You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Francesco Chicchiriccò <il...@apache.org> on 2017/03/01 13:40:35 UTC
Re: Assign group to user from DB
Hi,
are you sure that you are using the Scripted SQL connector?
The Database Table connector, in fact, only provides support for the
__ACCOUNT__ ObjectClass, e.g. only for users, as suggested by the error
below.
In order to use the Scripted SQL connector, you must also provide the
adequate Groovy scripts matching your own database schema; some samples
can be found under the
core/src/test/resources/scriptedsql
directory of your generated Maven project.
HTH
Regards.
On 27/02/2017 17:47, Tech wrote:
>
> Hello,
>
> coming back to this point: we prepared the code to integrate the group
> propagation from a DB to Syncope but we encountered some problems.
>
> Before integrating the code that we developed, we started to add the
> concept of Group into our system.
>
> * Our database has a column called "role", where the only content is
> "GroupTest".
> * We created the group "GroupTest" also in Syncope to have a 1:1
> relation.
> * We created the type "role" and we put it into the "BaseGroup" schema.
> * We go back to the resources and we Edit provision rules, we add a
> Group that we map with name:role.
>
> Since now on, every Pull, also the one for the Users, will terminate
> in a FAILURE with the error:
>
> org.quartz.JobExecutionException: While pulling from connector [See
> nested exception: java.lang.IllegalArgumentException: Operation
> requires an Account ObjectClass.]
> at
> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
> at
> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
> at
> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
> at
> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
>
>
> Removing the mapping of the group, everything will turn back to normality.
>
> Any idea why this could happen?
>
> Thanks!
>
> On 06/02/17 17:58, Marco Di Sabatino Di Diodoro wrote:
>
>> Il 06/02/2017 17:41, Marco Di Sabatino Di Diodoro ha scritto:
>>
>>> Hi,
>>>
>>>
>>> Il 06/02/2017 17:11, Tech ha scritto:
>>>>
>>>> Dear experts,
>>>>
>>>> we're pulling information from a database. We want to assign
>>>> automatically a group to a user.
>>>>
>>>> The original table has a format like
>>>>
>>>> -- "USERNAME" : "user01"
>>>>
>>>> -- "ROLE": "employee"
>>>>
>>>
>>> In a pull task is possible to add a template. The template can be
>>> used for setting default values on entities during a pull task.
>>> To configure a template go to Topology --> select the external
>>> resource to pull --> Pull Task and click the Template icon [1 Pull
>>> Templates].
>>>
>>> [1]
>>> https://syncope.apache.org/docs/reference-guide.html#provisioning-pull
>>
>> If a User is associated to a Group in your Database, and you like
>> assign the corresponding User as a member of the corresponding Group
>> in Syncope, you must implement a Pull Action [1]. Connid doesn't
>> implement the assignment of a membership, so to obviate we can use a
>> pull action.
>>
>> [1] https://syncope.apache.org/docs/reference-guide.html#pullactions
>>>>
>>>> We want the user being created into Syncope associated to the
>>>> already existing group "employee", but we don't see how to create
>>>> this association.
>>>>
>>>> Is there any reference that we should check?
>>>>
>>>> Thanks
>>>>
--
Francesco Chicchiricc�
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: Assign group to user from DB
Posted by Marco Di Sabatino Di Diodoro <ma...@tirasa.net>.
Il 27/03/2017 18:07, Tech ha scritto:
>
> Just checked: the code is correct, but should be just positioned into
> the beforeProvisioning, now it's correctly working.
>
> Thanks for the support!
>
>
You're welcome
M
>
>
>
> On 27.03.17 17:53, Tech wrote:
>>
>> As described at the beginning of the thread, we have a pull process
>> taking information from a database.
>>
>> We associated the code to the action to take on the pull.
>>
>> We want to pull the user into the system and to associate it to the
>> role based on the specific column.
>>
>> As far as I understand now we should just use userpatch but put it in
>> BeforeProvisioning instead of BeforeUpdate?
>>
>>
>> Thanks
>>
>>
>>
>>
>> On 27.03.17 17:41, Marco Di Sabatino Di Diodoro wrote:
>>>
>>>
>>>
>>> Il 27/03/2017 17:12, Tech ha scritto:
>>>>
>>>> We used the After because we realized that in the first time we run
>>>> the code the users were just created and only in the second time
>>>> the code was executed the users were associated to the groups,
>>>> while we wanted to have everything done at the same time.
>>>>
>>> "we run the code the users were just created"
>>> during a create you must work with beforeProvisioning or beforeAssing
>>>
>>> "in the second time"
>>> What do you mean with this? You run sync task again?
>>>
>>>
>>>
>>>> Here the code:
>>>>
>>>> @Transactional
>>>> @Override
>>>> public <A extends AnyTO, M extends AnyPatch> SyncDelta
>>>> beforeUpdate(
>>>> final ProvisioningProfile<?, ?> profile,
>>>> final SyncDelta delta,
>>>> final A any,
>>>> final M anyPatch) throws JobExecutionException {
>>>>
>>>> if (any instanceof UserTO) {
>>>> final UserTO userTO = ((UserTO) any);
>>>> String userName = userTO.getUsername();
>>>> try {
>>>> Set<AttrTO> attrs = userTO.getPlainAttrs();
>>>> for (AttrTO attr : attrs) {
>>>> if
>>>> (attr.getSchema().equalsIgnoreCase("group_column")) {
>>>> Group oGroup =
>>>> groupDAO.findByName(attr.getValues().get(0).toString());
>>>> String oGroupName = oGroup.getName();
>>>> String oGroupKey = oGroup.getKey();
>>>> MembershipTO membershipTO = new
>>>> MembershipTO.Builder().group(oGroupKey).build();
>>>> LOG.warn("CHECK " + userName + " >
>>>> membership before " + userTO.getMembershipMap().size());
>>>> boolean res =
>>>> userTO.getMemberships().add(membershipTO);
>>>> LOG.warn("CHECK " + userName + " >
>>>> membership after " + userTO.getMembershipMap().size());
>>>> for (int i = 0; i <
>>>> userTO.getMemberships().size(); i++) {
>>>> LOG.warn("CHECK " + userName + " >
>>>> print membership groupKey: " +
>>>> userTO.getMemberships().get(i).getGroupKey());
>>>> LOG.warn("CHECK " + userName + " >
>>>> print membership groupName: " +
>>>> userTO.getMemberships().get(i).getGroupName());
>>>> }
>>>> }
>>>> }
>>>> } catch (Exception e) {
>>>> LOG.warn("Something happened...");
>>>> }
>>>> }
>>>> return delta;
>>>> }
>>>>
>>> "beforeUpdate" is called only if the user is already in Syncope, you
>>> have to manipulate the UserPatch
>>>
>>> final UserPatch userPatch = (UserPatch) anyMod;
>>>
>>> final MembershipPatch membershipPatch = new
>>> MembershipPatch.Builder().group(/oGroup.getKey()/).build();
>>> userPatch.getMemberships().add(membershipPatch);
>>>
>>> The UserTO is the old object before the sync task is happen.
>>>
>>> Regards
>>> Marco
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 27.03.17 16:24, Marco Di Sabatino Di Diodoro wrote:
>>>>>
>>>>>
>>>>>
>>>>> Il 27/03/2017 15:03, Tech ha scritto:
>>>>>>
>>>>>> I can also mention that printing the content of:
>>>>>>
>>>>>> userTO.getMembership().get(0).getGroupKey()
>>>>>>
>>>>>> I can see correctly the group key, so the group is correctly
>>>>>> assigned, but probably just not "committed"
>>>>>>
>>>>>>
>>>>> During the after you can no longer change the user, it's too late.
>>>>> Why do you say that during the before action the assignment
>>>>> doesn't work?
>>>>>
>>>>> Please, paste your code
>>>>> Thanks
>>>>> M
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 27/03/17 13:21, Tech wrote:
>>>>>>>
>>>>>>> Hello again,
>>>>>>>
>>>>>>> we saw that actually implement the membership in our case is not
>>>>>>> really working with a before, but we should implement in an after.
>>>>>>>
>>>>>>> The group already exists in the system and we tried to implement
>>>>>>> in this way:
>>>>>>>
>>>>>>> @Transactional
>>>>>>> @Override
>>>>>>> public void after(
>>>>>>> final ProvisioningProfile<?, ?> profile,
>>>>>>> final SyncDelta delta,
>>>>>>> final EntityTO any,
>>>>>>> final ProvisioningReport result) throws
>>>>>>> JobExecutionException {
>>>>>>>
>>>>>>> if (any instanceof UserTO) {
>>>>>>> final UserTO userTO = (UserTO) any;
>>>>>>> try {
>>>>>>> Set<AttrTO> attrs = userTO.getPlainAttrs();
>>>>>>> for (AttrTO attr : attrs) {
>>>>>>> if
>>>>>>> (attr.getSchema().equalsIgnoreCase("column_group")) {
>>>>>>> Group oGroup =
>>>>>>> groupDAO.findByName(attr.getValues().get(0).toString());
>>>>>>> final MembershipTO membershipTO = new
>>>>>>> MembershipTO.Builder().group(oGroup.getKey()).build();
>>>>>>> LOG.warn("Membership before
>>>>>>> "+userTO.getMembershipMap().size()); // This will print 0
>>>>>>> userTO.getMemberships().add(membershipTO);
>>>>>>> LOG.warn("Membership after
>>>>>>> "+userTO.getMembershipMap().size()); // This will print 1:
>>>>>>> something happened here
>>>>>>> }
>>>>>>> }
>>>>>>> } catch (Exception e) {
>>>>>>> LOG.warn("Something happened...");
>>>>>>> }
>>>>>>> }
>>>>>>> }
>>>>>>>
>>>>>>> After the userTO.getMembership().add(membershipTO) we see that
>>>>>>> the "size()" value changes from 0 to 1, therefore we assume that
>>>>>>> the membership has been assigned, but when we enter in the
>>>>>>> console interface and we check the groups, nothing has changed
>>>>>>> and we see that the user doesn't belong to any group.
>>>>>>>
>>>>>>> Is there any other missing action that should be taken?
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 06.03.17 17:12, Tech wrote:
>>>>>>>>
>>>>>>>> Yes, finally working, thanks a lot!
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 06/03/17 16:51, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Il 06/03/2017 16:40, Tech ha scritto:
>>>>>>>>>>
>>>>>>>>>> Actually you were right, we used already a "beforeUpdate".
>>>>>>>>>>
>>>>>>>>>> Here the code, there is nothing strange apparently, the
>>>>>>>>>> boolean "result" returns "true", but the user is not added to
>>>>>>>>>> the group
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> /
>>>>>>>>>> /
>>>>>>>>>>
>>>>>>>>>> /@Transactional//
>>>>>>>>>> // @Override//
>>>>>>>>>> // public <A extends AnyTO, M extends AnyPatch> SyncDelta
>>>>>>>>>> beforeUpdate(//
>>>>>>>>>> // final ProvisioningProfile<?, ?> profile,//
>>>>>>>>>> // final SyncDelta delta,//
>>>>>>>>>> // final A any,//
>>>>>>>>>> // final M anyPatch) throws JobExecutionException {//
>>>>>>>>>> //
>>>>>>>>>> // if (anyPatch instanceof UserPatch) {//
>>>>>>>>>> // final UserTO user = ((UserTO) any);//
>>>>>>>>>> // Group oGroup = null;/
>>>>>>>>>>
>>>>>>>>>> / String oGroupColumn = "group_colum";/
>>>>>>>>>>
>>>>>>>>>> / Set<AttrTO> attrs = user.getPlainAttrs();//
>>>>>>>>>> /
>>>>>>>>>>
>>>>>>>>>> / for(AttrTO attr : attrs) {//
>>>>>>>>>> //if(attr.getSchema().equalsIgnoreCase( oGroupColumn)){//
>>>>>>>>>> // LOG.warn("We check the schema:"+
>>>>>>>>>> attr.getSchema()); //Found//
>>>>>>>>>> // LOG.warn("Content:
>>>>>>>>>> "+attr.getValues().get(0).toString()); //Found//
>>>>>>>>>> // oGroup =
>>>>>>>>>> groupDAO.findByName(attr.getValues().get(0).toString());//
>>>>>>>>>> // LOG.warn("Group Key:
>>>>>>>>>> "+oGroup.getKey()); //Group key correctly retrieved//
>>>>>>>>>> // final MembershipTO membershipTO = new
>>>>>>>>>> MembershipTO.Builder().group(oGroup.getKey()).build();//
>>>>>>>>>> // LOG.warn("Check membership :"+
>>>>>>>>>> membershipTO.getGroupKey()); //Correct, it corresponds to the
>>>>>>>>>> previous group key//
>>>>>>>>>> // LOG.warn("Get user key:"+
>>>>>>>>>> user.getUsername()); // Correct, it corresponds to what found
>>>>>>>>>> in Syncope DB//
>>>>>>>>>> // boolean result =
>>>>>>>>>> user.getMemberships().add(membershipTO); //
>>>>>>>>>> // LOG.warn("Was the user added to the
>>>>>>>>>> group?: "+result); // Returns true//
>>>>>>>>>> // }//
>>>>>>>>>> // group = user.getPlainAttrMap().get("role");//
>>>>>>>>>> // }//
>>>>>>>>>> // return delta;//
>>>>>>>>>> // }//
>>>>>>>>>> //
>>>>>>>>>> /
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> If you're working in the beforeUpdate you need to update the
>>>>>>>>> UserPatch object:
>>>>>>>>>
>>>>>>>>> final UserPatch userPatch = (UserPatch) anyMod;
>>>>>>>>>
>>>>>>>>> final MembershipPatch membershipPatch = new
>>>>>>>>> MembershipPatch.Builder().group(/oGroup.getKey()/).build();
>>>>>>>>> userPatch.getMemberships().add(membershipPatch);
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>> Marco
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 06/03/17 16:10, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Il 06/03/2017 15:45, Tech ha scritto:
>>>>>>>>>>>>
>>>>>>>>>>>> Hello,
>>>>>>>>>>>>
>>>>>>>>>>>> as suggested, we started to work on the easiest case, we
>>>>>>>>>>>> created the Group1 in Syncope manually and we inserted into
>>>>>>>>>>>> the database column "Group" the entry "Group1".
>>>>>>>>>>>>
>>>>>>>>>>>> We implemented only an "after" in this case: we pulled the
>>>>>>>>>>>> information into Syncope and after the java is running.
>>>>>>>>>>>>
>>>>>>>>>>>> Following the log we see that:
>>>>>>>>>>>>
>>>>>>>>>>>> * we are able to find the user, and his userkey
>>>>>>>>>>>> * we are able to find the group column (a new custom
>>>>>>>>>>>> field into Syncope)
>>>>>>>>>>>> * we are able to find the group key of the group into
>>>>>>>>>>>> Syncope, based on the group column found in the
>>>>>>>>>>>> previous point
>>>>>>>>>>>> * we create the membership based on the group key (final
>>>>>>>>>>>> MembershipTO membershipTO = new
>>>>>>>>>>>> MembershipTO.Builder().group(group.getKey()).build();)
>>>>>>>>>>>> * we add the membership to the user.
>>>>>>>>>>>>
>>>>>>>>>>>> Checking the return value of the last "add(membershipTO)",
>>>>>>>>>>>> we see that it's returning a "true", therefore we think
>>>>>>>>>>>> that everything went well, but when we enter into the admin
>>>>>>>>>>>> console of Syncope, the user has not being assigned to the
>>>>>>>>>>>> Group1.
>>>>>>>>>>>>
>>>>>>>>>>>> Is there a missing step?
>>>>>>>>>>>>
>>>>>>>>>>> you're near the solution. I presume you're working with
>>>>>>>>>>> UserTO. So, to update an user during the pull process, you
>>>>>>>>>>> must implement the assignment of the membership during
>>>>>>>>>>> beforeProvision, beforeAssign or beforeUpdate.
>>>>>>>>>>>
>>>>>>>>>>> Updating the UserTO in the "after" is too late. The only way
>>>>>>>>>>> to update an user in the after is with the DAO.
>>>>>>>>>>>
>>>>>>>>>>> Regards
>>>>>>>>>>> Marco
>>>>>>>>>>>
>>>>>>>>>>>> Thanks
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On 03/03/17 19:49, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Il 03/03/2017 15:53, Tech ha scritto:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hello Francesco,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> we went through the directory
>>>>>>>>>>>>>> core/src/test/resources/scriptedsql, but we didn't find
>>>>>>>>>>>>>> any concrete example that might help us to implement what
>>>>>>>>>>>>>> we might need to do, we were expecting that the solution
>>>>>>>>>>>>>> was in the PullActions, but we didn't understood that
>>>>>>>>>>>>>> that was addressing only __ACCOUNT__ and not groups.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> What steps should be followed to assign the User1 to
>>>>>>>>>>>>>> Group1 in Syncope when the information into the database
>>>>>>>>>>>>>> are something like
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> USERNAME | GROUP
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> User1 | Group1
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> User2 | Group1
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ?
>>>>>>>>>>>>> The Scripted Sqlallows to synchronize users, groups or any
>>>>>>>>>>>>> type. Groovy script gives the possibility to specify which
>>>>>>>>>>>>> type of object you like to manage, for example, during a
>>>>>>>>>>>>> search you can add different case statement one for each type:
>>>>>>>>>>>>>
>>>>>>>>>>>>> switch ( objectClass ) {
>>>>>>>>>>>>> case "__ACCOUNT__":
>>>>>>>>>>>>> sql.eachRow("SELECT * FROM Users " + where",
>>>>>>>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>>>>>>>>>>> NAME:it.name, ...,....])} );
>>>>>>>>>>>>> break
>>>>>>>>>>>>>
>>>>>>>>>>>>> case "__GROUPS__":
>>>>>>>>>>>>> sql.eachRow("SELECT * FROM Groups " + where",
>>>>>>>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>>>>>>>>>>> NAME:it.name, ...,....])} );
>>>>>>>>>>>>> break
>>>>>>>>>>>>>
>>>>>>>>>>>>> case "__DEPARTMENT__":
>>>>>>>>>>>>> sql.eachRow("SELECT * FROM Departments " + where",
>>>>>>>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, NAME:it.name,
>>>>>>>>>>>>> DEPARTMENT:it.department, ...,....])} );
>>>>>>>>>>>>> break
>>>>>>>>>>>>>
>>>>>>>>>>>>> default:
>>>>>>>>>>>>> result;
>>>>>>>>>>>>> }
>>>>>>>>>>>>>
>>>>>>>>>>>>> In order to assign a group to a user, you must implement a
>>>>>>>>>>>>> pull action. But before doing this, you have to know if
>>>>>>>>>>>>> thegroups already exist on Syncope or are to be created
>>>>>>>>>>>>> simultaneously with the users. In the first case you need
>>>>>>>>>>>>> to implement a simpler action:
>>>>>>>>>>>>>
>>>>>>>>>>>>> final UserTO userTO = (UserTO) entity;
>>>>>>>>>>>>>
>>>>>>>>>>>>> Group group = groupDAO.findByName(groupName);
>>>>>>>>>>>>> if (group == null) {
>>>>>>>>>>>>> throw new RuntimeException("Group not found");
>>>>>>>>>>>>> }
>>>>>>>>>>>>>
>>>>>>>>>>>>> final MembershipTO membershipTO = new
>>>>>>>>>>>>> MembershipTO.Builder().group(group.getKey()).build();
>>>>>>>>>>>>> userTO.getMemberships().add(membershipTO);
>>>>>>>>>>>>>
>>>>>>>>>>>>> second case you must create the group (with dao)
>>>>>>>>>>>>>
>>>>>>>>>>>>> Group group = groupDAO.findByName(groupName);
>>>>>>>>>>>>> if (group == null) {
>>>>>>>>>>>>> group = entityFactory.newEntity(Group.class);
>>>>>>>>>>>>> group.setRealm(realmDAO.getRoot());
>>>>>>>>>>>>> group.setName(groupName);
>>>>>>>>>>>>> group = groupDAO.save(courseGroup);
>>>>>>>>>>>>> }
>>>>>>>>>>>>>
>>>>>>>>>>>>> and then assign it to the user during the after action.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards
>>>>>>>>>>>>> M
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On 01/03/17 14:40, Francesco Chicchiriccò wrote:
>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>> are you sure that you are using the Scripted SQL connector?
