You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2014/05/29 17:55:33 UTC
Syncope user domains
How would one model the concept of user domains in Syncope? Let's say you
have two different backends that you synchronize users from + you want to
associate all users from resource A with a domain X, and users from
resource B with a domain Y. Is there any easy way of modelling this?
The only way I can think of is to have a user "domain" attribute. Is there
a way of specifying a resource user mapping though to map a "constant" into
a user attribute, if say the domain name isn't stored in the backend
resource?
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Syncope user domains
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 30/05/2014 12:35, Colm O hEigeartaigh wrote:
> Ah, that's it thanks. A constant must be enclosed by single quotes
> (not double quotes).
Exactly, '' were 2 single quotes actually :-)
Glad this solved.
Regards.
> On Fri, May 30, 2014 at 11:26 AM, Francesco Chicchiriccò
> <ilgrosso@apache.org <ma...@apache.org>> wrote:
>
> On 30/05/2014 12:20, Colm O hEigeartaigh wrote:
>> Thanks Marco! The user template option is a good substitute until
>> we support realms properly. However, I believe I have run into a
>> bug (on trunk) with this. I have a "domain" user String attribute
>> + I added an "ldap-domain" value in the user template. After
>> synchronization, the user has a value of "0" for the attribute,
>> and not "ldap-domain" as expected. Am I doing anything obviously
>> wrong here or will I log a JIRA?
>
> Could you please report exactly the value you put in the user
> template's field? Remember that any field in the user / role
> templates is a JEXL expression, then a constant value must be
> surrounded by ''
>
> Regards.
>
>> On Fri, May 30, 2014 at 9:36 AM, Marco Di Sabatino Di Diodoro
>> <marco.disabatino@tirasa.net
>> <ma...@tirasa.net>> wrote:
>>
>>
>> Il giorno 29/mag/2014, alle ore 17:55, Colm O hEigeartaigh
>> <coheigea@apache.org <ma...@apache.org>> ha scritto:
>>
>>>
>>> How would one model the concept of user domains in Syncope?
>>> Let's say you have two different backends that you
>>> synchronize users from + you want to associate all users
>>> from resource A with a domain X, and users from resource B
>>> with a domain Y. Is there any easy way of modelling this?
>>
>> you can use attributes or roles for modeling the concept of
>> user domains.
>> Maybe in the future it will be possible to model with realms[1].
>>
>>>
>>> The only way I can think of is to have a user "domain"
>>> attribute. Is there a way of specifying a resource user
>>> mapping though to map a "constant" into a user attribute, if
>>> say the domain name isn't stored in the backend resource?
>>
>> You have two options:
>>
>> 1) For each synchronization task you can configure an user
>> template[2]. An user template allows you to set a default
>> value for an attribute.
>> 2) Create an Action Class for each synchronization task.
>>
>> [1] Realm - https://issues.apache.org/jira/browse/SYNCOPE-119
>> [2]
>> https://cwiki.apache.org/confluence/display/SYNCOPE/Synchronize+Active+Directory+with+SQL+database#SynchronizeActiveDirectorywithSQLdatabase-Provideausertemplate
>>
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
Re: Syncope user domains
Posted by Colm O hEigeartaigh <co...@apache.org>.
Ah, that's it thanks. A constant must be enclosed by single quotes (not
double quotes).
Colm.
On Fri, May 30, 2014 at 11:26 AM, Francesco Chicchiriccò <
ilgrosso@apache.org> wrote:
> On 30/05/2014 12:20, Colm O hEigeartaigh wrote:
>
> Thanks Marco! The user template option is a good substitute until we
> support realms properly. However, I believe I have run into a bug (on
> trunk) with this. I have a "domain" user String attribute + I added an
> "ldap-domain" value in the user template. After synchronization, the user
> has a value of "0" for the attribute, and not "ldap-domain" as expected. Am
> I doing anything obviously wrong here or will I log a JIRA?
>
>
> Could you please report exactly the value you put in the user template's
> field? Remember that any field in the user / role templates is a JEXL
> expression, then a constant value must be surrounded by ''
>
> Regards.
>
> On Fri, May 30, 2014 at 9:36 AM, Marco Di Sabatino Di Diodoro <
> marco.disabatino@tirasa.net> wrote:
>
>>
>> Il giorno 29/mag/2014, alle ore 17:55, Colm O hEigeartaigh <
>> coheigea@apache.org> ha scritto:
>>
>>
>> How would one model the concept of user domains in Syncope? Let's say
>> you have two different backends that you synchronize users from + you want
>> to associate all users from resource A with a domain X, and users from
>> resource B with a domain Y. Is there any easy way of modelling this?
>>
>>
>> you can use attributes or roles for modeling the concept of user
>> domains.
>> Maybe in the future it will be possible to model with realms[1].
>>
>>
>> The only way I can think of is to have a user "domain" attribute. Is
>> there a way of specifying a resource user mapping though to map a
>> "constant" into a user attribute, if say the domain name isn't stored in
>> the backend resource?
>>
>>
>> You have two options:
>>
>> 1) For each synchronization task you can configure an user template[2].
>> An user template allows you to set a default value for an attribute.
>> 2) Create an Action Class for each synchronization task.
