^
script1583340431938380385395.groovy: 143: [Static type checking] - Cannot
find matching method java.lang.Object#getKey(). Please check if the declared
type is correct and if the method exists.
@ line 143, column 54.
memb = membershipsBefore.get(uMembershi
^
script1583340431938380385395.groovy: 146: [Static type checking] - Cannot
find matching method java.lang.Object#getLeftEnd(). Please check if the
declared type is correct and if the method exists.
@ line 146, column 61.
ore.put(uMembership.getLeftEnd().getKey(
^
script1583340431938380385395.groovy: 146: [Static type checking] - Cannot
find matching method java.lang.Object#getKey(). Please check if the declared
type is correct and if the method exists.
@ line 146, column 39.
membershipsBefore.put(uMembership.getLeftEnd().getKey(),
memb);
^
script1583340431938380385395.groovy: 146: [Static type checking] - Cannot
find matching method java.util.Map#put(java.lang.Object, java.util.HashSet
<java.lang.String>). Please check if the declared type is correct and if the
method exists.
@ line 146, column 17.
membershipsBefore.put(uMembership.getLeftEnd().getKey(),
memb);
^
6 errors
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Mapping external resource with ACCOUNT and GROUP data
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 26/02/20 22:56, roccom wrote:
> Francesco,
> Thank you! This was very helpful. You are correct as well on the pull action
> vs propagation. I believe that is what I am after. I have created a custom
> pull action under implementations (groovy). Using that template I have added
> onto it referencing the LDAPMembershipPullActions [1]. I added import
> statements as appropriate but I am getting compile errors in core.log:
>
> org.codehaus.groovy.control.MultipleCompilationErrorsException: startup
> failed:
> script15827445377161608855174.groovy: 28: unable to resolve class
> org.apache.syncope.core.persistence.api.dao.PullMatch
> @ line 28, column 1.
> import org.apache.syncope.core.persistence.api.dao.PullMatch;
> ^
>
> script15827445377161608855174.groovy: 38: unable to resolve class
> org.apache.syncope.core.provisioning.java.pushpull.InboundMatcher
> @ line 38, column 1.
> import org.apache.syncope.core.provisioning.java.pushpull.InboundMatcher;
> ^
>
> I am using syncope version 2.1.2. Are these classes in this version or do I
> need to be using latest code instead (2.1.5 I believe)?...Or am I missing
> something else?
Hi,
if you are using Syncope 2.1.2, then the class version is
https://github.com/apache/syncope/blob/syncope-2.1.2/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/pushpull/LDAPMembershipPullActions.java
I would suggest anyway to migrate to latest stable 2.1.5 - for which you should look at
https://github.com/apache/syncope/blob/syncope-2.1.5/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/pushpull/LDAPMembershipPullActions.java
instead.
HTH
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: Mapping external resource with ACCOUNT and GROUP data
Posted by roccom <fo...@gmail.com>.
Francesco,
Thank you! This was very helpful. You are correct as well on the pull action
vs propagation. I believe that is what I am after. I have created a custom
pull action under implementations (groovy). Using that template I have added
onto it referencing the LDAPMembershipPullActions [1]. I added import
statements as appropriate but I am getting compile errors in core.log:
org.codehaus.groovy.control.MultipleCompilationErrorsException: startup
failed:
script15827445377161608855174.groovy: 28: unable to resolve class
org.apache.syncope.core.persistence.api.dao.PullMatch
@ line 28, column 1.
import org.apache.syncope.core.persistence.api.dao.PullMatch;
^
script15827445377161608855174.groovy: 38: unable to resolve class
org.apache.syncope.core.provisioning.java.pushpull.InboundMatcher
@ line 38, column 1.
import org.apache.syncope.core.provisioning.java.pushpull.InboundMatcher;
^
I am using syncope version 2.1.2. Are these classes in this version or do I
need to be using latest code instead (2.1.5 I believe)?...Or am I missing
something else?
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Mapping external resource with ACCOUNT and GROUP data
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 21/02/20 19:29, roccom wrote:
> I am wanting to accomplish pretty much the same thing. I have users being
> pulled in via the rest connector but I want to have groups/memberships
> created at that time. Francesco, I cannot access this link
> https://paste.apache.org/bpe4. Could you post it again?
Hi,
sorry but I don't retain the content of the link above, which seems to be expired now.
This thread is about propagating membership, but it seems you are instead interested in *pulling* memberships, so maybe you can have a look at [1], which is a sample implementation for the LDAP case.