>>>>>>>>>>>>>>> The Database Table connector, in fact, only provides
>>>>>>>>>>>>>>> support for the __ACCOUNT__ ObjectClass, e.g. only for
>>>>>>>>>>>>>>> users, as suggested by the error below.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> In order to use the Scripted SQL connector, you must
>>>>>>>>>>>>>>> also provide the adequate Groovy scripts matching your
>>>>>>>>>>>>>>> own database schema; some samples can be found under the
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> core/src/test/resources/scriptedsql
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> directory of your generated Maven project.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> HTH
>>>>>>>>>>>>>>> Regards.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On 27/02/2017 17:47, Tech wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hello,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> coming back to this point: we prepared the code to
>>>>>>>>>>>>>>>> integrate the group propagation from a DB to Syncope
>>>>>>>>>>>>>>>> but we encountered some problems.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Before integrating the code that we developed, we
>>>>>>>>>>>>>>>> started to add the concept of Group into our system.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> * Our database has a column called "role", where the
>>>>>>>>>>>>>>>> only content is "GroupTest".
>>>>>>>>>>>>>>>> * We created the group "GroupTest" also in Syncope to
>>>>>>>>>>>>>>>> have a 1:1 relation.
>>>>>>>>>>>>>>>> * We created the type "role" and we put it into the
>>>>>>>>>>>>>>>> "BaseGroup" schema.
>>>>>>>>>>>>>>>> * We go back to the resources and we Edit provision
>>>>>>>>>>>>>>>> rules, we add a Group that we map with name:role.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Since now on, every Pull, also the one for the Users,
>>>>>>>>>>>>>>>> will terminate in a FAILURE with the error:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> org.quartz.JobExecutionException: While pulling from
>>>>>>>>>>>>>>>> connector [See nested exception:
>>>>>>>>>>>>>>>> java.lang.IllegalArgumentException: Operation requires
>>>>>>>>>>>>>>>> an Account ObjectClass.]
>>>>>>>>>>>>>>>> at
>>>>>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>>>>>>>>>>>>>>>> at
>>>>>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>>>>>>>>>>>>>>>> at
>>>>>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>>>>>>>>>>>>>>>> at
>>>>>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
>>>>>>>>>>>>>>>> at
>>>>>>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>>>>>>>>>>> at
>>>>>>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>>>>>>>>>>>>>>> at
>>>>>>>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>>>>>>>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Removing the mapping of the group, everything will turn
>>>>>>>>>>>>>>>> back to normality.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Any idea why this could happen?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Thanks!
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On 06/02/17 17:58, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Il 06/02/2017 17:41, Marco Di Sabatino Di Diodoro ha
>>>>>>>>>>>>>>>>> scritto:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Il 06/02/2017 17:11, Tech ha scritto:
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Dear experts,
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> we're pulling information from a database. We want
>>>>>>>>>>>>>>>>>>> to assign automatically a group to a user.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> The original table has a format like
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> -- "USERNAME" : "user01"
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> -- "ROLE": "employee"
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> In a pull task is possible to add a template. The
>>>>>>>>>>>>>>>>>> template can be used for setting default values on
>>>>>>>>>>>>>>>>>> entities during a pull task.
>>>>>>>>>>>>>>>>>> To configure a template go to Topology --> select the
>>>>>>>>>>>>>>>>>> external resource to pull --> Pull Task and click the
>>>>>>>>>>>>>>>>>> Template icon [1 Pull Templates].
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> [1]
>>>>>>>>>>>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#provisioning-pull
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> If a User is associated to a Group in your Database,
>>>>>>>>>>>>>>>>> and you like assign the corresponding User as a member
>>>>>>>>>>>>>>>>> of the corresponding Group in Syncope, you must
>>>>>>>>>>>>>>>>> implement a Pull Action [1]. Connid doesn't implement
>>>>>>>>>>>>>>>>> the assignment of a membership, so to obviate we can
>>>>>>>>>>>>>>>>> use a pull action.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> [1]
>>>>>>>>>>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#pullactions
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> We want the user being created into Syncope
>>>>>>>>>>>>>>>>>>> associated to the already existing group "employee",
>>>>>>>>>>>>>>>>>>> but we don't see how to create this association.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Is there any reference that we should check?
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> Francesco Chicchiriccò
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Tirasa - Open Source Excellence
>>>>>>>>>>>>>>> http://www.tirasa.net/
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Member at The Apache Software Foundation
>>>>>>>>>>>>>>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>>>>>>>>>>>>>>> http://home.apache.org/~ilgrosso/
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>>>>>>>>>> Tel. +39 3939065570
>>>>>>>>>>>>>
>>>>>>>>>>>>> Tirasa S.r.l.
>>>>>>>>>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>>>>>>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>>>>>>>>>> http://www.tirasa.net
>>>>>>>>>>>>>
>>>>>>>>>>>>> Apache Syncope PMC Member
>>>>>>>>>>>>> http://people.apache.org/~mdisabatino/
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>>>>>>>> Tel. +39 3939065570
>>>>>>>>>>>
>>>>>>>>>>> Tirasa S.r.l.
>>>>>>>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>>>>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>>>>>>>> http://www.tirasa.net
>>>>>>>>>>>
>>>>>>>>>>> Apache Syncope PMC Member
>>>>>>>>>>> http://people.apache.org/~mdisabatino/
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>>>>>> Tel. +39 3939065570
>>>>>>>>>
>>>>>>>>> Tirasa S.r.l.
>>>>>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>>>>>> http://www.tirasa.net
>>>>>>>>>
>>>>>>>>> Apache Syncope PMC Member
>>>>>>>>> http://people.apache.org/~mdisabatino/
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>> Tel. +39 3939065570
>>>>>
>>>>> Tirasa S.r.l.
>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>> http://www.tirasa.net
>>>>>
>>>>> Apache Syncope PMC Member
>>>>> http://people.apache.org/~mdisabatino/
>>>>
>>>
>>> --
>>> Dott. Marco Di Sabatino Di Diodoro
>>> Tel. +39 3939065570
>>>
>>> Tirasa S.r.l.
>>> Viale D'Annunzio 267 - 65127 Pescara
>>> Tel +39 0859116307 / FAX +39 0859111173
>>> http://www.tirasa.net
>>>
>>> Apache Syncope PMC Member
>>> http://people.apache.org/~mdisabatino/
>>
>
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
Re: Assign group to user from DB
Posted by Tech <te...@psynd.net>.
Just checked: the code is correct, but should be just positioned into
the beforeProvisioning, now it's correctly working.
Thanks for the support!
On 27.03.17 17:53, Tech wrote:
>
> As described at the beginning of the thread, we have a pull process
> taking information from a database.
>
> We associated the code to the action to take on the pull.
>
> We want to pull the user into the system and to associate it to the
> role based on the specific column.
>
> As far as I understand now we should just use userpatch but put it in
> BeforeProvisioning instead of BeforeUpdate?
>
>
> Thanks
>
>
>
>
> On 27.03.17 17:41, Marco Di Sabatino Di Diodoro wrote:
>>
>>
>>
>> Il 27/03/2017 17:12, Tech ha scritto:
>>>
>>> We used the After because we realized that in the first time we run
>>> the code the users were just created and only in the second time the
>>> code was executed the users were associated to the groups, while we
>>> wanted to have everything done at the same time.
>>>
>> "we run the code the users were just created"
>> during a create you must work with beforeProvisioning or beforeAssing
>>
>> "in the second time"
>> What do you mean with this? You run sync task again?
>>
>>
>>
>>> Here the code:
>>>
>>> @Transactional
>>> @Override
>>> public <A extends AnyTO, M extends AnyPatch> SyncDelta
>>> beforeUpdate(
>>> final ProvisioningProfile<?, ?> profile,
>>> final SyncDelta delta,
>>> final A any,
>>> final M anyPatch) throws JobExecutionException {
>>>
>>> if (any instanceof UserTO) {
>>> final UserTO userTO = ((UserTO) any);
>>> String userName = userTO.getUsername();
>>> try {
>>> Set<AttrTO> attrs = userTO.getPlainAttrs();
>>> for (AttrTO attr : attrs) {
>>> if
>>> (attr.getSchema().equalsIgnoreCase("group_column")) {
>>> Group oGroup =
>>> groupDAO.findByName(attr.getValues().get(0).toString());
>>> String oGroupName = oGroup.getName();
>>> String oGroupKey = oGroup.getKey();
>>> MembershipTO membershipTO = new
>>> MembershipTO.Builder().group(oGroupKey).build();
>>> LOG.warn("CHECK " + userName + " >
>>> membership before " + userTO.getMembershipMap().size());
>>> boolean res =
>>> userTO.getMemberships().add(membershipTO);
>>> LOG.warn("CHECK " + userName + " >
>>> membership after " + userTO.getMembershipMap().size());
>>> for (int i = 0; i <
>>> userTO.getMemberships().size(); i++) {
>>> LOG.warn("CHECK " + userName + " > print
>>> membership groupKey: " + userTO.getMemberships().get(i).getGroupKey());
>>> LOG.warn("CHECK " + userName + " > print
>>> membership groupName: " +
>>> userTO.getMemberships().get(i).getGroupName());
>>> }
>>> }
>>> }
>>> } catch (Exception e) {
>>> LOG.warn("Something happened...");
>>> }
>>> }
>>> return delta;
>>> }
>>>
>> "beforeUpdate" is called only if the user is already in Syncope, you
>> have to manipulate the UserPatch
>>
>> final UserPatch userPatch = (UserPatch) anyMod;
>>
>> final MembershipPatch membershipPatch = new
>> MembershipPatch.Builder().group(/oGroup.getKey()/).build();
>> userPatch.getMemberships().add(membershipPatch);
>>
>> The UserTO is the old object before the sync task is happen.
>>
>> Regards
>> Marco
>>>
>>>
>>>
>>>
>>>
>>> On 27.03.17 16:24, Marco Di Sabatino Di Diodoro wrote:
>>>>
>>>>
>>>>
>>>> Il 27/03/2017 15:03, Tech ha scritto:
>>>>>
>>>>> I can also mention that printing the content of:
>>>>>
>>>>> userTO.getMembership().get(0).getGroupKey()
>>>>>
>>>>> I can see correctly the group key, so the group is correctly
>>>>> assigned, but probably just not "committed"
>>>>>
>>>>>
>>>> During the after you can no longer change the user, it's too late.
>>>> Why do you say that during the before action the assignment doesn't
>>>> work?
>>>>
>>>> Please, paste your code
>>>> Thanks
>>>> M
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 27/03/17 13:21, Tech wrote:
>>>>>>
>>>>>> Hello again,
>>>>>>
>>>>>> we saw that actually implement the membership in our case is not
>>>>>> really working with a before, but we should implement in an after.
>>>>>>
>>>>>> The group already exists in the system and we tried to implement
>>>>>> in this way:
>>>>>>
>>>>>> @Transactional
>>>>>> @Override
>>>>>> public void after(
>>>>>> final ProvisioningProfile<?, ?> profile,
>>>>>> final SyncDelta delta,
>>>>>> final EntityTO any,
>>>>>> final ProvisioningReport result) throws
>>>>>> JobExecutionException {
>>>>>>
>>>>>> if (any instanceof UserTO) {
>>>>>> final UserTO userTO = (UserTO) any;
>>>>>> try {
>>>>>> Set<AttrTO> attrs = userTO.getPlainAttrs();
>>>>>> for (AttrTO attr : attrs) {
>>>>>> if
>>>>>> (attr.getSchema().equalsIgnoreCase("column_group")) {
>>>>>> Group oGroup =
>>>>>> groupDAO.findByName(attr.getValues().get(0).toString());
>>>>>> final MembershipTO membershipTO = new
>>>>>> MembershipTO.Builder().group(oGroup.getKey()).build();
>>>>>> LOG.warn("Membership before
>>>>>> "+userTO.getMembershipMap().size()); // This will print 0
>>>>>> userTO.getMemberships().add(membershipTO);
>>>>>> LOG.warn("Membership after
>>>>>> "+userTO.getMembershipMap().size()); // This will print 1:
>>>>>> something happened here
>>>>>> }
>>>>>> }
>>>>>> } catch (Exception e) {
>>>>>> LOG.warn("Something happened...");
>>>>>> }
>>>>>> }
>>>>>> }
>>>>>>
>>>>>> After the userTO.getMembership().add(membershipTO) we see that
>>>>>> the "size()" value changes from 0 to 1, therefore we assume that
>>>>>> the membership has been assigned, but when we enter in the
>>>>>> console interface and we check the groups, nothing has changed
>>>>>> and we see that the user doesn't belong to any group.
>>>>>>
>>>>>> Is there any other missing action that should be taken?
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 06.03.17 17:12, Tech wrote:
>>>>>>>
>>>>>>> Yes, finally working, thanks a lot!
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 06/03/17 16:51, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Il 06/03/2017 16:40, Tech ha scritto:
>>>>>>>>>
>>>>>>>>> Actually you were right, we used already a "beforeUpdate".
>>>>>>>>>
>>>>>>>>> Here the code, there is nothing strange apparently, the
>>>>>>>>> boolean "result" returns "true", but the user is not added to
>>>>>>>>> the group
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> /
>>>>>>>>> /
>>>>>>>>>
>>>>>>>>> /@Transactional//
>>>>>>>>> // @Override//
>>>>>>>>> // public <A extends AnyTO, M extends AnyPatch> SyncDelta
>>>>>>>>> beforeUpdate(//
>>>>>>>>> // final ProvisioningProfile<?, ?> profile,//
>>>>>>>>> // final SyncDelta delta,//
>>>>>>>>> // final A any,//
>>>>>>>>> // final M anyPatch) throws JobExecutionException {//
>>>>>>>>> //
>>>>>>>>> // if (anyPatch instanceof UserPatch) {//
>>>>>>>>> // final UserTO user = ((UserTO) any);//
>>>>>>>>> // Group oGroup = null;/
>>>>>>>>>
>>>>>>>>> / String oGroupColumn = "group_colum";/
>>>>>>>>>
>>>>>>>>> / Set<AttrTO> attrs = user.getPlainAttrs();//
>>>>>>>>> /
>>>>>>>>>
>>>>>>>>> / for(AttrTO attr : attrs) {//
>>>>>>>>> //if(attr.getSchema().equalsIgnoreCase( oGroupColumn)){//
>>>>>>>>> // LOG.warn("We check the schema:"+
>>>>>>>>> attr.getSchema()); //Found//
>>>>>>>>> // LOG.warn("Content:
>>>>>>>>> "+attr.getValues().get(0).toString()); //Found//
>>>>>>>>> // oGroup =
>>>>>>>>> groupDAO.findByName(attr.getValues().get(0).toString());//
>>>>>>>>> // LOG.warn("Group Key: "+oGroup.getKey());
>>>>>>>>> //Group key correctly retrieved//
>>>>>>>>> // final MembershipTO membershipTO = new
>>>>>>>>> MembershipTO.Builder().group(oGroup.getKey()).build();//
>>>>>>>>> // LOG.warn("Check membership :"+
>>>>>>>>> membershipTO.getGroupKey()); //Correct, it corresponds to the
>>>>>>>>> previous group key//
>>>>>>>>> // LOG.warn("Get user key:"+
>>>>>>>>> user.getUsername()); // Correct, it corresponds to what found
>>>>>>>>> in Syncope DB//
>>>>>>>>> // boolean result =
>>>>>>>>> user.getMemberships().add(membershipTO); //
>>>>>>>>> // LOG.warn("Was the user added to the
>>>>>>>>> group?: "+result); // Returns true//
>>>>>>>>> // }//
>>>>>>>>> // group = user.getPlainAttrMap().get("role");//
>>>>>>>>> // }//
>>>>>>>>> // return delta;//
>>>>>>>>> // }//
>>>>>>>>> //
>>>>>>>>> /
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> If you're working in the beforeUpdate you need to update the
>>>>>>>> UserPatch object:
>>>>>>>>
>>>>>>>> final UserPatch userPatch = (UserPatch) anyMod;
>>>>>>>>
>>>>>>>> final MembershipPatch membershipPatch = new
>>>>>>>> MembershipPatch.Builder().group(/oGroup.getKey()/).build();
>>>>>>>> userPatch.getMemberships().add(membershipPatch);
>>>>>>>>
>>>>>>>> Regards
>>>>>>>> Marco
>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 06/03/17 16:10, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Il 06/03/2017 15:45, Tech ha scritto:
>>>>>>>>>>>
>>>>>>>>>>> Hello,
>>>>>>>>>>>
>>>>>>>>>>> as suggested, we started to work on the easiest case, we
>>>>>>>>>>> created the Group1 in Syncope manually and we inserted into
>>>>>>>>>>> the database column "Group" the entry "Group1".
>>>>>>>>>>>
>>>>>>>>>>> We implemented only an "after" in this case: we pulled the
>>>>>>>>>>> information into Syncope and after the java is running.
>>>>>>>>>>>
>>>>>>>>>>> Following the log we see that:
>>>>>>>>>>>
>>>>>>>>>>> * we are able to find the user, and his userkey
>>>>>>>>>>> * we are able to find the group column (a new custom field
>>>>>>>>>>> into Syncope)
>>>>>>>>>>> * we are able to find the group key of the group into
>>>>>>>>>>> Syncope, based on the group column found in the previous
>>>>>>>>>>> point
>>>>>>>>>>> * we create the membership based on the group key (final
>>>>>>>>>>> MembershipTO membershipTO = new
>>>>>>>>>>> MembershipTO.Builder().group(group.getKey()).build();)
>>>>>>>>>>> * we add the membership to the user.