>>
>> [1] Realm - https://issues.apache.org/jira/browse/SYNCOPE-119
>> [2]
>> https://cwiki.apache.org/confluence/display/SYNCOPE/Synchronize+Active+Directory+with+SQL+database#SynchronizeActiveDirectorywithSQLdatabase-Provideausertemplate
>>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellencehttp://www.tirasa.net/
>
> Involved at The Apache Software Foundation:
> member, Syncope PMC chair, Cocoon PMC, Olingo PMChttp://people.apache.org/~ilgrosso/
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Syncope user domains
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 30/05/2014 12:20, Colm O hEigeartaigh wrote:
> Thanks Marco! The user template option is a good substitute until we
> support realms properly. However, I believe I have run into a bug (on
> trunk) with this. I have a "domain" user String attribute + I added an
> "ldap-domain" value in the user template. After synchronization, the
> user has a value of "0" for the attribute, and not "ldap-domain" as
> expected. Am I doing anything obviously wrong here or will I log a JIRA?
Could you please report exactly the value you put in the user template's
field? Remember that any field in the user / role templates is a JEXL
expression, then a constant value must be surrounded by ''
Regards.
> On Fri, May 30, 2014 at 9:36 AM, Marco Di Sabatino Di Diodoro
> <marco.disabatino@tirasa.net <ma...@tirasa.net>> wrote:
>
>
> Il giorno 29/mag/2014, alle ore 17:55, Colm O hEigeartaigh
> <coheigea@apache.org <ma...@apache.org>> ha scritto:
>
>>
>> How would one model the concept of user domains in Syncope? Let's
>> say you have two different backends that you synchronize users
>> from + you want to associate all users from resource A with a
>> domain X, and users from resource B with a domain Y. Is there
>> any easy way of modelling this?
>
> you can use attributes or roles for modeling the concept of user
> domains.
> Maybe in the future it will be possible to model with realms[1].
>
>>
>> The only way I can think of is to have a user "domain" attribute.
>> Is there a way of specifying a resource user mapping though to
>> map a "constant" into a user attribute, if say the domain name
>> isn't stored in the backend resource?
>
> You have two options:
>
> 1) For each synchronization task you can configure an user
> template[2]. An user template allows you to set a default value
> for an attribute.
> 2) Create an Action Class for each synchronization task.
>
> [1] Realm - https://issues.apache.org/jira/browse/SYNCOPE-119
> [2]
> https://cwiki.apache.org/confluence/display/SYNCOPE/Synchronize+Active+Directory+with+SQL+database#SynchronizeActiveDirectorywithSQLdatabase-Provideausertemplate
>
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
Re: Syncope user domains
Posted by Colm O hEigeartaigh <co...@apache.org>.
Thanks Marco! The user template option is a good substitute until we
support realms properly. However, I believe I have run into a bug (on
trunk) with this. I have a "domain" user String attribute + I added an
"ldap-domain" value in the user template. After synchronization, the user
has a value of "0" for the attribute, and not "ldap-domain" as expected. Am
I doing anything obviously wrong here or will I log a JIRA?
Colm.
On Fri, May 30, 2014 at 9:36 AM, Marco Di Sabatino Di Diodoro <
marco.disabatino@tirasa.net> wrote:
>
> Il giorno 29/mag/2014, alle ore 17:55, Colm O hEigeartaigh <
> coheigea@apache.org> ha scritto:
>
>
> How would one model the concept of user domains in Syncope? Let's say you
> have two different backends that you synchronize users from + you want to
> associate all users from resource A with a domain X, and users from
> resource B with a domain Y. Is there any easy way of modelling this?
>
>
> you can use attributes or roles for modeling the concept of user domains.
> Maybe in the future it will be possible to model with realms[1].
>
>
> The only way I can think of is to have a user "domain" attribute. Is there
> a way of specifying a resource user mapping though to map a "constant" into
> a user attribute, if say the domain name isn't stored in the backend
> resource?
>
>
> You have two options:
>
> 1) For each synchronization task you can configure an user template[2]. An
> user template allows you to set a default value for an attribute.
> 2) Create an Action Class for each synchronization task.
>
> [1] Realm - https://issues.apache.org/jira/browse/SYNCOPE-119
> [2]
> https://cwiki.apache.org/confluence/display/SYNCOPE/Synchronize+Active+Directory+with+SQL+database#SynchronizeActiveDirectorywithSQLdatabase-Provideausertemplate
>
>
> Marco
>
>
> Colm.
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
> --
> Dott. Marco Di Sabatino Di Diodoro
> Tel. +39 3939065570
>
> Tirasa S.r.l.
> Viale D'Annunzio 267 - 65127 Pescara
> Tel +39 0859116307 / FAX +39 0859111173
> http://www.tirasa.net
>
> Apache Syncope PMC Member
> http://people.apache.org/~mdisabatino/
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Syncope user domains
Posted by Marco Di Sabatino Di Diodoro <ma...@tirasa.net>.
Il giorno 29/mag/2014, alle ore 17:55, Colm O hEigeartaigh <co...@apache.org> ha scritto:
>
> How would one model the concept of user domains in Syncope? Let's say you have two different backends that you synchronize users from + you want to associate all users from resource A with a domain X, and users from resource B with a domain Y. Is there any easy way of modelling this?
you can use attributes or roles for modeling the concept of user domains.
Maybe in the future it will be possible to model with realms[1].
>
> The only way I can think of is to have a user "domain" attribute. Is there a way of specifying a resource user mapping though to map a "constant" into a user attribute, if say the domain name isn't stored in the backend resource?
You have two options:
1) For each synchronization task you can configure an user template[2]. An user template allows you to set a default value for an attribute.
2) Create an Action Class for each synchronization task.
[1] Realm - https://issues.apache.org/jira/browse/SYNCOPE-119
[2] https://cwiki.apache.org/confluence/display/SYNCOPE/Synchronize+Active+Directory+with+SQL+database#SynchronizeActiveDirectorywithSQLdatabase-Provideausertemplate
Marco
>
> Colm.
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/