In the context of the thread, e.g. "(with propagation actions) you can look at the user being propagated, and enrich
the set of attributes that were prepared by looking at the mapping" I can think of some sample code to place into the before() method of a PropagationActions [2] implementation - see
https://gist.github.com/ilgrosso/8abc6fd129d48441a40298213d098b77
for an example.
HTH
Regards.
[1] https://github.com/apache/syncope/blob/2_1_X/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/pushpull/LDAPMembershipPullActions.java
[2] http://syncope.apache.org/docs/reference-guide.html#propagationactions
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: Mapping external resource with ACCOUNT and GROUP data
Posted by roccom <fo...@gmail.com>.
I am wanting to accomplish pretty much the same thing. I have users being
pulled in via the rest connector but I want to have groups/memberships
created at that time. Francesco, I cannot access this link
https://paste.apache.org/bpe4. Could you post it again?
Thanks!
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Mapping external resource with ACCOUNT and GROUP data
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 28/09/2018 16:53, Ben.H wrote:
> That seems to be working perfectly. Thank you very much. This was killing
> me trying to figure out how to access the memberships.
Glad it worked.
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: Mapping external resource with ACCOUNT and GROUP data
Posted by "Ben.H" <be...@accenturefederal.com>.
That seems to be working perfectly. Thank you very much. This was killing
me trying to figure out how to access the memberships.
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Mapping external resource with ACCOUNT and GROUP data
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 27/09/2018 17:57, Ben.H wrote:
> I've looked into a custom propagation action before, and I took another look
> again. However, the task being passed in only seems to have the attributes
> that have already been mapped, not the memberships.
Of course.
The point is that you can look at the user being propagated, and enrich
the set of attributes that were prepared by looking at the mapping.
A possible implementation of such idea is reported at
https://paste.apache.org/bpe4
> In addition, the connectorObject seems to be null.
Yep, this is normal before create; the name is 'beforeObj', e.g. the
remote object on the resource before the propagation takes place: since
it is null, Syncope will issue a CREATE operation against the External
Resource, conversely it would have issued an UPDATE.
> The problem is that I don't want to map membership attributes directly, because I would have to keep adding to the
> list of mappings as the groups change over time. I'd like to be able to get the account/user object somewhere and persist all groups and their corresponding attributes dynamically.
This is what I show in the example linked above.
HTH
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: Mapping external resource with ACCOUNT and GROUP data
Posted by "Ben.H" <be...@accenturefederal.com>.
I've looked into a custom propagation action before, and I took another look
again. However, the task being passed in only seems to have the attributes
that have already been mapped, not the memberships. In addition, the
connectorObject seems to be null. The problem is that I don't want to map
membership attributes directly, because I would have to keep adding to the
list of mappings as the groups change over time. I'd like to be able to get
the account/user object somewhere and persist all groups and their
corresponding attributes dynamically.
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Mapping external resource with ACCOUNT and GROUP data
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 26/09/2018 17:29, Ben.H wrote:
> My setup:
> I have users who are assigned groups, and the groups have anytime extensions
> on them so that when I add a group to a user I have to enter the groups
> extended data for that user.
>
> I am trying to persist user data to an external database. I need to store
> the account/user data in one table, which works fine, as all the fields are
> in the account object class. However, I also need to store the groups and
> there extended information in a separate table; username, groupname, and
> group associated data. However I seem to be able to only map data from
> ACCOUNT or GROUP but not the extension data for the groups.
>
> The only work around I have been able to find is I can map group information
> as long as I call out each group by name (i.e.
> memberships[groupname].attribute). This means for each group and anytime a
> group is added I would have to add fields to the mapping as well as updating
> the scripts.
>
> Any help would be appreciated.
Hi Ben,
glad of your interest in Apache Syncope.
It seems that you are already able to:
1. define group memberships [1] and their attributes in Syncope via Type
Extensions [2]
2. map membership attributes to an external database via expressions
like as 'memberships[groupname].schema' in your mapping [3]
3. put the Scripted SQL connector at work - which involves authoring
some Groovy scripts
Cool :-)
As you have already discovered, mapping information is a static list of
items: here's why you say
> for each group and anytime a group is added I would have to add fields to the mapping as well
To overcome such a limitation, you can empower PropagationActions [4]:
more specifically, in the before() method, you can inject the logic to
dynamically enrich the set of attributes sent to the connector depending
on the memberships assigned to the user being propagated.
HTH
Regards.
[1]
http://syncope.apache.org/docs/reference-guide.html#memberships-relationships
[2] http://syncope.apache.org/docs/reference-guide.html#type-extensions
[3] http://syncope.apache.org/docs/reference-guide.html#mapping
[4] http://syncope.apache.org/docs/reference-guide.html#propagationactions
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/