>>>>>>>>>>>
>>>>>>>>>>> Checking the return value of the last "add(membershipTO)",
>>>>>>>>>>> we see that it's returning a "true", therefore we think that
>>>>>>>>>>> everything went well, but when we enter into the admin
>>>>>>>>>>> console of Syncope, the user has not being assigned to the
>>>>>>>>>>> Group1.
>>>>>>>>>>>
>>>>>>>>>>> Is there a missing step?
>>>>>>>>>>>
>>>>>>>>>> you're near the solution. I presume you're working with
>>>>>>>>>> UserTO. So, to update an user during the pull process, you
>>>>>>>>>> must implement the assignment of the membership during
>>>>>>>>>> beforeProvision, beforeAssign or beforeUpdate.
>>>>>>>>>>
>>>>>>>>>> Updating the UserTO in the "after" is too late. The only way
>>>>>>>>>> to update an user in the after is with the DAO.
>>>>>>>>>>
>>>>>>>>>> Regards
>>>>>>>>>> Marco
>>>>>>>>>>
>>>>>>>>>>> Thanks
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On 03/03/17 19:49, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Hi,
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Il 03/03/2017 15:53, Tech ha scritto:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hello Francesco,
>>>>>>>>>>>>>
>>>>>>>>>>>>> we went through the directory
>>>>>>>>>>>>> core/src/test/resources/scriptedsql, but we didn't find
>>>>>>>>>>>>> any concrete example that might help us to implement what
>>>>>>>>>>>>> we might need to do, we were expecting that the solution
>>>>>>>>>>>>> was in the PullActions, but we didn't understood that that
>>>>>>>>>>>>> was addressing only __ACCOUNT__ and not groups.
>>>>>>>>>>>>>
>>>>>>>>>>>>> What steps should be followed to assign the User1 to
>>>>>>>>>>>>> Group1 in Syncope when the information into the database
>>>>>>>>>>>>> are something like
>>>>>>>>>>>>>
>>>>>>>>>>>>> USERNAME | GROUP
>>>>>>>>>>>>>
>>>>>>>>>>>>> User1 | Group1
>>>>>>>>>>>>>
>>>>>>>>>>>>> User2 | Group1
>>>>>>>>>>>>>
>>>>>>>>>>>>> ?
>>>>>>>>>>>> The Scripted Sqlallows to synchronize users, groups or any
>>>>>>>>>>>> type. Groovy script gives the possibility to specify which
>>>>>>>>>>>> type of object you like to manage, for example, during a
>>>>>>>>>>>> search you can add different case statement one for each type:
>>>>>>>>>>>>
>>>>>>>>>>>> switch ( objectClass ) {
>>>>>>>>>>>> case "__ACCOUNT__":
>>>>>>>>>>>> sql.eachRow("SELECT * FROM Users " + where",
>>>>>>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>>>>>>>>>> NAME:it.name, ...,....])} );
>>>>>>>>>>>> break
>>>>>>>>>>>>
>>>>>>>>>>>> case "__GROUPS__":
>>>>>>>>>>>> sql.eachRow("SELECT * FROM Groups " + where",
>>>>>>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>>>>>>>>>> NAME:it.name, ...,....])} );
>>>>>>>>>>>> break
>>>>>>>>>>>>
>>>>>>>>>>>> case "__DEPARTMENT__":
>>>>>>>>>>>> sql.eachRow("SELECT * FROM Departments " + where",
>>>>>>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, NAME:it.name,
>>>>>>>>>>>> DEPARTMENT:it.department, ...,....])} );
>>>>>>>>>>>> break
>>>>>>>>>>>>
>>>>>>>>>>>> default:
>>>>>>>>>>>> result;
>>>>>>>>>>>> }
>>>>>>>>>>>>
>>>>>>>>>>>> In order to assign a group to a user, you must implement a
>>>>>>>>>>>> pull action. But before doing this, you have to know if
>>>>>>>>>>>> thegroups already exist on Syncope or are to be created
>>>>>>>>>>>> simultaneously with the users. In the first case you need
>>>>>>>>>>>> to implement a simpler action:
>>>>>>>>>>>>
>>>>>>>>>>>> final UserTO userTO = (UserTO) entity;
>>>>>>>>>>>>
>>>>>>>>>>>> Group group = groupDAO.findByName(groupName);
>>>>>>>>>>>> if (group == null) {
>>>>>>>>>>>> throw new RuntimeException("Group not found");
>>>>>>>>>>>> }
>>>>>>>>>>>>
>>>>>>>>>>>> final MembershipTO membershipTO = new
>>>>>>>>>>>> MembershipTO.Builder().group(group.getKey()).build();
>>>>>>>>>>>> userTO.getMemberships().add(membershipTO);
>>>>>>>>>>>>
>>>>>>>>>>>> second case you must create the group (with dao)
>>>>>>>>>>>>
>>>>>>>>>>>> Group group = groupDAO.findByName(groupName);
>>>>>>>>>>>> if (group == null) {
>>>>>>>>>>>> group = entityFactory.newEntity(Group.class);
>>>>>>>>>>>> group.setRealm(realmDAO.getRoot());
>>>>>>>>>>>> group.setName(groupName);
>>>>>>>>>>>> group = groupDAO.save(courseGroup);
>>>>>>>>>>>> }
>>>>>>>>>>>>
>>>>>>>>>>>> and then assign it to the user during the after action.
>>>>>>>>>>>>
>>>>>>>>>>>> Regards
>>>>>>>>>>>> M
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On 01/03/17 14:40, Francesco Chicchiricc� wrote:
>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>> are you sure that you are using the Scripted SQL connector?
>>>>>>>>>>>>>> The Database Table connector, in fact, only provides
>>>>>>>>>>>>>> support for the __ACCOUNT__ ObjectClass, e.g. only for
>>>>>>>>>>>>>> users, as suggested by the error below.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> In order to use the Scripted SQL connector, you must also
>>>>>>>>>>>>>> provide the adequate Groovy scripts matching your own
>>>>>>>>>>>>>> database schema; some samples can be found under the
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> core/src/test/resources/scriptedsql
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> directory of your generated Maven project.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> HTH
>>>>>>>>>>>>>> Regards.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On 27/02/2017 17:47, Tech wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hello,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> coming back to this point: we prepared the code to
>>>>>>>>>>>>>>> integrate the group propagation from a DB to Syncope but
>>>>>>>>>>>>>>> we encountered some problems.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Before integrating the code that we developed, we
>>>>>>>>>>>>>>> started to add the concept of Group into our system.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> * Our database has a column called "role", where the
>>>>>>>>>>>>>>> only content is "GroupTest".
>>>>>>>>>>>>>>> * We created the group "GroupTest" also in Syncope to
>>>>>>>>>>>>>>> have a 1:1 relation.
>>>>>>>>>>>>>>> * We created the type "role" and we put it into the
>>>>>>>>>>>>>>> "BaseGroup" schema.
>>>>>>>>>>>>>>> * We go back to the resources and we Edit provision
>>>>>>>>>>>>>>> rules, we add a Group that we map with name:role.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Since now on, every Pull, also the one for the Users,
>>>>>>>>>>>>>>> will terminate in a FAILURE with the error:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> org.quartz.JobExecutionException: While pulling from
>>>>>>>>>>>>>>> connector [See nested exception:
>>>>>>>>>>>>>>> java.lang.IllegalArgumentException: Operation requires
>>>>>>>>>>>>>>> an Account ObjectClass.]
>>>>>>>>>>>>>>> at
>>>>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>>>>>>>>>>>>>>> at
>>>>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>>>>>>>>>>>>>>> at
>>>>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>>>>>>>>>>>>>>> at
>>>>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
>>>>>>>>>>>>>>> at
>>>>>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>>>>>>>>>> at
>>>>>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>>>>>>>>>>>>>> at
>>>>>>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>>>>>>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Removing the mapping of the group, everything will turn
>>>>>>>>>>>>>>> back to normality.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Any idea why this could happen?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks!
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On 06/02/17 17:58, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Il 06/02/2017 17:41, Marco Di Sabatino Di Diodoro ha
>>>>>>>>>>>>>>>> scritto:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Il 06/02/2017 17:11, Tech ha scritto:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Dear experts,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> we're pulling information from a database. We want to
>>>>>>>>>>>>>>>>>> assign automatically a group to a user.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> The original table has a format like
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> -- "USERNAME" : "user01"
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> -- "ROLE": "employee"
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> In a pull task is possible to add a template. The
>>>>>>>>>>>>>>>>> template can be used for setting default values on
>>>>>>>>>>>>>>>>> entities during a pull task.
>>>>>>>>>>>>>>>>> To configure a template go to Topology --> select the
>>>>>>>>>>>>>>>>> external resource to pull --> Pull Task and click the
>>>>>>>>>>>>>>>>> Template icon [1 Pull Templates].
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> [1]
>>>>>>>>>>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#provisioning-pull
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> If a User is associated to a Group in your Database,
>>>>>>>>>>>>>>>> and you like assign the corresponding User as a member
>>>>>>>>>>>>>>>> of the corresponding Group in Syncope, you must
>>>>>>>>>>>>>>>> implement a Pull Action [1]. Connid doesn't implement
>>>>>>>>>>>>>>>> the assignment of a membership, so to obviate we can
>>>>>>>>>>>>>>>> use a pull action.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> [1]
>>>>>>>>>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#pullactions
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> We want the user being created into Syncope
>>>>>>>>>>>>>>>>>> associated to the already existing group "employee",
>>>>>>>>>>>>>>>>>> but we don't see how to create this association.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Is there any reference that we should check?
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> Francesco Chicchiricc�
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Tirasa - Open Source Excellence
>>>>>>>>>>>>>> http://www.tirasa.net/
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Member at The Apache Software Foundation
>>>>>>>>>>>>>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>>>>>>>>>>>>>> http://home.apache.org/~ilgrosso/
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>>>>>>>>> Tel. +39 3939065570
>>>>>>>>>>>>
>>>>>>>>>>>> Tirasa S.r.l.
>>>>>>>>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>>>>>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>>>>>>>>> http://www.tirasa.net
>>>>>>>>>>>>
>>>>>>>>>>>> Apache Syncope PMC Member
>>>>>>>>>>>> http://people.apache.org/~mdisabatino/
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>>>>>>> Tel. +39 3939065570
>>>>>>>>>>
>>>>>>>>>> Tirasa S.r.l.
>>>>>>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>>>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>>>>>>> http://www.tirasa.net
>>>>>>>>>>
>>>>>>>>>> Apache Syncope PMC Member
>>>>>>>>>> http://people.apache.org/~mdisabatino/
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>>>>> Tel. +39 3939065570
>>>>>>>>
>>>>>>>> Tirasa S.r.l.
>>>>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>>>>> http://www.tirasa.net
>>>>>>>>
>>>>>>>> Apache Syncope PMC Member
>>>>>>>> http://people.apache.org/~mdisabatino/
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>> --
>>>> Dott. Marco Di Sabatino Di Diodoro
>>>> Tel. +39 3939065570
>>>>
>>>> Tirasa S.r.l.
>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>> http://www.tirasa.net
>>>>
>>>> Apache Syncope PMC Member
>>>> http://people.apache.org/~mdisabatino/
>>>
>>
>> --
>> Dott. Marco Di Sabatino Di Diodoro
>> Tel. +39 3939065570
>>
>> Tirasa S.r.l.
>> Viale D'Annunzio 267 - 65127 Pescara
>> Tel +39 0859116307 / FAX +39 0859111173
>> http://www.tirasa.net
>>
>> Apache Syncope PMC Member
>> http://people.apache.org/~mdisabatino/
>
Re: Assign group to user from DB
Posted by Tech <te...@psynd.net>.
As described at the beginning of the thread, we have a pull process
taking information from a database.
We associated the code to the action to take on the pull.
We want to pull the user into the system and to associate it to the role
based on the specific column.
As far as I understand now we should just use userpatch but put it in
BeforeProvisioning instead of BeforeUpdate?
Thanks
On 27.03.17 17:41, Marco Di Sabatino Di Diodoro wrote:
>
>
>
> Il 27/03/2017 17:12, Tech ha scritto:
>>
>> We used the After because we realized that in the first time we run
>> the code the users were just created and only in the second time the
>> code was executed the users were associated to the groups, while we
>> wanted to have everything done at the same time.
>>
> "we run the code the users were just created"
> during a create you must work with beforeProvisioning or beforeAssing
>
> "in the second time"
> What do you mean with this? You run sync task again?
>
>
>
>> Here the code:
>>
>> @Transactional
>> @Override
>> public <A extends AnyTO, M extends AnyPatch> SyncDelta beforeUpdate(
>> final ProvisioningProfile<?, ?> profile,
>> final SyncDelta delta,
>> final A any,
>> final M anyPatch) throws JobExecutionException {
>>
>> if (any instanceof UserTO) {
>> final UserTO userTO = ((UserTO) any);
>> String userName = userTO.getUsername();
>> try {
>> Set<AttrTO> attrs = userTO.getPlainAttrs();
>> for (AttrTO attr : attrs) {
>> if
>> (attr.getSchema().equalsIgnoreCase("group_column")) {
>> Group oGroup =
>> groupDAO.findByName(attr.getValues().get(0).toString());
>> String oGroupName = oGroup.getName();
>> String oGroupKey = oGroup.getKey();
>> MembershipTO membershipTO = new
>> MembershipTO.Builder().group(oGroupKey).build();
>> LOG.warn("CHECK " + userName + " > membership
>> before " + userTO.getMembershipMap().size());
>> boolean res =
>> userTO.getMemberships().add(membershipTO);
>> LOG.warn("CHECK " + userName + " > membership
>> after " + userTO.getMembershipMap().size());
>> for (int i = 0; i <
>> userTO.getMemberships().size(); i++) {
>> LOG.warn("CHECK " + userName + " > print
>> membership groupKey: " + userTO.getMemberships().get(i).getGroupKey());
>> LOG.warn("CHECK " + userName + " > print
>> membership groupName: " + userTO.getMemberships().get(i).getGroupName());
>> }
>> }
>> }
>> } catch (Exception e) {
>> LOG.warn("Something happened...");
>> }
>> }
>> return delta;
>> }
>>
> "beforeUpdate" is called only if the user is already in Syncope, you
> have to manipulate the UserPatch
>
> final UserPatch userPatch = (UserPatch) anyMod;
>
> final MembershipPatch membershipPatch = new
> MembershipPatch.Builder().group(/oGroup.getKey()/).build();
> userPatch.getMemberships().add(membershipPatch);
>
> The UserTO is the old object before the sync task is happen.
>
> Regards
> Marco
>>
>>
>>
>>
>>
>> On 27.03.17 16:24, Marco Di Sabatino Di Diodoro wrote:
>>>
>>>
>>>
>>> Il 27/03/2017 15:03, Tech ha scritto:
>>>>
>>>> I can also mention that printing the content of:
>>>>
>>>> userTO.getMembership().get(0).getGroupKey()
>>>>
>>>> I can see correctly the group key, so the group is correctly
>>>> assigned, but probably just not "committed"
>>>>
>>>>
>>> During the after you can no longer change the user, it's too late.
>>> Why do you say that during the before action the assignment doesn't
>>> work?
>>>
>>> Please, paste your code
>>> Thanks
>>> M
>>>>
>>>>
>>>>
>>>>
>>>> On 27/03/17 13:21, Tech wrote:
>>>>>
>>>>> Hello again,
>>>>>
>>>>> we saw that actually implement the membership in our case is not
>>>>> really working with a before, but we should implement in an after.
>>>>>
>>>>> The group already exists in the system and we tried to implement
>>>>> in this way:
>>>>>
>>>>> @Transactional
>>>>> @Override
>>>>> public void after(
>>>>> final ProvisioningProfile<?, ?> profile,
>>>>> final SyncDelta delta,
>>>>> final EntityTO any,
>>>>> final ProvisioningReport result) throws
>>>>> JobExecutionException {
>>>>>
>>>>> if (any instanceof UserTO) {
>>>>> final UserTO userTO = (UserTO) any;
>>>>> try {
>>>>> Set<AttrTO> attrs = userTO.getPlainAttrs();
>>>>> for (AttrTO attr : attrs) {
>>>>> if
>>>>> (attr.getSchema().equalsIgnoreCase("column_group")) {
>>>>> Group oGroup =
>>>>> groupDAO.findByName(attr.getValues().get(0).toString());
>>>>> final MembershipTO membershipTO = new
>>>>> MembershipTO.Builder().group(oGroup.getKey()).build();
>>>>> LOG.warn("Membership before
>>>>> "+userTO.getMembershipMap().size()); // This will print 0
>>>>> userTO.getMemberships().add(membershipTO);
>>>>> LOG.warn("Membership after
>>>>> "+userTO.getMembershipMap().size()); // This will print 1:
>>>>> something happened here
>>>>> }
>>>>> }
>>>>> } catch (Exception e) {
>>>>> LOG.warn("Something happened...");
>>>>> }
>>>>> }
>>>>> }
>>>>>
>>>>> After the userTO.getMembership().add(membershipTO) we see that the
>>>>> "size()" value changes from 0 to 1, therefore we assume that the
>>>>> membership has been assigned, but when we enter in the console
>>>>> interface and we check the groups, nothing has changed and we see
>>>>> that the user doesn't belong to any group.
>>>>>
>>>>> Is there any other missing action that should be taken?
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 06.03.17 17:12, Tech wrote:
>>>>>>
>>>>>> Yes, finally working, thanks a lot!
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 06/03/17 16:51, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Il 06/03/2017 16:40, Tech ha scritto:
>>>>>>>>
>>>>>>>> Actually you were right, we used already a "beforeUpdate".
