You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Lukas Funk <Lu...@united-security-providers.ch> on 2018/03/02 12:16:33 UTC
ActiveDirectory group provisioning userowner to managedby
Hi
I'm fairly new to syncope but with the help to the various documentation, examples and the blog I got quite far being able to propagate users, groups and memberships from syncope to active directory.
Now, I'm facing the problem how to map the groups' userowner to the active directory attribute managedBy.
Are there any resources around which explains this how this can be solved?
Your help is much appreciated.
Regards, Lukas Funk
RE: ActiveDirectory group provisioning userowner to managedby
Posted by Lukas Funk <Lu...@united-security-providers.ch>.
Hi Marco
I'll try your suggestion. Thanks for the guidance. I'll let you know if I succeeded
Regards, Lukas
From: Marco Di Sabatino Di Diodoro [mailto:marco.disabatino@tirasa.net]
Sent: Friday, March 2, 2018 3:40 PM
To: user@syncope.apache.org; Funk, Lukas <Lu...@united-security-providers.ch>
Subject: Re: ActiveDirectory group provisioning userowner to managedby
Hi,
Il 02/03/2018 13:16, Lukas Funk ha scritto:
Hi
I'm fairly new to syncope but with the help to the various documentation, examples and the blog I got quite far being able to propagate users, groups and memberships from syncope to active directory.
Fine.
Now, I'm facing the problem how to map the groups' userowner to the active directory attribute managedBy.
Are there any resources around which explains this how this can be solved?
To be able to populate an owner on a group of AD you need to implement a propagation action that enhances the "managedBy" attribute. So inside the propagation action of a group:
1. read the owner of the group and derive the DN of the user
2. assign the DN to managedBy attribute
To derive the dn of the user you can take a look at [1], where it is done for groups.
Regards
M
[1] https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/LDAPMembershipPropagationActions.java
Your help is much appreciated.
Regards, Lukas Funk
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/<http://people.apache.org/%7Emdisabatino/>
Re: ActiveDirectory group provisioning userowner to managedby
Posted by Marco Di Sabatino Di Diodoro <ma...@tirasa.net>.
Hi,
Il 02/03/2018 13:16, Lukas Funk ha scritto:
>
> Hi
>
> I’m fairly new to syncope but with the help to the various
> documentation, examples and the blog I got quite far being able to
> propagate users, groups and memberships from syncope to active directory.
>
Fine.
>
> Now, I’m facing the problem how to map the groups’ userowner to the
> active directory attribute managedBy.
>
> Are there any resources around which explains this how this can be solved?
>
To be able to populate an owner on a group of AD you need to implement a
propagation action that enhances the "managedBy" attribute. So inside
the propagation action of a group:
1. read the owner of the group and derive the DN of the user
2. assign the DN to managedBy attribute
To derive the dn of the user you can take a look at [1], where it is
done for groups.
Regards
M
[1]
https://github.com/apache/syncope/blob/master/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/LDAPMembershipPropagationActions.java
> Your help is much appreciated.
>
> Regards, Lukas Funk
>
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/