>>>>>>>>
>>>>>>>> Here the code, there is nothing strange apparently, the boolean
>>>>>>>> "result" returns "true", but the user is not added to the group
>>>>>>>>
>>>>>>>>
>>>>>>>> /
>>>>>>>> /
>>>>>>>>
>>>>>>>> /@Transactional//
>>>>>>>> // @Override//
>>>>>>>> // public <A extends AnyTO, M extends AnyPatch> SyncDelta
>>>>>>>> beforeUpdate(//
>>>>>>>> // final ProvisioningProfile<?, ?> profile,//
>>>>>>>> // final SyncDelta delta,//
>>>>>>>> // final A any,//
>>>>>>>> // final M anyPatch) throws JobExecutionException {//
>>>>>>>> //
>>>>>>>> // if (anyPatch instanceof UserPatch) {//
>>>>>>>> // final UserTO user = ((UserTO) any);//
>>>>>>>> // Group oGroup = null;/
>>>>>>>>
>>>>>>>> / String oGroupColumn = "group_colum";/
>>>>>>>>
>>>>>>>> / Set<AttrTO> attrs = user.getPlainAttrs();//
>>>>>>>> /
>>>>>>>>
>>>>>>>> / for(AttrTO attr : attrs) {//
>>>>>>>> //if(attr.getSchema().equalsIgnoreCase( oGroupColumn)){//
>>>>>>>> // LOG.warn("We check the schema:"+
>>>>>>>> attr.getSchema()); //Found//
>>>>>>>> // LOG.warn("Content:
>>>>>>>> "+attr.getValues().get(0).toString()); //Found//
>>>>>>>> // oGroup =
>>>>>>>> groupDAO.findByName(attr.getValues().get(0).toString());//
>>>>>>>> // LOG.warn("Group Key: "+oGroup.getKey());
>>>>>>>> //Group key correctly retrieved//
>>>>>>>> // final MembershipTO membershipTO = new
>>>>>>>> MembershipTO.Builder().group(oGroup.getKey()).build();//
>>>>>>>> // LOG.warn("Check membership :"+
>>>>>>>> membershipTO.getGroupKey()); //Correct, it corresponds to the
>>>>>>>> previous group key//
>>>>>>>> // LOG.warn("Get user key:"+
>>>>>>>> user.getUsername()); // Correct, it corresponds to what found
>>>>>>>> in Syncope DB//
>>>>>>>> // boolean result =
>>>>>>>> user.getMemberships().add(membershipTO); //
>>>>>>>> // LOG.warn("Was the user added to the
>>>>>>>> group?: "+result); // Returns true//
>>>>>>>> // }//
>>>>>>>> // group = user.getPlainAttrMap().get("role");//
>>>>>>>> // }//
>>>>>>>> // return delta;//
>>>>>>>> // }//
>>>>>>>> //
>>>>>>>> /
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> If you're working in the beforeUpdate you need to update the
>>>>>>> UserPatch object:
>>>>>>>
>>>>>>> final UserPatch userPatch = (UserPatch) anyMod;
>>>>>>>
>>>>>>> final MembershipPatch membershipPatch = new
>>>>>>> MembershipPatch.Builder().group(/oGroup.getKey()/).build();
>>>>>>> userPatch.getMemberships().add(membershipPatch);
>>>>>>>
>>>>>>> Regards
>>>>>>> Marco
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 06/03/17 16:10, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Il 06/03/2017 15:45, Tech ha scritto:
>>>>>>>>>>
>>>>>>>>>> Hello,
>>>>>>>>>>
>>>>>>>>>> as suggested, we started to work on the easiest case, we
>>>>>>>>>> created the Group1 in Syncope manually and we inserted into
>>>>>>>>>> the database column "Group" the entry "Group1".
>>>>>>>>>>
>>>>>>>>>> We implemented only an "after" in this case: we pulled the
>>>>>>>>>> information into Syncope and after the java is running.
>>>>>>>>>>
>>>>>>>>>> Following the log we see that:
>>>>>>>>>>
>>>>>>>>>> * we are able to find the user, and his userkey
>>>>>>>>>> * we are able to find the group column (a new custom field
>>>>>>>>>> into Syncope)
>>>>>>>>>> * we are able to find the group key of the group into
>>>>>>>>>> Syncope, based on the group column found in the previous
>>>>>>>>>> point
>>>>>>>>>> * we create the membership based on the group key (final
>>>>>>>>>> MembershipTO membershipTO = new
>>>>>>>>>> MembershipTO.Builder().group(group.getKey()).build();)
>>>>>>>>>> * we add the membership to the user.
>>>>>>>>>>
>>>>>>>>>> Checking the return value of the last "add(membershipTO)", we
>>>>>>>>>> see that it's returning a "true", therefore we think that
>>>>>>>>>> everything went well, but when we enter into the admin
>>>>>>>>>> console of Syncope, the user has not being assigned to the
>>>>>>>>>> Group1.
>>>>>>>>>>
>>>>>>>>>> Is there a missing step?
>>>>>>>>>>
>>>>>>>>> you're near the solution. I presume you're working with
>>>>>>>>> UserTO. So, to update an user during the pull process, you
>>>>>>>>> must implement the assignment of the membership during
>>>>>>>>> beforeProvision, beforeAssign or beforeUpdate.
>>>>>>>>>
>>>>>>>>> Updating the UserTO in the "after" is too late. The only way
>>>>>>>>> to update an user in the after is with the DAO.
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>> Marco
>>>>>>>>>
>>>>>>>>>> Thanks
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 03/03/17 19:49, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Il 03/03/2017 15:53, Tech ha scritto:
>>>>>>>>>>>>
>>>>>>>>>>>> Hello Francesco,
>>>>>>>>>>>>
>>>>>>>>>>>> we went through the directory
>>>>>>>>>>>> core/src/test/resources/scriptedsql, but we didn't find any
>>>>>>>>>>>> concrete example that might help us to implement what we
>>>>>>>>>>>> might need to do, we were expecting that the solution was
>>>>>>>>>>>> in the PullActions, but we didn't understood that that was
>>>>>>>>>>>> addressing only __ACCOUNT__ and not groups.
>>>>>>>>>>>>
>>>>>>>>>>>> What steps should be followed to assign the User1 to Group1
>>>>>>>>>>>> in Syncope when the information into the database are
>>>>>>>>>>>> something like
>>>>>>>>>>>>
>>>>>>>>>>>> USERNAME | GROUP
>>>>>>>>>>>>
>>>>>>>>>>>> User1 | Group1
>>>>>>>>>>>>
>>>>>>>>>>>> User2 | Group1
>>>>>>>>>>>>
>>>>>>>>>>>> ?
>>>>>>>>>>> The Scripted Sqlallows to synchronize users, groups or any
>>>>>>>>>>> type. Groovy script gives the possibility to specify which
>>>>>>>>>>> type of object you like to manage, for example, during a
>>>>>>>>>>> search you can add different case statement one for each type:
>>>>>>>>>>>
>>>>>>>>>>> switch ( objectClass ) {
>>>>>>>>>>> case "__ACCOUNT__":
>>>>>>>>>>> sql.eachRow("SELECT * FROM Users " + where",
>>>>>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>>>>>>>>> NAME:it.name, ...,....])} );
>>>>>>>>>>> break
>>>>>>>>>>>
>>>>>>>>>>> case "__GROUPS__":
>>>>>>>>>>> sql.eachRow("SELECT * FROM Groups " + where",
>>>>>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>>>>>>>>> NAME:it.name, ...,....])} );
>>>>>>>>>>> break
>>>>>>>>>>>
>>>>>>>>>>> case "__DEPARTMENT__":
>>>>>>>>>>> sql.eachRow("SELECT * FROM Departments " + where",
>>>>>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, NAME:it.name,
>>>>>>>>>>> DEPARTMENT:it.department, ...,....])} );
>>>>>>>>>>> break
>>>>>>>>>>>
>>>>>>>>>>> default:
>>>>>>>>>>> result;
>>>>>>>>>>> }
>>>>>>>>>>>
>>>>>>>>>>> In order to assign a group to a user, you must implement a
>>>>>>>>>>> pull action. But before doing this, you have to know if
>>>>>>>>>>> thegroups already exist on Syncope or are to be created
>>>>>>>>>>> simultaneously with the users. In the first case you need to
>>>>>>>>>>> implement a simpler action:
>>>>>>>>>>>
>>>>>>>>>>> final UserTO userTO = (UserTO) entity;
>>>>>>>>>>>
>>>>>>>>>>> Group group = groupDAO.findByName(groupName);
>>>>>>>>>>> if (group == null) {
>>>>>>>>>>> throw new RuntimeException("Group not found");
>>>>>>>>>>> }
>>>>>>>>>>>
>>>>>>>>>>> final MembershipTO membershipTO = new
>>>>>>>>>>> MembershipTO.Builder().group(group.getKey()).build();
>>>>>>>>>>> userTO.getMemberships().add(membershipTO);
>>>>>>>>>>>
>>>>>>>>>>> second case you must create the group (with dao)
>>>>>>>>>>>
>>>>>>>>>>> Group group = groupDAO.findByName(groupName);
>>>>>>>>>>> if (group == null) {
>>>>>>>>>>> group = entityFactory.newEntity(Group.class);
>>>>>>>>>>> group.setRealm(realmDAO.getRoot());
>>>>>>>>>>> group.setName(groupName);
>>>>>>>>>>> group = groupDAO.save(courseGroup);
>>>>>>>>>>> }
>>>>>>>>>>>
>>>>>>>>>>> and then assign it to the user during the after action.
>>>>>>>>>>>
>>>>>>>>>>> Regards
>>>>>>>>>>> M
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On 01/03/17 14:40, Francesco Chicchiricc� wrote:
>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>> are you sure that you are using the Scripted SQL connector?
>>>>>>>>>>>>> The Database Table connector, in fact, only provides
>>>>>>>>>>>>> support for the __ACCOUNT__ ObjectClass, e.g. only for
>>>>>>>>>>>>> users, as suggested by the error below.
>>>>>>>>>>>>>
>>>>>>>>>>>>> In order to use the Scripted SQL connector, you must also
>>>>>>>>>>>>> provide the adequate Groovy scripts matching your own
>>>>>>>>>>>>> database schema; some samples can be found under the
>>>>>>>>>>>>>
>>>>>>>>>>>>> core/src/test/resources/scriptedsql
>>>>>>>>>>>>>
>>>>>>>>>>>>> directory of your generated Maven project.
>>>>>>>>>>>>>
>>>>>>>>>>>>> HTH
>>>>>>>>>>>>> Regards.
>>>>>>>>>>>>>
>>>>>>>>>>>>> On 27/02/2017 17:47, Tech wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hello,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> coming back to this point: we prepared the code to
>>>>>>>>>>>>>> integrate the group propagation from a DB to Syncope but
>>>>>>>>>>>>>> we encountered some problems.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Before integrating the code that we developed, we started
>>>>>>>>>>>>>> to add the concept of Group into our system.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> * Our database has a column called "role", where the
>>>>>>>>>>>>>> only content is "GroupTest".
>>>>>>>>>>>>>> * We created the group "GroupTest" also in Syncope to
>>>>>>>>>>>>>> have a 1:1 relation.
>>>>>>>>>>>>>> * We created the type "role" and we put it into the
>>>>>>>>>>>>>> "BaseGroup" schema.
>>>>>>>>>>>>>> * We go back to the resources and we Edit provision
>>>>>>>>>>>>>> rules, we add a Group that we map with name:role.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Since now on, every Pull, also the one for the Users,
>>>>>>>>>>>>>> will terminate in a FAILURE with the error:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> org.quartz.JobExecutionException: While pulling from
>>>>>>>>>>>>>> connector [See nested exception:
>>>>>>>>>>>>>> java.lang.IllegalArgumentException: Operation requires an
>>>>>>>>>>>>>> Account ObjectClass.]
>>>>>>>>>>>>>> at
>>>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>>>>>>>>>>>>>> at
>>>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>>>>>>>>>>>>>> at
>>>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>>>>>>>>>>>>>> at
>>>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
>>>>>>>>>>>>>> at
>>>>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>>>>>>>>> at
>>>>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>>>>>>>>>>>>> at
>>>>>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>>>>>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Removing the mapping of the group, everything will turn
>>>>>>>>>>>>>> back to normality.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Any idea why this could happen?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks!
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On 06/02/17 17:58, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Il 06/02/2017 17:41, Marco Di Sabatino Di Diodoro ha
>>>>>>>>>>>>>>> scritto:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Il 06/02/2017 17:11, Tech ha scritto:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Dear experts,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> we're pulling information from a database. We want to
>>>>>>>>>>>>>>>>> assign automatically a group to a user.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> The original table has a format like
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> -- "USERNAME" : "user01"
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> -- "ROLE": "employee"
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> In a pull task is possible to add a template. The
>>>>>>>>>>>>>>>> template can be used for setting default values on
>>>>>>>>>>>>>>>> entities during a pull task.
>>>>>>>>>>>>>>>> To configure a template go to Topology --> select the
>>>>>>>>>>>>>>>> external resource to pull --> Pull Task and click the
>>>>>>>>>>>>>>>> Template icon [1 Pull Templates].
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> [1]
>>>>>>>>>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#provisioning-pull
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> If a User is associated to a Group in your Database, and
>>>>>>>>>>>>>>> you like assign the corresponding User as a member of
>>>>>>>>>>>>>>> the corresponding Group in Syncope, you must implement a
>>>>>>>>>>>>>>> Pull Action [1]. Connid doesn't implement the assignment
>>>>>>>>>>>>>>> of a membership, so to obviate we can use a pull action.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> [1]
>>>>>>>>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#pullactions
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> We want the user being created into Syncope associated
>>>>>>>>>>>>>>>>> to the already existing group "employee", but we don't
>>>>>>>>>>>>>>>>> see how to create this association.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Is there any reference that we should check?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Francesco Chicchiricc�
>>>>>>>>>>>>>
>>>>>>>>>>>>> Tirasa - Open Source Excellence
>>>>>>>>>>>>> http://www.tirasa.net/
>>>>>>>>>>>>>
>>>>>>>>>>>>> Member at The Apache Software Foundation
>>>>>>>>>>>>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>>>>>>>>>>>>> http://home.apache.org/~ilgrosso/
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>>>>>>>> Tel. +39 3939065570
>>>>>>>>>>>
>>>>>>>>>>> Tirasa S.r.l.
>>>>>>>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>>>>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>>>>>>>> http://www.tirasa.net
>>>>>>>>>>>
>>>>>>>>>>> Apache Syncope PMC Member
>>>>>>>>>>> http://people.apache.org/~mdisabatino/
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>>>>>> Tel. +39 3939065570
>>>>>>>>>
>>>>>>>>> Tirasa S.r.l.
>>>>>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>>>>>> http://www.tirasa.net
>>>>>>>>>
>>>>>>>>> Apache Syncope PMC Member
>>>>>>>>> http://people.apache.org/~mdisabatino/
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>>>> Tel. +39 3939065570
>>>>>>>
>>>>>>> Tirasa S.r.l.
>>>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>>>> http://www.tirasa.net
>>>>>>>
>>>>>>> Apache Syncope PMC Member
>>>>>>> http://people.apache.org/~mdisabatino/
>>>>>>
>>>>>
>>>>
>>>
>>> --
>>> Dott. Marco Di Sabatino Di Diodoro
>>> Tel. +39 3939065570
>>>
>>> Tirasa S.r.l.
>>> Viale D'Annunzio 267 - 65127 Pescara
>>> Tel +39 0859116307 / FAX +39 0859111173
>>> http://www.tirasa.net
>>>
>>> Apache Syncope PMC Member
>>> http://people.apache.org/~mdisabatino/
>>
>
> --
> Dott. Marco Di Sabatino Di Diodoro
> Tel. +39 3939065570
>
> Tirasa S.r.l.
> Viale D'Annunzio 267 - 65127 Pescara
> Tel +39 0859116307 / FAX +39 0859111173
> http://www.tirasa.net
>
> Apache Syncope PMC Member
> http://people.apache.org/~mdisabatino/
Re: Assign group to user from DB
Posted by Marco Di Sabatino Di Diodoro <ma...@tirasa.net>.
Il 27/03/2017 17:12, Tech ha scritto:
>
> We used the After because we realized that in the first time we run
> the code the users were just created and only in the second time the
> code was executed the users were associated to the groups, while we
> wanted to have everything done at the same time.
>
"we run the code the users were just created"
during a create you must work with beforeProvisioning or beforeAssing
"in the second time"
What do you mean with this? You run sync task again?
> Here the code:
>
> @Transactional
> @Override
> public <A extends AnyTO, M extends AnyPatch> SyncDelta beforeUpdate(
> final ProvisioningProfile<?, ?> profile,
> final SyncDelta delta,
> final A any,
> final M anyPatch) throws JobExecutionException {
>
> if (any instanceof UserTO) {
> final UserTO userTO = ((UserTO) any);
> String userName = userTO.getUsername();
> try {
> Set<AttrTO> attrs = userTO.getPlainAttrs();
> for (AttrTO attr : attrs) {
> if
> (attr.getSchema().equalsIgnoreCase("group_column")) {
> Group oGroup =
> groupDAO.findByName(attr.getValues().get(0).toString());
> String oGroupName = oGroup.getName();
> String oGroupKey = oGroup.getKey();
> MembershipTO membershipTO = new
> MembershipTO.Builder().group(oGroupKey).build();
> LOG.warn("CHECK " + userName + " > membership
> before " + userTO.getMembershipMap().size());
> boolean res =
> userTO.getMemberships().add(membershipTO);
> LOG.warn("CHECK " + userName + " > membership
> after " + userTO.getMembershipMap().size());
> for (int i = 0; i <
> userTO.getMemberships().size(); i++) {
> LOG.warn("CHECK " + userName + " > print
> membership groupKey: " + userTO.getMemberships().get(i).getGroupKey());
> LOG.warn("CHECK " + userName + " > print
> membership groupName: " + userTO.getMemberships().get(i).getGroupName());
> }
> }
> }
> } catch (Exception e) {
> LOG.warn("Something happened...");
> }
> }
> return delta;
> }
>
"beforeUpdate" is called only if the user is already in Syncope, you
have to manipulate the UserPatch
final UserPatch userPatch = (UserPatch) anyMod;
final MembershipPatch membershipPatch = new
MembershipPatch.Builder().group(/oGroup.getKey()/).build();
userPatch.getMemberships().add(membershipPatch);
The UserTO is the old object before the sync task is happen.
Regards
Marco
>
>
>
>
>
> On 27.03.17 16:24, Marco Di Sabatino Di Diodoro wrote:
>>
>>
>>
>> Il 27/03/2017 15:03, Tech ha scritto:
>>>
>>> I can also mention that printing the content of:
>>>
>>> userTO.getMembership().get(0).getGroupKey()
>>>
>>> I can see correctly the group key, so the group is correctly
>>> assigned, but probably just not "committed"
>>>
>>>
>> During the after you can no longer change the user, it's too late.
>> Why do you say that during the before action the assignment doesn't
>> work?
>>
>> Please, paste your code
>> Thanks
>> M
>>>
>>>
>>>
>>>
>>> On 27/03/17 13:21, Tech wrote:
>>>>
>>>> Hello again,
>>>>
>>>> we saw that actually implement the membership in our case is not
>>>> really working with a before, but we should implement in an after.
>>>>
>>>> The group already exists in the system and we tried to implement in
>>>> this way:
>>>>
>>>> @Transactional
>>>> @Override
>>>> public void after(
>>>> final ProvisioningProfile<?, ?> profile,
>>>> final SyncDelta delta,
>>>> final EntityTO any,
>>>> final ProvisioningReport result) throws
>>>> JobExecutionException {
>>>>
>>>> if (any instanceof UserTO) {
>>>> final UserTO userTO = (UserTO) any;
>>>> try {
>>>> Set<AttrTO> attrs = userTO.getPlainAttrs();
>>>> for (AttrTO attr : attrs) {
>>>> if
>>>> (attr.getSchema().equalsIgnoreCase("column_group")) {
>>>> Group oGroup =
>>>> groupDAO.findByName(attr.getValues().get(0).toString());
>>>> final MembershipTO membershipTO = new
>>>> MembershipTO.Builder().group(oGroup.getKey()).build();
>>>> LOG.warn("Membership before
>>>> "+userTO.getMembershipMap().size()); // This will print 0
>>>> userTO.getMemberships().add(membershipTO);
>>>> LOG.warn("Membership after
>>>> "+userTO.getMembershipMap().size()); // This will print 1:
>>>> something happened here
>>>> }
>>>> }
>>>> } catch (Exception e) {
>>>> LOG.warn("Something happened...");
>>>> }
>>>> }
>>>> }
>>>>
>>>> After the userTO.getMembership().add(membershipTO) we see that the
>>>> "size()" value changes from 0 to 1, therefore we assume that the
>>>> membership has been assigned, but when we enter in the console
>>>> interface and we check the groups, nothing has changed and we see
>>>> that the user doesn't belong to any group.
>>>>
>>>> Is there any other missing action that should be taken?
>>>>
>>>> Thanks
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 06.03.17 17:12, Tech wrote:
>>>>>
>>>>> Yes, finally working, thanks a lot!
>>>>>
>>>>>
>>>>>
>>>>> On 06/03/17 16:51, Marco Di Sabatino Di Diodoro wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>> Il 06/03/2017 16:40, Tech ha scritto:
>>>>>>>
>>>>>>> Actually you were right, we used already a "beforeUpdate".
>>>>>>>
>>>>>>> Here the code, there is nothing strange apparently, the boolean
>>>>>>> "result" returns "true", but the user is not added to the group
>>>>>>>
>>>>>>>
>>>>>>> /
>>>>>>> /
>>>>>>>
>>>>>>> /@Transactional//
>>>>>>> // @Override//
>>>>>>> // public <A extends AnyTO, M extends AnyPatch> SyncDelta
>>>>>>> beforeUpdate(//
>>>>>>> // final ProvisioningProfile<?, ?> profile,//
>>>>>>> // final SyncDelta delta,//
>>>>>>> // final A any,//
>>>>>>> // final M anyPatch) throws JobExecutionException {//
>>>>>>> //
>>>>>>> // if (anyPatch instanceof UserPatch) {//
>>>>>>> // final UserTO user = ((UserTO) any);//
>>>>>>> // Group oGroup = null;/
>>>>>>>
>>>>>>> / String oGroupColumn = "group_colum";/
>>>>>>>
>>>>>>> / Set<AttrTO> attrs = user.getPlainAttrs();//
>>>>>>> /
>>>>>>>
>>>>>>> / for(AttrTO attr : attrs) {//
>>>>>>> //if(attr.getSchema().equalsIgnoreCase( oGroupColumn)){//
>>>>>>> // LOG.warn("We check the schema:"+
>>>>>>> attr.getSchema()); //Found//
>>>>>>> // LOG.warn("Content:
>>>>>>> "+attr.getValues().get(0).toString()); //Found//
>>>>>>> // oGroup =
>>>>>>> groupDAO.findByName(attr.getValues().get(0).toString());//
>>>>>>> // LOG.warn("Group Key: "+oGroup.getKey());
>>>>>>> //Group key correctly retrieved//
>>>>>>> // final MembershipTO membershipTO = new
>>>>>>> MembershipTO.Builder().group(oGroup.getKey()).build();//
>>>>>>> // LOG.warn("Check membership :"+
>>>>>>> membershipTO.getGroupKey()); //Correct, it corresponds to the
>>>>>>> previous group key//
>>>>>>> // LOG.warn("Get user key:"+
>>>>>>> user.getUsername()); // Correct, it corresponds to what found in
>>>>>>> Syncope DB//
>>>>>>> // boolean result =
>>>>>>> user.getMemberships().add(membershipTO); //
>>>>>>> // LOG.warn("Was the user added to the
>>>>>>> group?: "+result); // Returns true//
>>>>>>> // }//
>>>>>>> // group = user.getPlainAttrMap().get("role");//
>>>>>>> // }//
>>>>>>> // return delta;//
>>>>>>> // }//
>>>>>>> //
>>>>>>> /
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> If you're working in the beforeUpdate you need to update the
>>>>>> UserPatch object:
>>>>>>
>>>>>> final UserPatch userPatch = (UserPatch) anyMod;
>>>>>>
>>>>>> final MembershipPatch membershipPatch = new
>>>>>> MembershipPatch.Builder().group(/oGroup.getKey()/).build();
>>>>>> userPatch.getMemberships().add(membershipPatch);
>>>>>>
>>>>>> Regards
>>>>>> Marco
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 06/03/17 16:10, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>>
>>>>>>>> Il 06/03/2017 15:45, Tech ha scritto:
>>>>>>>>>
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>> as suggested, we started to work on the easiest case, we
>>>>>>>>> created the Group1 in Syncope manually and we inserted into
>>>>>>>>> the database column "Group" the entry "Group1".
>>>>>>>>>
>>>>>>>>> We implemented only an "after" in this case: we pulled the
>>>>>>>>> information into Syncope and after the java is running.
>>>>>>>>>
>>>>>>>>> Following the log we see that:
>>>>>>>>>
>>>>>>>>> * we are able to find the user, and his userkey
>>>>>>>>> * we are able to find the group column (a new custom field
>>>>>>>>> into Syncope)
>>>>>>>>> * we are able to find the group key of the group into
>>>>>>>>> Syncope, based on the group column found in the previous point
>>>>>>>>> * we create the membership based on the group key (final
>>>>>>>>> MembershipTO membershipTO = new
>>>>>>>>> MembershipTO.Builder().group(group.getKey()).build();)
>>>>>>>>> * we add the membership to the user.
>>>>>>>>>
>>>>>>>>> Checking the return value of the last "add(membershipTO)", we
>>>>>>>>> see that it's returning a "true", therefore we think that
>>>>>>>>> everything went well, but when we enter into the admin console
>>>>>>>>> of Syncope, the user has not being assigned to the Group1.
>>>>>>>>>
>>>>>>>>> Is there a missing step?
>>>>>>>>>
>>>>>>>> you're near the solution. I presume you're working with UserTO.
>>>>>>>> So, to update an user during the pull process, you must
>>>>>>>> implement the assignment of the membership during
>>>>>>>> beforeProvision, beforeAssign or beforeUpdate.
>>>>>>>>
>>>>>>>> Updating the UserTO in the "after" is too late. The only way to
>>>>>>>> update an user in the after is with the DAO.
>>>>>>>>
>>>>>>>> Regards
>>>>>>>> Marco
>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 03/03/17 19:49, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Il 03/03/2017 15:53, Tech ha scritto:
>>>>>>>>>>>
>>>>>>>>>>> Hello Francesco,
>>>>>>>>>>>
>>>>>>>>>>> we went through the directory
>>>>>>>>>>> core/src/test/resources/scriptedsql, but we didn't find any
>>>>>>>>>>> concrete example that might help us to implement what we
>>>>>>>>>>> might need to do, we were expecting that the solution was in
>>>>>>>>>>> the PullActions, but we didn't understood that that was
>>>>>>>>>>> addressing only __ACCOUNT__ and not groups.
>>>>>>>>>>>
>>>>>>>>>>> What steps should be followed to assign the User1 to Group1
>>>>>>>>>>> in Syncope when the information into the database are
>>>>>>>>>>> something like
>>>>>>>>>>>
>>>>>>>>>>> USERNAME | GROUP
>>>>>>>>>>>
>>>>>>>>>>> User1 | Group1
>>>>>>>>>>>
>>>>>>>>>>> User2 | Group1
>>>>>>>>>>>
>>>>>>>>>>> ?
>>>>>>>>>> The Scripted Sqlallows to synchronize users, groups or any
>>>>>>>>>> type. Groovy script gives the possibility to specify which
>>>>>>>>>> type of object you like to manage, for example, during a
>>>>>>>>>> search you can add different case statement one for each type:
>>>>>>>>>>
>>>>>>>>>> switch ( objectClass ) {
>>>>>>>>>> case "__ACCOUNT__":
>>>>>>>>>> sql.eachRow("SELECT * FROM Users " + where",
>>>>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>>>>>>>> NAME:it.name, ...,....])} );
>>>>>>>>>> break
>>>>>>>>>>
>>>>>>>>>> case "__GROUPS__":
>>>>>>>>>> sql.eachRow("SELECT * FROM Groups " + where",
>>>>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>>>>>>>> NAME:it.name, ...,....])} );
>>>>>>>>>> break
>>>>>>>>>>
>>>>>>>>>> case "__DEPARTMENT__":
>>>>>>>>>> sql.eachRow("SELECT * FROM Departments " + where",
>>>>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, NAME:it.name,
>>>>>>>>>> DEPARTMENT:it.department, ...,....])} );
>>>>>>>>>> break
>>>>>>>>>>
>>>>>>>>>> default:
>>>>>>>>>> result;
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> In order to assign a group to a user, you must implement a
>>>>>>>>>> pull action. But before doing this, you have to know if
>>>>>>>>>> thegroups already exist on Syncope or are to be created
>>>>>>>>>> simultaneously with the users. In the first case you need to
>>>>>>>>>> implement a simpler action:
>>>>>>>>>>
>>>>>>>>>> final UserTO userTO = (UserTO) entity;
>>>>>>>>>>
>>>>>>>>>> Group group = groupDAO.findByName(groupName);
>>>>>>>>>> if (group == null) {
>>>>>>>>>> throw new RuntimeException("Group not found");
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> final MembershipTO membershipTO = new
>>>>>>>>>> MembershipTO.Builder().group(group.getKey()).build();
>>>>>>>>>> userTO.getMemberships().add(membershipTO);
>>>>>>>>>>
>>>>>>>>>> second case you must create the group (with dao)
>>>>>>>>>>
>>>>>>>>>> Group group = groupDAO.findByName(groupName);
>>>>>>>>>> if (group == null) {
>>>>>>>>>> group = entityFactory.newEntity(Group.class);
>>>>>>>>>> group.setRealm(realmDAO.getRoot());
>>>>>>>>>> group.setName(groupName);
>>>>>>>>>> group = groupDAO.save(courseGroup);
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> and then assign it to the user during the after action.
>>>>>>>>>>
>>>>>>>>>> Regards
>>>>>>>>>> M
>>>>>>>>>>>
>>>>>>>>>>> Thanks
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On 01/03/17 14:40, Francesco Chicchiriccò wrote:
>>>>>>>>>>>> Hi,
>>>>>>>>>>>> are you sure that you are using the Scripted SQL connector?
>>>>>>>>>>>> The Database Table connector, in fact, only provides
>>>>>>>>>>>> support for the __ACCOUNT__ ObjectClass, e.g. only for
>>>>>>>>>>>> users, as suggested by the error below.
>>>>>>>>>>>>
>>>>>>>>>>>> In order to use the Scripted SQL connector, you must also
>>>>>>>>>>>> provide the adequate Groovy scripts matching your own
>>>>>>>>>>>> database schema; some samples can be found under the
>>>>>>>>>>>>
>>>>>>>>>>>> core/src/test/resources/scriptedsql
>>>>>>>>>>>>
>>>>>>>>>>>> directory of your generated Maven project.
>>>>>>>>>>>>
>>>>>>>>>>>> HTH
>>>>>>>>>>>> Regards.
>>>>>>>>>>>>
>>>>>>>>>>>> On 27/02/2017 17:47, Tech wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hello,
>>>>>>>>>>>>>
>>>>>>>>>>>>> coming back to this point: we prepared the code to
>>>>>>>>>>>>> integrate the group propagation from a DB to Syncope but
>>>>>>>>>>>>> we encountered some problems.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Before integrating the code that we developed, we started
>>>>>>>>>>>>> to add the concept of Group into our system.
>>>>>>>>>>>>>
>>>>>>>>>>>>> * Our database has a column called "role", where the
>>>>>>>>>>>>> only content is "GroupTest".
>>>>>>>>>>>>> * We created the group "GroupTest" also in Syncope to
>>>>>>>>>>>>> have a 1:1 relation.
>>>>>>>>>>>>> * We created the type "role" and we put it into the
>>>>>>>>>>>>> "BaseGroup" schema.
>>>>>>>>>>>>> * We go back to the resources and we Edit provision
>>>>>>>>>>>>> rules, we add a Group that we map with name:role.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Since now on, every Pull, also the one for the Users, will
>>>>>>>>>>>>> terminate in a FAILURE with the error:
>>>>>>>>>>>>>
>>>>>>>>>>>>> org.quartz.JobExecutionException: While pulling from
>>>>>>>>>>>>> connector [See nested exception:
>>>>>>>>>>>>> java.lang.IllegalArgumentException: Operation requires an
>>>>>>>>>>>>> Account ObjectClass.]
>>>>>>>>>>>>> at
>>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>>>>>>>>>>>>> at
>>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>>>>>>>>>>>>> at
>>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>>>>>>>>>>>>> at
>>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
>>>>>>>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>>>>>>>>>>> Method)
>>>>>>>>>>>>> at
>>>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>>>>>>>>>>>> at
>>>>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>>>>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Removing the mapping of the group, everything will turn
>>>>>>>>>>>>> back to normality.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Any idea why this could happen?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks!
>>>>>>>>>>>>>
>>>>>>>>>>>>> On 06/02/17 17:58, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Il 06/02/2017 17:41, Marco Di Sabatino Di Diodoro ha scritto:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Il 06/02/2017 17:11, Tech ha scritto:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Dear experts,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> we're pulling information from a database. We want to
>>>>>>>>>>>>>>>> assign automatically a group to a user.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> The original table has a format like
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> -- "USERNAME" : "user01"
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> -- "ROLE": "employee"
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> In a pull task is possible to add a template. The
>>>>>>>>>>>>>>> template can be used for setting default values on
>>>>>>>>>>>>>>> entities during a pull task.
>>>>>>>>>>>>>>> To configure a template go to Topology --> select the
>>>>>>>>>>>>>>> external resource to pull --> Pull Task and click the
>>>>>>>>>>>>>>> Template icon [1 Pull Templates].
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> [1]
>>>>>>>>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#provisioning-pull
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> If a User is associated to a Group in your Database, and
>>>>>>>>>>>>>> you like assign the corresponding User as a member of the
>>>>>>>>>>>>>> corresponding Group in Syncope, you must implement a Pull
>>>>>>>>>>>>>> Action [1]. Connid doesn't implement the assignment of a
>>>>>>>>>>>>>> membership, so to obviate we can use a pull action.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> [1]
>>>>>>>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#pullactions
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> We want the user being created into Syncope associated
>>>>>>>>>>>>>>>> to the already existing group "employee", but we don't
>>>>>>>>>>>>>>>> see how to create this association.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Is there any reference that we should check?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Francesco Chicchiriccò
>>>>>>>>>>>>
>>>>>>>>>>>> Tirasa - Open Source Excellence
>>>>>>>>>>>> http://www.tirasa.net/
>>>>>>>>>>>>
>>>>>>>>>>>> Member at The Apache Software Foundation
>>>>>>>>>>>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>>>>>>>>>>>> http://home.apache.org/~ilgrosso/
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>>>>>>> Tel. +39 3939065570
>>>>>>>>>>
>>>>>>>>>> Tirasa S.r.l.
>>>>>>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>>>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>>>>>>> http://www.tirasa.net
>>>>>>>>>>
>>>>>>>>>> Apache Syncope PMC Member
>>>>>>>>>> http://people.apache.org/~mdisabatino/
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>>>>> Tel. +39 3939065570
>>>>>>>>
>>>>>>>> Tirasa S.r.l.
>>>>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>>>>> http://www.tirasa.net
>>>>>>>>
>>>>>>>> Apache Syncope PMC Member
>>>>>>>> http://people.apache.org/~mdisabatino/
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>>> Tel. +39 3939065570
>>>>>>
>>>>>> Tirasa S.r.l.
>>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>>> http://www.tirasa.net
>>>>>>
>>>>>> Apache Syncope PMC Member
>>>>>> http://people.apache.org/~mdisabatino/
>>>>>
>>>>
>>>
>>
>> --
>> Dott. Marco Di Sabatino Di Diodoro
>> Tel. +39 3939065570
>>
>> Tirasa S.r.l.
>> Viale D'Annunzio 267 - 65127 Pescara
>> Tel +39 0859116307 / FAX +39 0859111173
>> http://www.tirasa.net
>>
>> Apache Syncope PMC Member
>> http://people.apache.org/~mdisabatino/
>
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
Re: Assign group to user from DB
Posted by Tech <te...@psynd.net>.
We used the After because we realized that in the first time we run the
code the users were just created and only in the second time the code
was executed the users were associated to the groups, while we wanted to
have everything done at the same time.
Here the code:
@Transactional
@Override
public <A extends AnyTO, M extends AnyPatch> SyncDelta beforeUpdate(
final ProvisioningProfile<?, ?> profile,
final SyncDelta delta,
final A any,
final M anyPatch) throws JobExecutionException {
if (any instanceof UserTO) {
final UserTO userTO = ((UserTO) any);
String userName = userTO.getUsername();
try {
Set<AttrTO> attrs = userTO.getPlainAttrs();
for (AttrTO attr : attrs) {
if
(attr.getSchema().equalsIgnoreCase("group_column")) {
Group oGroup =
groupDAO.findByName(attr.getValues().get(0).toString());
String oGroupName = oGroup.getName();
String oGroupKey = oGroup.getKey();
MembershipTO membershipTO = new
MembershipTO.Builder().group(oGroupKey).build();
LOG.warn("CHECK " + userName + " > membership
before " + userTO.getMembershipMap().size());
boolean res =
userTO.getMemberships().add(membershipTO);
LOG.warn("CHECK " + userName + " > membership
after " + userTO.getMembershipMap().size());
for (int i = 0; i <
userTO.getMemberships().size(); i++) {
LOG.warn("CHECK " + userName + " > print
membership groupKey: " + userTO.getMemberships().get(i).getGroupKey());
LOG.warn("CHECK " + userName + " > print
membership groupName: " + userTO.getMemberships().get(i).getGroupName());
}
}
}
} catch (Exception e) {
LOG.warn("Something happened...");
}
}
return delta;
}
On 27.03.17 16:24, Marco Di Sabatino Di Diodoro wrote:
>
>
>
> Il 27/03/2017 15:03, Tech ha scritto:
>>
>> I can also mention that printing the content of:
>>
>> userTO.getMembership().get(0).getGroupKey()
>>
>> I can see correctly the group key, so the group is correctly
>> assigned, but probably just not "committed"
>>
>>
> During the after you can no longer change the user, it's too late.
> Why do you say that during the before action the assignment doesn't work?
>
> Please, paste your code
> Thanks
> M
>>
>>
>>
>>
>> On 27/03/17 13:21, Tech wrote:
>>>
>>> Hello again,
>>>
>>> we saw that actually implement the membership in our case is not
>>> really working with a before, but we should implement in an after.
>>>
>>> The group already exists in the system and we tried to implement in
>>> this way:
>>>
>>> @Transactional
>>> @Override
>>> public void after(
>>> final ProvisioningProfile<?, ?> profile,
>>> final SyncDelta delta,
>>> final EntityTO any,
>>> final ProvisioningReport result) throws
>>> JobExecutionException {
>>>
>>> if (any instanceof UserTO) {
>>> final UserTO userTO = (UserTO) any;
>>> try {
>>> Set<AttrTO> attrs = userTO.getPlainAttrs();
>>> for (AttrTO attr : attrs) {
>>> if
>>> (attr.getSchema().equalsIgnoreCase("column_group")) {
>>> Group oGroup =
>>> groupDAO.findByName(attr.getValues().get(0).toString());
>>> final MembershipTO membershipTO = new
>>> MembershipTO.Builder().group(oGroup.getKey()).build();
>>> LOG.warn("Membership before
>>> "+userTO.getMembershipMap().size()); // This will print 0
>>> userTO.getMemberships().add(membershipTO);
>>> LOG.warn("Membership after
>>> "+userTO.getMembershipMap().size()); // This will print 1:
>>> something happened here
>>> }
>>> }
>>> } catch (Exception e) {
>>> LOG.warn("Something happened...");
>>> }
>>> }
>>> }
>>>
>>> After the userTO.getMembership().add(membershipTO) we see that the
>>> "size()" value changes from 0 to 1, therefore we assume that the
>>> membership has been assigned, but when we enter in the console
>>> interface and we check the groups, nothing has changed and we see
>>> that the user doesn't belong to any group.
>>>
>>> Is there any other missing action that should be taken?
>>>
>>> Thanks
>>>
>>>
>>>
>>>
>>>
>>>
>>> On 06.03.17 17:12, Tech wrote:
>>>>
>>>> Yes, finally working, thanks a lot!
>>>>
>>>>
>>>>
>>>> On 06/03/17 16:51, Marco Di Sabatino Di Diodoro wrote:
>>>>>
>>>>>
>>>>>
>>>>> Il 06/03/2017 16:40, Tech ha scritto:
>>>>>>
>>>>>> Actually you were right, we used already a "beforeUpdate".
>>>>>>
>>>>>> Here the code, there is nothing strange apparently, the boolean
>>>>>> "result" returns "true", but the user is not added to the group
>>>>>>
>>>>>>
>>>>>> /
>>>>>> /
>>>>>>
>>>>>> /@Transactional//
>>>>>> // @Override//
>>>>>> // public <A extends AnyTO, M extends AnyPatch> SyncDelta
>>>>>> beforeUpdate(//
>>>>>> // final ProvisioningProfile<?, ?> profile,//
>>>>>> // final SyncDelta delta,//
>>>>>> // final A any,//
>>>>>> // final M anyPatch) throws JobExecutionException {//
>>>>>> //
>>>>>> // if (anyPatch instanceof UserPatch) {//
>>>>>> // final UserTO user = ((UserTO) any);//
>>>>>> // Group oGroup = null;/
>>>>>>
>>>>>> / String oGroupColumn = "group_colum";/
>>>>>>
>>>>>> / Set<AttrTO> attrs = user.getPlainAttrs();//
>>>>>> /
>>>>>>
>>>>>> / for(AttrTO attr : attrs) {//
>>>>>> //if(attr.getSchema().equalsIgnoreCase( oGroupColumn)){//
>>>>>> // LOG.warn("We check the schema:"+
>>>>>> attr.getSchema()); //Found//
>>>>>> // LOG.warn("Content:
>>>>>> "+attr.getValues().get(0).toString()); //Found//
>>>>>> // oGroup =
>>>>>> groupDAO.findByName(attr.getValues().get(0).toString());//
>>>>>> // LOG.warn("Group Key: "+oGroup.getKey());
>>>>>> //Group key correctly retrieved//
>>>>>> // final MembershipTO membershipTO = new
>>>>>> MembershipTO.Builder().group(oGroup.getKey()).build();//
>>>>>> // LOG.warn("Check membership :"+
>>>>>> membershipTO.getGroupKey()); //Correct, it corresponds to the
>>>>>> previous group key//
>>>>>> // LOG.warn("Get user key:"+
>>>>>> user.getUsername()); // Correct, it corresponds to what found in
>>>>>> Syncope DB//
>>>>>> // boolean result =
>>>>>> user.getMemberships().add(membershipTO); //
>>>>>> // LOG.warn("Was the user added to the group?:
>>>>>> "+result); // Returns true//
>>>>>> // }//
>>>>>> // group = user.getPlainAttrMap().get("role");//
>>>>>> // }//
>>>>>> // return delta;//
>>>>>> // }//
>>>>>> //
>>>>>> /
>>>>>>
>>>>>>
>>>>>
>>>>> If you're working in the beforeUpdate you need to update the
>>>>> UserPatch object:
>>>>>
>>>>> final UserPatch userPatch = (UserPatch) anyMod;
>>>>>
>>>>> final MembershipPatch membershipPatch = new
>>>>> MembershipPatch.Builder().group(/oGroup.getKey()/).build();
>>>>> userPatch.getMemberships().add(membershipPatch);
>>>>>
>>>>> Regards
>>>>> Marco
>>>>>
>>>>>>
>>>>>>
>>>>>> On 06/03/17 16:10, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>>
>>>>>>> Il 06/03/2017 15:45, Tech ha scritto:
>>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> as suggested, we started to work on the easiest case, we
>>>>>>>> created the Group1 in Syncope manually and we inserted into the
>>>>>>>> database column "Group" the entry "Group1".
>>>>>>>>
>>>>>>>> We implemented only an "after" in this case: we pulled the
>>>>>>>> information into Syncope and after the java is running.
>>>>>>>>
>>>>>>>> Following the log we see that:
>>>>>>>>
>>>>>>>> * we are able to find the user, and his userkey
>>>>>>>> * we are able to find the group column (a new custom field
>>>>>>>> into Syncope)
>>>>>>>> * we are able to find the group key of the group into
>>>>>>>> Syncope, based on the group column found in the previous point
>>>>>>>> * we create the membership based on the group key (final
>>>>>>>> MembershipTO membershipTO = new
>>>>>>>> MembershipTO.Builder().group(group.getKey()).build();)
>>>>>>>> * we add the membership to the user.
>>>>>>>>
>>>>>>>> Checking the return value of the last "add(membershipTO)", we
>>>>>>>> see that it's returning a "true", therefore we think that
>>>>>>>> everything went well, but when we enter into the admin console
>>>>>>>> of Syncope, the user has not being assigned to the Group1.
>>>>>>>>
>>>>>>>> Is there a missing step?
>>>>>>>>
>>>>>>> you're near the solution. I presume you're working with UserTO.
>>>>>>> So, to update an user during the pull process, you must
>>>>>>> implement the assignment of the membership during
>>>>>>> beforeProvision, beforeAssign or beforeUpdate.
>>>>>>>
>>>>>>> Updating the UserTO in the "after" is too late. The only way to
>>>>>>> update an user in the after is with the DAO.
>>>>>>>
>>>>>>> Regards
>>>>>>> Marco
>>>>>>>
>>>>>>>> Thanks
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 03/03/17 19:49, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Il 03/03/2017 15:53, Tech ha scritto:
>>>>>>>>>>
>>>>>>>>>> Hello Francesco,
>>>>>>>>>>
>>>>>>>>>> we went through the directory
>>>>>>>>>> core/src/test/resources/scriptedsql, but we didn't find any
>>>>>>>>>> concrete example that might help us to implement what we
>>>>>>>>>> might need to do, we were expecting that the solution was in
>>>>>>>>>> the PullActions, but we didn't understood that that was
>>>>>>>>>> addressing only __ACCOUNT__ and not groups.
>>>>>>>>>>
>>>>>>>>>> What steps should be followed to assign the User1 to Group1
>>>>>>>>>> in Syncope when the information into the database are
>>>>>>>>>> something like
>>>>>>>>>>
>>>>>>>>>> USERNAME | GROUP
>>>>>>>>>>
>>>>>>>>>> User1 | Group1
>>>>>>>>>>
>>>>>>>>>> User2 | Group1
>>>>>>>>>>
>>>>>>>>>> ?
>>>>>>>>> The Scripted Sqlallows to synchronize users, groups or any
>>>>>>>>> type. Groovy script gives the possibility to specify which
>>>>>>>>> type of object you like to manage, for example, during a
>>>>>>>>> search you can add different case statement one for each type:
>>>>>>>>>
>>>>>>>>> switch ( objectClass ) {
>>>>>>>>> case "__ACCOUNT__":
>>>>>>>>> sql.eachRow("SELECT * FROM Users " + where",
>>>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>>>>>>> NAME:it.name, ...,....])} );
>>>>>>>>> break
>>>>>>>>>
>>>>>>>>> case "__GROUPS__":
>>>>>>>>> sql.eachRow("SELECT * FROM Groups " + where",
>>>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>>>>>>> NAME:it.name, ...,....])} );
>>>>>>>>> break
>>>>>>>>>
>>>>>>>>> case "__DEPARTMENT__":
>>>>>>>>> sql.eachRow("SELECT * FROM Departments " + where",
>>>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, NAME:it.name,
>>>>>>>>> DEPARTMENT:it.department, ...,....])} );
>>>>>>>>> break
>>>>>>>>>
>>>>>>>>> default:
>>>>>>>>> result;
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> In order to assign a group to a user, you must implement a
>>>>>>>>> pull action. But before doing this, you have to know if
>>>>>>>>> thegroups already exist on Syncope or are to be created
>>>>>>>>> simultaneously with the users. In the first case you need to
>>>>>>>>> implement a simpler action:
>>>>>>>>>
>>>>>>>>> final UserTO userTO = (UserTO) entity;
>>>>>>>>>
>>>>>>>>> Group group = groupDAO.findByName(groupName);
>>>>>>>>> if (group == null) {
>>>>>>>>> throw new RuntimeException("Group not found");
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> final MembershipTO membershipTO = new
>>>>>>>>> MembershipTO.Builder().group(group.getKey()).build();
>>>>>>>>> userTO.getMemberships().add(membershipTO);
>>>>>>>>>
>>>>>>>>> second case you must create the group (with dao)
>>>>>>>>>
>>>>>>>>> Group group = groupDAO.findByName(groupName);
>>>>>>>>> if (group == null) {
>>>>>>>>> group = entityFactory.newEntity(Group.class);
>>>>>>>>> group.setRealm(realmDAO.getRoot());
>>>>>>>>> group.setName(groupName);
>>>>>>>>> group = groupDAO.save(courseGroup);
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> and then assign it to the user during the after action.
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>> M
>>>>>>>>>>
>>>>>>>>>> Thanks
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 01/03/17 14:40, Francesco Chicchiricc� wrote:
>>>>>>>>>>> Hi,
>>>>>>>>>>> are you sure that you are using the Scripted SQL connector?
>>>>>>>>>>> The Database Table connector, in fact, only provides support
>>>>>>>>>>> for the __ACCOUNT__ ObjectClass, e.g. only for users, as
>>>>>>>>>>> suggested by the error below.
>>>>>>>>>>>
>>>>>>>>>>> In order to use the Scripted SQL connector, you must also
>>>>>>>>>>> provide the adequate Groovy scripts matching your own
>>>>>>>>>>> database schema; some samples can be found under the
>>>>>>>>>>>
>>>>>>>>>>> core/src/test/resources/scriptedsql
>>>>>>>>>>>
>>>>>>>>>>> directory of your generated Maven project.
>>>>>>>>>>>
>>>>>>>>>>> HTH
>>>>>>>>>>> Regards.
>>>>>>>>>>>
>>>>>>>>>>> On 27/02/2017 17:47, Tech wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Hello,
>>>>>>>>>>>>
>>>>>>>>>>>> coming back to this point: we prepared the code to
>>>>>>>>>>>> integrate the group propagation from a DB to Syncope but we
>>>>>>>>>>>> encountered some problems.
>>>>>>>>>>>>
>>>>>>>>>>>> Before integrating the code that we developed, we started
>>>>>>>>>>>> to add the concept of Group into our system.
>>>>>>>>>>>>
>>>>>>>>>>>> * Our database has a column called "role", where the only
>>>>>>>>>>>> content is "GroupTest".
>>>>>>>>>>>> * We created the group "GroupTest" also in Syncope to
>>>>>>>>>>>> have a 1:1 relation.
>>>>>>>>>>>> * We created the type "role" and we put it into the
>>>>>>>>>>>> "BaseGroup" schema.
>>>>>>>>>>>> * We go back to the resources and we Edit provision
>>>>>>>>>>>> rules, we add a Group that we map with name:role.
>>>>>>>>>>>>
>>>>>>>>>>>> Since now on, every Pull, also the one for the Users, will
>>>>>>>>>>>> terminate in a FAILURE with the error:
>>>>>>>>>>>>
>>>>>>>>>>>> org.quartz.JobExecutionException: While pulling from
>>>>>>>>>>>> connector [See nested exception:
>>>>>>>>>>>> java.lang.IllegalArgumentException: Operation requires an
>>>>>>>>>>>> Account ObjectClass.]
>>>>>>>>>>>> at
>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>>>>>>>>>>>> at
>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>>>>>>>>>>>> at
>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>>>>>>>>>>>> at
>>>>>>>>>>>> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
>>>>>>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>>>>>>>>>> Method)
>>>>>>>>>>>> at
>>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>>>>>>>>>>> at
>>>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>>>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Removing the mapping of the group, everything will turn
>>>>>>>>>>>> back to normality.
>>>>>>>>>>>>
>>>>>>>>>>>> Any idea why this could happen?
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks!
>>>>>>>>>>>>
>>>>>>>>>>>> On 06/02/17 17:58, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Il 06/02/2017 17:41, Marco Di Sabatino Di Diodoro ha scritto:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Il 06/02/2017 17:11, Tech ha scritto:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Dear experts,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> we're pulling information from a database. We want to
>>>>>>>>>>>>>>> assign automatically a group to a user.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> The original table has a format like
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> -- "USERNAME" : "user01"
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> -- "ROLE": "employee"
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> In a pull task is possible to add a template. The
>>>>>>>>>>>>>> template can be used for setting default values on
>>>>>>>>>>>>>> entities during a pull task.
>>>>>>>>>>>>>> To configure a template go to Topology --> select the
>>>>>>>>>>>>>> external resource to pull --> Pull Task and click the
>>>>>>>>>>>>>> Template icon [1 Pull Templates].
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> [1]
>>>>>>>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#provisioning-pull
>>>>>>>>>>>>>
>>>>>>>>>>>>> If a User is associated to a Group in your Database, and
>>>>>>>>>>>>> you like assign the corresponding User as a member of the
>>>>>>>>>>>>> corresponding Group in Syncope, you must implement a Pull
>>>>>>>>>>>>> Action [1]. Connid doesn't implement the assignment of a
>>>>>>>>>>>>> membership, so to obviate we can use a pull action.
>>>>>>>>>>>>>
>>>>>>>>>>>>> [1]
>>>>>>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#pullactions
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> We want the user being created into Syncope associated
>>>>>>>>>>>>>>> to the already existing group "employee", but we don't
>>>>>>>>>>>>>>> see how to create this association.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Is there any reference that we should check?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Francesco Chicchiricc�
>>>>>>>>>>>
>>>>>>>>>>> Tirasa - Open Source Excellence
>>>>>>>>>>> http://www.tirasa.net/
>>>>>>>>>>>
>>>>>>>>>>> Member at The Apache Software Foundation
>>>>>>>>>>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>>>>>>>>>>> http://home.apache.org/~ilgrosso/
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>>>>>> Tel. +39 3939065570
>>>>>>>>>
>>>>>>>>> Tirasa S.r.l.
>>>>>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>>>>>> http://www.tirasa.net
>>>>>>>>>
>>>>>>>>> Apache Syncope PMC Member
>>>>>>>>> http://people.apache.org/~mdisabatino/
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>>>> Tel. +39 3939065570
>>>>>>>
>>>>>>> Tirasa S.r.l.
>>>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>>>> http://www.tirasa.net
>>>>>>>
>>>>>>> Apache Syncope PMC Member
>>>>>>> http://people.apache.org/~mdisabatino/
>>>>>>
>>>>>
>>>>> --
>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>> Tel. +39 3939065570
>>>>>
>>>>> Tirasa S.r.l.
>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>> http://www.tirasa.net
>>>>>
>>>>> Apache Syncope PMC Member
>>>>> http://people.apache.org/~mdisabatino/
>>>>
>>>
>>
>
> --
> Dott. Marco Di Sabatino Di Diodoro
> Tel. +39 3939065570
>
> Tirasa S.r.l.
> Viale D'Annunzio 267 - 65127 Pescara
> Tel +39 0859116307 / FAX +39 0859111173
> http://www.tirasa.net
>
> Apache Syncope PMC Member
> http://people.apache.org/~mdisabatino/
Re: Assign group to user from DB
Posted by Marco Di Sabatino Di Diodoro <ma...@tirasa.net>.
Il 27/03/2017 15:03, Tech ha scritto:
>
> I can also mention that printing the content of:
>
> userTO.getMembership().get(0).getGroupKey()
>
> I can see correctly the group key, so the group is correctly assigned,
> but probably just not "committed"
>
>
During the after you can no longer change the user, it's too late.
Why do you say that during the before action the assignment doesn't work?
Please, paste your code
Thanks
M
>
>
>
>
> On 27/03/17 13:21, Tech wrote:
>>
>> Hello again,
>>
>> we saw that actually implement the membership in our case is not
>> really working with a before, but we should implement in an after.
>>
>> The group already exists in the system and we tried to implement in
>> this way:
>>
>> @Transactional
>> @Override
>> public void after(
>> final ProvisioningProfile<?, ?> profile,
>> final SyncDelta delta,
>> final EntityTO any,
>> final ProvisioningReport result) throws
>> JobExecutionException {
>>
>> if (any instanceof UserTO) {
>> final UserTO userTO = (UserTO) any;
>> try {
>> Set<AttrTO> attrs = userTO.getPlainAttrs();
>> for (AttrTO attr : attrs) {
>> if
>> (attr.getSchema().equalsIgnoreCase("column_group")) {
>> Group oGroup =
>> groupDAO.findByName(attr.getValues().get(0).toString());
>> final MembershipTO membershipTO = new
>> MembershipTO.Builder().group(oGroup.getKey()).build();
>> LOG.warn("Membership before
>> "+userTO.getMembershipMap().size()); // This will print 0
>> userTO.getMemberships().add(membershipTO);
>> LOG.warn("Membership after
>> "+userTO.getMembershipMap().size()); // This will print 1:
>> something happened here
>> }
>> }
>> } catch (Exception e) {
>> LOG.warn("Something happened...");
>> }
>> }
>> }
>>
>> After the userTO.getMembership().add(membershipTO) we see that the
>> "size()" value changes from 0 to 1, therefore we assume that the
>> membership has been assigned, but when we enter in the console
>> interface and we check the groups, nothing has changed and we see
>> that the user doesn't belong to any group.
>>
>> Is there any other missing action that should be taken?
>>
>> Thanks
>>
>>
>>
>>
>>
>>
>> On 06.03.17 17:12, Tech wrote:
>>>
>>> Yes, finally working, thanks a lot!
>>>
>>>
>>>
>>> On 06/03/17 16:51, Marco Di Sabatino Di Diodoro wrote:
>>>>
>>>>
>>>>
>>>> Il 06/03/2017 16:40, Tech ha scritto:
>>>>>
>>>>> Actually you were right, we used already a "beforeUpdate".
>>>>>
>>>>> Here the code, there is nothing strange apparently, the boolean
>>>>> "result" returns "true", but the user is not added to the group
>>>>>
>>>>>
>>>>> /
>>>>> /
>>>>>
>>>>> /@Transactional//
>>>>> // @Override//
>>>>> // public <A extends AnyTO, M extends AnyPatch> SyncDelta
>>>>> beforeUpdate(//
>>>>> // final ProvisioningProfile<?, ?> profile,//
>>>>> // final SyncDelta delta,//
>>>>> // final A any,//
>>>>> // final M anyPatch) throws JobExecutionException {//
>>>>> //
>>>>> // if (anyPatch instanceof UserPatch) {//
>>>>> // final UserTO user = ((UserTO) any);//
>>>>> // Group oGroup = null;/
>>>>>
>>>>> / String oGroupColumn = "group_colum";/
>>>>>
>>>>> / Set<AttrTO> attrs = user.getPlainAttrs();//
>>>>> /
>>>>>
>>>>> / for(AttrTO attr : attrs) {//
>>>>> //if(attr.getSchema().equalsIgnoreCase( oGroupColumn)){//
>>>>> // LOG.warn("We check the schema:"+
>>>>> attr.getSchema()); //Found//
>>>>> // LOG.warn("Content:
>>>>> "+attr.getValues().get(0).toString()); //Found//
>>>>> // oGroup =
>>>>> groupDAO.findByName(attr.getValues().get(0).toString());//
>>>>> // LOG.warn("Group Key: "+oGroup.getKey());
>>>>> //Group key correctly retrieved//
>>>>> // final MembershipTO membershipTO = new
>>>>> MembershipTO.Builder().group(oGroup.getKey()).build();//
>>>>> // LOG.warn("Check membership :"+
>>>>> membershipTO.getGroupKey()); //Correct, it corresponds to the
>>>>> previous group key//
>>>>> // LOG.warn("Get user key:"+
>>>>> user.getUsername()); // Correct, it corresponds to what found in
>>>>> Syncope DB//
>>>>> // boolean result =
>>>>> user.getMemberships().add(membershipTO); //
>>>>> // LOG.warn("Was the user added to the group?:
>>>>> "+result); // Returns true//
>>>>> // }//
>>>>> // group = user.getPlainAttrMap().get("role");//
>>>>> // }//
>>>>> // return delta;//
>>>>> // }//
>>>>> //
>>>>> /
>>>>>
>>>>>
>>>>
>>>> If you're working in the beforeUpdate you need to update the
>>>> UserPatch object:
>>>>
>>>> final UserPatch userPatch = (UserPatch) anyMod;
>>>>
>>>> final MembershipPatch membershipPatch = new
>>>> MembershipPatch.Builder().group(/oGroup.getKey()/).build();
>>>> userPatch.getMemberships().add(membershipPatch);
>>>>
>>>> Regards
>>>> Marco
>>>>
>>>>>
>>>>>
>>>>> On 06/03/17 16:10, Marco Di Sabatino Di Diodoro wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>>
>>>>>> Il 06/03/2017 15:45, Tech ha scritto:
>>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> as suggested, we started to work on the easiest case, we created
>>>>>>> the Group1 in Syncope manually and we inserted into the database
>>>>>>> column "Group" the entry "Group1".
>>>>>>>
>>>>>>> We implemented only an "after" in this case: we pulled the
>>>>>>> information into Syncope and after the java is running.
>>>>>>>
>>>>>>> Following the log we see that:
>>>>>>>
>>>>>>> * we are able to find the user, and his userkey
>>>>>>> * we are able to find the group column (a new custom field
>>>>>>> into Syncope)
>>>>>>> * we are able to find the group key of the group into Syncope,
>>>>>>> based on the group column found in the previous point
>>>>>>> * we create the membership based on the group key (final
>>>>>>> MembershipTO membershipTO = new
>>>>>>> MembershipTO.Builder().group(group.getKey()).build();)
>>>>>>> * we add the membership to the user.
>>>>>>>
>>>>>>> Checking the return value of the last "add(membershipTO)", we
>>>>>>> see that it's returning a "true", therefore we think that
>>>>>>> everything went well, but when we enter into the admin console
>>>>>>> of Syncope, the user has not being assigned to the Group1.
>>>>>>>
>>>>>>> Is there a missing step?
>>>>>>>
>>>>>> you're near the solution. I presume you're working with UserTO.
>>>>>> So, to update an user during the pull process, you must implement
>>>>>> the assignment of the membership during beforeProvision,
>>>>>> beforeAssign or beforeUpdate.
>>>>>>
>>>>>> Updating the UserTO in the "after" is too late. The only way to
>>>>>> update an user in the after is with the DAO.
>>>>>>
>>>>>> Regards
>>>>>> Marco
>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 03/03/17 19:49, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>>
>>>>>>>> Il 03/03/2017 15:53, Tech ha scritto:
>>>>>>>>>
>>>>>>>>> Hello Francesco,
>>>>>>>>>
>>>>>>>>> we went through the directory
>>>>>>>>> core/src/test/resources/scriptedsql, but we didn't find any
>>>>>>>>> concrete example that might help us to implement what we might
>>>>>>>>> need to do, we were expecting that the solution was in the
>>>>>>>>> PullActions, but we didn't understood that that was addressing
>>>>>>>>> only __ACCOUNT__ and not groups.
>>>>>>>>>
>>>>>>>>> What steps should be followed to assign the User1 to Group1 in
>>>>>>>>> Syncope when the information into the database are something like
>>>>>>>>>
>>>>>>>>> USERNAME | GROUP
>>>>>>>>>
>>>>>>>>> User1 | Group1
>>>>>>>>>
>>>>>>>>> User2 | Group1
>>>>>>>>>
>>>>>>>>> ?
>>>>>>>> The Scripted Sqlallows to synchronize users, groups or any
>>>>>>>> type. Groovy script gives the possibility to specify which type
>>>>>>>> of object you like to manage, for example, during a search you
>>>>>>>> can add different case statement one for each type:
>>>>>>>>
>>>>>>>> switch ( objectClass ) {
>>>>>>>> case "__ACCOUNT__":
>>>>>>>> sql.eachRow("SELECT * FROM Users " + where",
>>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>>>>>> NAME:it.name, ...,....])} );
>>>>>>>> break
>>>>>>>>
>>>>>>>> case "__GROUPS__":
>>>>>>>> sql.eachRow("SELECT * FROM Groups " + where",
>>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>>>>>> NAME:it.name, ...,....])} );
>>>>>>>> break
>>>>>>>>
>>>>>>>> case "__DEPARTMENT__":
>>>>>>>> sql.eachRow("SELECT * FROM Departments " + where",
>>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, NAME:it.name,
>>>>>>>> DEPARTMENT:it.department, ...,....])} );
>>>>>>>> break
>>>>>>>>
>>>>>>>> default:
>>>>>>>> result;
>>>>>>>> }
>>>>>>>>
>>>>>>>> In order to assign a group to a user, you must implement a pull
>>>>>>>> action. But before doing this, you have to know if thegroups
>>>>>>>> already exist on Syncope or are to be created simultaneously
>>>>>>>> with the users. In the first case you need to implement a
>>>>>>>> simpler action:
>>>>>>>>
>>>>>>>> final UserTO userTO = (UserTO) entity;
>>>>>>>>
>>>>>>>> Group group = groupDAO.findByName(groupName);
>>>>>>>> if (group == null) {
>>>>>>>> throw new RuntimeException("Group not found");
>>>>>>>> }
>>>>>>>>
>>>>>>>> final MembershipTO membershipTO = new
>>>>>>>> MembershipTO.Builder().group(group.getKey()).build();
>>>>>>>> userTO.getMemberships().add(membershipTO);
>>>>>>>>
>>>>>>>> second case you must create the group (with dao)
>>>>>>>>
>>>>>>>> Group group = groupDAO.findByName(groupName);
>>>>>>>> if (group == null) {
>>>>>>>> group = entityFactory.newEntity(Group.class);
>>>>>>>> group.setRealm(realmDAO.getRoot());
>>>>>>>> group.setName(groupName);
>>>>>>>> group = groupDAO.save(courseGroup);
>>>>>>>> }
>>>>>>>>
>>>>>>>> and then assign it to the user during the after action.
>>>>>>>>
>>>>>>>> Regards
>>>>>>>> M
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 01/03/17 14:40, Francesco Chicchiriccò wrote:
>>>>>>>>>> Hi,
>>>>>>>>>> are you sure that you are using the Scripted SQL connector?
>>>>>>>>>> The Database Table connector, in fact, only provides support
>>>>>>>>>> for the __ACCOUNT__ ObjectClass, e.g. only for users, as
>>>>>>>>>> suggested by the error below.
>>>>>>>>>>
>>>>>>>>>> In order to use the Scripted SQL connector, you must also
>>>>>>>>>> provide the adequate Groovy scripts matching your own
>>>>>>>>>> database schema; some samples can be found under the
>>>>>>>>>>
>>>>>>>>>> core/src/test/resources/scriptedsql
>>>>>>>>>>
>>>>>>>>>> directory of your generated Maven project.
>>>>>>>>>>
>>>>>>>>>> HTH
>>>>>>>>>> Regards.
>>>>>>>>>>
>>>>>>>>>> On 27/02/2017 17:47, Tech wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hello,
>>>>>>>>>>>
>>>>>>>>>>> coming back to this point: we prepared the code to integrate
>>>>>>>>>>> the group propagation from a DB to Syncope but we
>>>>>>>>>>> encountered some problems.
>>>>>>>>>>>
>>>>>>>>>>> Before integrating the code that we developed, we started to
>>>>>>>>>>> add the concept of Group into our system.
>>>>>>>>>>>
>>>>>>>>>>> * Our database has a column called "role", where the only
>>>>>>>>>>> content is "GroupTest".
>>>>>>>>>>> * We created the group "GroupTest" also in Syncope to have
>>>>>>>>>>> a 1:1 relation.
>>>>>>>>>>> * We created the type "role" and we put it into the
>>>>>>>>>>> "BaseGroup" schema.
>>>>>>>>>>> * We go back to the resources and we Edit provision rules,
>>>>>>>>>>> we add a Group that we map with name:role.
>>>>>>>>>>>
>>>>>>>>>>> Since now on, every Pull, also the one for the Users, will
>>>>>>>>>>> terminate in a FAILURE with the error:
>>>>>>>>>>>
>>>>>>>>>>> org.quartz.JobExecutionException: While pulling from
>>>>>>>>>>> connector [See nested exception:
>>>>>>>>>>> java.lang.IllegalArgumentException: Operation requires an
>>>>>>>>>>> Account ObjectClass.]
>>>>>>>>>>> at
>>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>>>>>>>>>>> at
>>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>>>>>>>>>>> at
>>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>>>>>>>>>>> at
>>>>>>>>>>> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
>>>>>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>>>>>>>>> Method)
>>>>>>>>>>> at
>>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>>>>>>>>>> at
>>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Removing the mapping of the group, everything will turn back
>>>>>>>>>>> to normality.
>>>>>>>>>>>
>>>>>>>>>>> Any idea why this could happen?
>>>>>>>>>>>
>>>>>>>>>>> Thanks!
>>>>>>>>>>>
>>>>>>>>>>> On 06/02/17 17:58, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Il 06/02/2017 17:41, Marco Di Sabatino Di Diodoro ha scritto:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Il 06/02/2017 17:11, Tech ha scritto:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Dear experts,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> we're pulling information from a database. We want to
>>>>>>>>>>>>>> assign automatically a group to a user.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> The original table has a format like
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> -- "USERNAME" : "user01"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> -- "ROLE": "employee"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> In a pull task is possible to add a template. The template
>>>>>>>>>>>>> can be used for setting default values on entities during
>>>>>>>>>>>>> a pull task.
>>>>>>>>>>>>> To configure a template go to Topology --> select the
>>>>>>>>>>>>> external resource to pull --> Pull Task and click the
>>>>>>>>>>>>> Template icon [1 Pull Templates].
>>>>>>>>>>>>>
>>>>>>>>>>>>> [1]
>>>>>>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#provisioning-pull
>>>>>>>>>>>>
>>>>>>>>>>>> If a User is associated to a Group in your Database, and
>>>>>>>>>>>> you like assign the corresponding User as a member of the
>>>>>>>>>>>> corresponding Group in Syncope, you must implement a Pull
>>>>>>>>>>>> Action [1]. Connid doesn't implement the assignment of a
>>>>>>>>>>>> membership, so to obviate we can use a pull action.
>>>>>>>>>>>>
>>>>>>>>>>>> [1]
>>>>>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#pullactions
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> We want the user being created into Syncope associated to
>>>>>>>>>>>>>> the already existing group "employee", but we don't see
>>>>>>>>>>>>>> how to create this association.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Is there any reference that we should check?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Francesco Chicchiriccò
>>>>>>>>>>
>>>>>>>>>> Tirasa - Open Source Excellence
>>>>>>>>>> http://www.tirasa.net/
>>>>>>>>>>
>>>>>>>>>> Member at The Apache Software Foundation
>>>>>>>>>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>>>>>>>>>> http://home.apache.org/~ilgrosso/
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>>>>> Tel. +39 3939065570
>>>>>>>>
>>>>>>>> Tirasa S.r.l.
>>>>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>>>>> http://www.tirasa.net
>>>>>>>>
>>>>>>>> Apache Syncope PMC Member
>>>>>>>> http://people.apache.org/~mdisabatino/
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>>> Tel. +39 3939065570
>>>>>>
>>>>>> Tirasa S.r.l.
>>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>>> http://www.tirasa.net
>>>>>>
>>>>>> Apache Syncope PMC Member
>>>>>> http://people.apache.org/~mdisabatino/
>>>>>
>>>>
>>>> --
>>>> Dott. Marco Di Sabatino Di Diodoro
>>>> Tel. +39 3939065570
>>>>
>>>> Tirasa S.r.l.
>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>> http://www.tirasa.net
>>>>
>>>> Apache Syncope PMC Member
>>>> http://people.apache.org/~mdisabatino/
>>>
>>
>
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
Re: Assign group to user from DB
Posted by Tech <te...@psynd.net>.
I can also mention that printing the content of:
userTO.getMembership().get(0).getGroupKey()
I can see correctly the group key, so the group is correctly assigned,
but probably just not "committed"
On 27/03/17 13:21, Tech wrote:
>
> Hello again,
>
> we saw that actually implement the membership in our case is not
> really working with a before, but we should implement in an after.
>
> The group already exists in the system and we tried to implement in
> this way:
>
> @Transactional
> @Override
> public void after(
> final ProvisioningProfile<?, ?> profile,
> final SyncDelta delta,
> final EntityTO any,
> final ProvisioningReport result) throws
> JobExecutionException {
>
> if (any instanceof UserTO) {
> final UserTO userTO = (UserTO) any;
> try {
> Set<AttrTO> attrs = userTO.getPlainAttrs();
> for (AttrTO attr : attrs) {
> if
> (attr.getSchema().equalsIgnoreCase("column_group")) {
> Group oGroup =
> groupDAO.findByName(attr.getValues().get(0).toString());
> final MembershipTO membershipTO = new
> MembershipTO.Builder().group(oGroup.getKey()).build();
> LOG.warn("Membership before
> "+userTO.getMembershipMap().size()); // This will print 0
> userTO.getMemberships().add(membershipTO);
> LOG.warn("Membership after
> "+userTO.getMembershipMap().size()); // This will print 1:
> something happened here
> }
> }
> } catch (Exception e) {
> LOG.warn("Something happened...");
> }
> }
> }
>
> After the userTO.getMembership().add(membershipTO) we see that the
> "size()" value changes from 0 to 1, therefore we assume that the
> membership has been assigned, but when we enter in the console
> interface and we check the groups, nothing has changed and we see that
> the user doesn't belong to any group.
>
> Is there any other missing action that should be taken?
>
> Thanks
>
>
>
>
>
>
> On 06.03.17 17:12, Tech wrote:
>>
>> Yes, finally working, thanks a lot!
>>
>>
>>
>> On 06/03/17 16:51, Marco Di Sabatino Di Diodoro wrote:
>>>
>>>
>>>
>>> Il 06/03/2017 16:40, Tech ha scritto:
>>>>
>>>> Actually you were right, we used already a "beforeUpdate".
>>>>
>>>> Here the code, there is nothing strange apparently, the boolean
>>>> "result" returns "true", but the user is not added to the group
>>>>
>>>>
>>>> /
>>>> /
>>>>
>>>> /@Transactional//
>>>> // @Override//
>>>> // public <A extends AnyTO, M extends AnyPatch> SyncDelta
>>>> beforeUpdate(//
>>>> // final ProvisioningProfile<?, ?> profile,//
>>>> // final SyncDelta delta,//
>>>> // final A any,//
>>>> // final M anyPatch) throws JobExecutionException {//
>>>> //
>>>> // if (anyPatch instanceof UserPatch) {//
>>>> // final UserTO user = ((UserTO) any);//
>>>> // Group oGroup = null;/
>>>>
>>>> / String oGroupColumn = "group_colum";/
>>>>
>>>> / Set<AttrTO> attrs = user.getPlainAttrs();//
>>>> /
>>>>
>>>> / for(AttrTO attr : attrs) {//
>>>> //if(attr.getSchema().equalsIgnoreCase( oGroupColumn)){//
>>>> // LOG.warn("We check the schema:"+
>>>> attr.getSchema()); //Found//
>>>> // LOG.warn("Content:
>>>> "+attr.getValues().get(0).toString()); //Found//
>>>> // oGroup =
>>>> groupDAO.findByName(attr.getValues().get(0).toString());//
>>>> // LOG.warn("Group Key: "+oGroup.getKey());
>>>> //Group key correctly retrieved//
>>>> // final MembershipTO membershipTO = new
>>>> MembershipTO.Builder().group(oGroup.getKey()).build();//
>>>> // LOG.warn("Check membership :"+
>>>> membershipTO.getGroupKey()); //Correct, it corresponds to the
>>>> previous group key//
>>>> // LOG.warn("Get user key:"+
>>>> user.getUsername()); // Correct, it corresponds to what found in
>>>> Syncope DB//
>>>> // boolean result =
>>>> user.getMemberships().add(membershipTO); //
>>>> // LOG.warn("Was the user added to the group?:
>>>> "+result); // Returns true//
>>>> // }//
>>>> // group = user.getPlainAttrMap().get("role");//
>>>> // }//
>>>> // return delta;//
>>>> // }//
>>>> //
>>>> /
>>>>
>>>>
>>>
>>> If you're working in the beforeUpdate you need to update the
>>> UserPatch object:
>>>
>>> final UserPatch userPatch = (UserPatch) anyMod;
>>>
>>> final MembershipPatch membershipPatch = new
>>> MembershipPatch.Builder().group(/oGroup.getKey()/).build();
>>> userPatch.getMemberships().add(membershipPatch);
>>>
>>> Regards
>>> Marco
>>>
>>>>
>>>>
>>>> On 06/03/17 16:10, Marco Di Sabatino Di Diodoro wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>>
>>>>> Il 06/03/2017 15:45, Tech ha scritto:
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> as suggested, we started to work on the easiest case, we created
>>>>>> the Group1 in Syncope manually and we inserted into the database
>>>>>> column "Group" the entry "Group1".
>>>>>>
>>>>>> We implemented only an "after" in this case: we pulled the
>>>>>> information into Syncope and after the java is running.
>>>>>>
>>>>>> Following the log we see that:
>>>>>>
>>>>>> * we are able to find the user, and his userkey
>>>>>> * we are able to find the group column (a new custom field into
>>>>>> Syncope)
>>>>>> * we are able to find the group key of the group into Syncope,
>>>>>> based on the group column found in the previous point
>>>>>> * we create the membership based on the group key (final
>>>>>> MembershipTO membershipTO = new
>>>>>> MembershipTO.Builder().group(group.getKey()).build();)
>>>>>> * we add the membership to the user.
>>>>>>
>>>>>> Checking the return value of the last "add(membershipTO)", we see
>>>>>> that it's returning a "true", therefore we think that everything
>>>>>> went well, but when we enter into the admin console of Syncope,
>>>>>> the user has not being assigned to the Group1.
>>>>>>
>>>>>> Is there a missing step?
>>>>>>
>>>>> you're near the solution. I presume you're working with UserTO.
>>>>> So, to update an user during the pull process, you must implement
>>>>> the assignment of the membership during beforeProvision,
>>>>> beforeAssign or beforeUpdate.
>>>>>
>>>>> Updating the UserTO in the "after" is too late. The only way to
>>>>> update an user in the after is with the DAO.
>>>>>
>>>>> Regards
>>>>> Marco
>>>>>
>>>>>> Thanks
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 03/03/17 19:49, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>>
>>>>>>> Il 03/03/2017 15:53, Tech ha scritto:
>>>>>>>>
>>>>>>>> Hello Francesco,
>>>>>>>>
>>>>>>>> we went through the directory
>>>>>>>> core/src/test/resources/scriptedsql, but we didn't find any
>>>>>>>> concrete example that might help us to implement what we might
>>>>>>>> need to do, we were expecting that the solution was in the
>>>>>>>> PullActions, but we didn't understood that that was addressing
>>>>>>>> only __ACCOUNT__ and not groups.
>>>>>>>>
>>>>>>>> What steps should be followed to assign the User1 to Group1 in
>>>>>>>> Syncope when the information into the database are something like
>>>>>>>>
>>>>>>>> USERNAME | GROUP
>>>>>>>>
>>>>>>>> User1 | Group1
>>>>>>>>
>>>>>>>> User2 | Group1
>>>>>>>>
>>>>>>>> ?
>>>>>>> The Scripted Sqlallows to synchronize users, groups or any type.
>>>>>>> Groovy script gives the possibility to specify which type of
>>>>>>> object you like to manage, for example, during a search you can
>>>>>>> add different case statement one for each type:
>>>>>>>
>>>>>>> switch ( objectClass ) {
>>>>>>> case "__ACCOUNT__":
>>>>>>> sql.eachRow("SELECT * FROM Users " + where",
>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>>>>> NAME:it.name, ...,....])} );
>>>>>>> break
>>>>>>>
>>>>>>> case "__GROUPS__":
>>>>>>> sql.eachRow("SELECT * FROM Groups " + where",
>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>>>>> NAME:it.name, ...,....])} );
>>>>>>> break
>>>>>>>
>>>>>>> case "__DEPARTMENT__":
>>>>>>> sql.eachRow("SELECT * FROM Departments " + where",
>>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, NAME:it.name,
>>>>>>> DEPARTMENT:it.department, ...,....])} );
>>>>>>> break
>>>>>>>
>>>>>>> default:
>>>>>>> result;
>>>>>>> }
>>>>>>>
>>>>>>> In order to assign a group to a user, you must implement a pull
>>>>>>> action. But before doing this, you have to know if thegroups
>>>>>>> already exist on Syncope or are to be created simultaneously
>>>>>>> with the users. In the first case you need to implement a
>>>>>>> simpler action:
>>>>>>>
>>>>>>> final UserTO userTO = (UserTO) entity;
>>>>>>>
>>>>>>> Group group = groupDAO.findByName(groupName);
>>>>>>> if (group == null) {
>>>>>>> throw new RuntimeException("Group not found");
>>>>>>> }
>>>>>>>
>>>>>>> final MembershipTO membershipTO = new
>>>>>>> MembershipTO.Builder().group(group.getKey()).build();
>>>>>>> userTO.getMemberships().add(membershipTO);
>>>>>>>
>>>>>>> second case you must create the group (with dao)
>>>>>>>
>>>>>>> Group group = groupDAO.findByName(groupName);
>>>>>>> if (group == null) {
>>>>>>> group = entityFactory.newEntity(Group.class);
>>>>>>> group.setRealm(realmDAO.getRoot());
>>>>>>> group.setName(groupName);
>>>>>>> group = groupDAO.save(courseGroup);
>>>>>>> }
>>>>>>>
>>>>>>> and then assign it to the user during the after action.
>>>>>>>
>>>>>>> Regards
>>>>>>> M
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 01/03/17 14:40, Francesco Chicchiricc� wrote:
>>>>>>>>> Hi,
>>>>>>>>> are you sure that you are using the Scripted SQL connector?
>>>>>>>>> The Database Table connector, in fact, only provides support
>>>>>>>>> for the __ACCOUNT__ ObjectClass, e.g. only for users, as
>>>>>>>>> suggested by the error below.
>>>>>>>>>
>>>>>>>>> In order to use the Scripted SQL connector, you must also
>>>>>>>>> provide the adequate Groovy scripts matching your own database
>>>>>>>>> schema; some samples can be found under the
>>>>>>>>>
>>>>>>>>> core/src/test/resources/scriptedsql
>>>>>>>>>
>>>>>>>>> directory of your generated Maven project.
>>>>>>>>>
>>>>>>>>> HTH
>>>>>>>>> Regards.
>>>>>>>>>
>>>>>>>>> On 27/02/2017 17:47, Tech wrote:
>>>>>>>>>>
>>>>>>>>>> Hello,
>>>>>>>>>>
>>>>>>>>>> coming back to this point: we prepared the code to integrate
>>>>>>>>>> the group propagation from a DB to Syncope but we encountered
>>>>>>>>>> some problems.
>>>>>>>>>>
>>>>>>>>>> Before integrating the code that we developed, we started to
>>>>>>>>>> add the concept of Group into our system.
>>>>>>>>>>
>>>>>>>>>> * Our database has a column called "role", where the only
>>>>>>>>>> content is "GroupTest".
>>>>>>>>>> * We created the group "GroupTest" also in Syncope to have
>>>>>>>>>> a 1:1 relation.
>>>>>>>>>> * We created the type "role" and we put it into the
>>>>>>>>>> "BaseGroup" schema.
>>>>>>>>>> * We go back to the resources and we Edit provision rules,
>>>>>>>>>> we add a Group that we map with name:role.
>>>>>>>>>>
>>>>>>>>>> Since now on, every Pull, also the one for the Users, will
>>>>>>>>>> terminate in a FAILURE with the error:
>>>>>>>>>>
>>>>>>>>>> org.quartz.JobExecutionException: While pulling from
>>>>>>>>>> connector [See nested exception:
>>>>>>>>>> java.lang.IllegalArgumentException: Operation requires an
>>>>>>>>>> Account ObjectClass.]
>>>>>>>>>> at
>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>>>>>>>>>> at
>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>>>>>>>>>> at
>>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>>>>>>>>>> at
>>>>>>>>>> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
>>>>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>>>>>>>> Method)
>>>>>>>>>> at
>>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>>>>>>>>> at
>>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Removing the mapping of the group, everything will turn back
>>>>>>>>>> to normality.
>>>>>>>>>>
>>>>>>>>>> Any idea why this could happen?
>>>>>>>>>>
>>>>>>>>>> Thanks!
>>>>>>>>>>
>>>>>>>>>> On 06/02/17 17:58, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>>>
>>>>>>>>>>> Il 06/02/2017 17:41, Marco Di Sabatino Di Diodoro ha scritto:
>>>>>>>>>>>
>>>>>>>>>>>> Hi,
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Il 06/02/2017 17:11, Tech ha scritto:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Dear experts,
>>>>>>>>>>>>>
>>>>>>>>>>>>> we're pulling information from a database. We want to
>>>>>>>>>>>>> assign automatically a group to a user.
>>>>>>>>>>>>>
>>>>>>>>>>>>> The original table has a format like
>>>>>>>>>>>>>
>>>>>>>>>>>>> -- "USERNAME" : "user01"
>>>>>>>>>>>>>
>>>>>>>>>>>>> -- "ROLE": "employee"
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> In a pull task is possible to add a template. The template
>>>>>>>>>>>> can be used for setting default values on entities during a
>>>>>>>>>>>> pull task.
>>>>>>>>>>>> To configure a template go to Topology --> select the
>>>>>>>>>>>> external resource to pull --> Pull Task and click the
>>>>>>>>>>>> Template icon [1 Pull Templates].
>>>>>>>>>>>>
>>>>>>>>>>>> [1]
>>>>>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#provisioning-pull
>>>>>>>>>>>
>>>>>>>>>>> If a User is associated to a Group in your Database, and you
>>>>>>>>>>> like assign the corresponding User as a member of the
>>>>>>>>>>> corresponding Group in Syncope, you must implement a Pull
>>>>>>>>>>> Action [1]. Connid doesn't implement the assignment of a
>>>>>>>>>>> membership, so to obviate we can use a pull action.
>>>>>>>>>>>
>>>>>>>>>>> [1]
>>>>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#pullactions
>>>>>>>>>>>>>
>>>>>>>>>>>>> We want the user being created into Syncope associated to
>>>>>>>>>>>>> the already existing group "employee", but we don't see
>>>>>>>>>>>>> how to create this association.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Is there any reference that we should check?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Francesco Chicchiricc�
>>>>>>>>>
>>>>>>>>> Tirasa - Open Source Excellence
>>>>>>>>> http://www.tirasa.net/
>>>>>>>>>
>>>>>>>>> Member at The Apache Software Foundation
>>>>>>>>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>>>>>>>>> http://home.apache.org/~ilgrosso/
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>>>> Tel. +39 3939065570
>>>>>>>
>>>>>>> Tirasa S.r.l.
>>>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>>>> http://www.tirasa.net
>>>>>>>
>>>>>>> Apache Syncope PMC Member
>>>>>>> http://people.apache.org/~mdisabatino/
>>>>>>
>>>>>
>>>>> --
>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>> Tel. +39 3939065570
>>>>>
>>>>> Tirasa S.r.l.
>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>> http://www.tirasa.net
>>>>>
>>>>> Apache Syncope PMC Member
>>>>> http://people.apache.org/~mdisabatino/
>>>>
>>>
>>> --
>>> Dott. Marco Di Sabatino Di Diodoro
>>> Tel. +39 3939065570
>>>
>>> Tirasa S.r.l.
>>> Viale D'Annunzio 267 - 65127 Pescara
>>> Tel +39 0859116307 / FAX +39 0859111173
>>> http://www.tirasa.net
>>>
>>> Apache Syncope PMC Member
>>> http://people.apache.org/~mdisabatino/
>>
>
Re: Assign group to user from DB
Posted by Tech <te...@psynd.net>.
Hello again,
we saw that actually implement the membership in our case is not really
working with a before, but we should implement in an after.
The group already exists in the system and we tried to implement in this
way:
@Transactional
@Override
public void after(
final ProvisioningProfile<?, ?> profile,
final SyncDelta delta,
final EntityTO any,
final ProvisioningReport result) throws JobExecutionException {
if (any instanceof UserTO) {
final UserTO userTO = (UserTO) any;
try {
Set<AttrTO> attrs = userTO.getPlainAttrs();
for (AttrTO attr : attrs) {
if
(attr.getSchema().equalsIgnoreCase("column_group")) {
Group oGroup =
groupDAO.findByName(attr.getValues().get(0).toString());
final MembershipTO membershipTO = new
MembershipTO.Builder().group(oGroup.getKey()).build();
LOG.warn("Membership before
"+userTO.getMembershipMap().size()); // This will print 0
userTO.getMemberships().add(membershipTO);
LOG.warn("Membership after
"+userTO.getMembershipMap().size()); // This will print 1:
something happened here
}
}
} catch (Exception e) {
LOG.warn("Something happened...");
}
}
}
After the userTO.getMembership().add(membershipTO) we see that the
"size()" value changes from 0 to 1, therefore we assume that the
membership has been assigned, but when we enter in the console interface
and we check the groups, nothing has changed and we see that the user
doesn't belong to any group.
Is there any other missing action that should be taken?
Thanks
On 06.03.17 17:12, Tech wrote:
>
> Yes, finally working, thanks a lot!
>
>
>
> On 06/03/17 16:51, Marco Di Sabatino Di Diodoro wrote:
>>
>>
>>
>> Il 06/03/2017 16:40, Tech ha scritto:
>>>
>>> Actually you were right, we used already a "beforeUpdate".
>>>
>>> Here the code, there is nothing strange apparently, the boolean
>>> "result" returns "true", but the user is not added to the group
>>>
>>>
>>> /
>>> /
>>>
>>> /@Transactional//
>>> // @Override//
>>> // public <A extends AnyTO, M extends AnyPatch> SyncDelta
>>> beforeUpdate(//
>>> // final ProvisioningProfile<?, ?> profile,//
>>> // final SyncDelta delta,//
>>> // final A any,//
>>> // final M anyPatch) throws JobExecutionException {//
>>> //
>>> // if (anyPatch instanceof UserPatch) {//
>>> // final UserTO user = ((UserTO) any);//
>>> // Group oGroup = null;/
>>>
>>> / String oGroupColumn = "group_colum";/
>>>
>>> / Set<AttrTO> attrs = user.getPlainAttrs();//
>>> /
>>>
>>> / for(AttrTO attr : attrs) {//
>>> // if(attr.getSchema().equalsIgnoreCase(
>>> oGroupColumn)){//
>>> // LOG.warn("We check the schema:"+
>>> attr.getSchema()); //Found//
>>> // LOG.warn("Content:
>>> "+attr.getValues().get(0).toString()); //Found//
>>> // oGroup =
>>> groupDAO.findByName(attr.getValues().get(0).toString());//
>>> // LOG.warn("Group Key: "+oGroup.getKey());
>>> //Group key correctly retrieved//
>>> // final MembershipTO membershipTO = new
>>> MembershipTO.Builder().group(oGroup.getKey()).build();//
>>> // LOG.warn("Check membership :"+
>>> membershipTO.getGroupKey()); //Correct, it corresponds to the
>>> previous group key//
>>> // LOG.warn("Get user key:"+ user.getUsername());
>>> // Correct, it corresponds to what found in Syncope DB//
>>> // boolean result =
>>> user.getMemberships().add(membershipTO); //
>>> // LOG.warn("Was the user added to the group?:
>>> "+result); // Returns true//
>>> // }//
>>> // group = user.getPlainAttrMap().get("role");//
>>> // }//
>>> // return delta;//
>>> // }//
>>> //
>>> /
>>>
>>>
>>
>> If you're working in the beforeUpdate you need to update the
>> UserPatch object:
>>
>> final UserPatch userPatch = (UserPatch) anyMod;
>>
>> final MembershipPatch membershipPatch = new
>> MembershipPatch.Builder().group(/oGroup.getKey()/).build();
>> userPatch.getMemberships().add(membershipPatch);
>>
>> Regards
>> Marco
>>
>>>
>>>
>>> On 06/03/17 16:10, Marco Di Sabatino Di Diodoro wrote:
>>>>
>>>> Hi,
>>>>
>>>>
>>>> Il 06/03/2017 15:45, Tech ha scritto:
>>>>>
>>>>> Hello,
>>>>>
>>>>> as suggested, we started to work on the easiest case, we created
>>>>> the Group1 in Syncope manually and we inserted into the database
>>>>> column "Group" the entry "Group1".
>>>>>
>>>>> We implemented only an "after" in this case: we pulled the
>>>>> information into Syncope and after the java is running.
>>>>>
>>>>> Following the log we see that:
>>>>>
>>>>> * we are able to find the user, and his userkey
>>>>> * we are able to find the group column (a new custom field into
>>>>> Syncope)
>>>>> * we are able to find the group key of the group into Syncope,
>>>>> based on the group column found in the previous point
>>>>> * we create the membership based on the group key (final
>>>>> MembershipTO membershipTO = new
>>>>> MembershipTO.Builder().group(group.getKey()).build();)
>>>>> * we add the membership to the user.
>>>>>
>>>>> Checking the return value of the last "add(membershipTO)", we see
>>>>> that it's returning a "true", therefore we think that everything
>>>>> went well, but when we enter into the admin console of Syncope,
>>>>> the user has not being assigned to the Group1.
>>>>>
>>>>> Is there a missing step?
>>>>>
>>>> you're near the solution. I presume you're working with UserTO. So,
>>>> to update an user during the pull process, you must implement the
>>>> assignment of the membership during beforeProvision, beforeAssign
>>>> or beforeUpdate.
>>>>
>>>> Updating the UserTO in the "after" is too late. The only way to
>>>> update an user in the after is with the DAO.
>>>>
>>>> Regards
>>>> Marco
>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 03/03/17 19:49, Marco Di Sabatino Di Diodoro wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>>
>>>>>> Il 03/03/2017 15:53, Tech ha scritto:
>>>>>>>
>>>>>>> Hello Francesco,
>>>>>>>
>>>>>>> we went through the directory
>>>>>>> core/src/test/resources/scriptedsql, but we didn't find any
>>>>>>> concrete example that might help us to implement what we might
>>>>>>> need to do, we were expecting that the solution was in the
>>>>>>> PullActions, but we didn't understood that that was addressing
>>>>>>> only __ACCOUNT__ and not groups.
>>>>>>>
>>>>>>> What steps should be followed to assign the User1 to Group1 in
>>>>>>> Syncope when the information into the database are something like
>>>>>>>
>>>>>>> USERNAME | GROUP
>>>>>>>
>>>>>>> User1 | Group1
>>>>>>>
>>>>>>> User2 | Group1
>>>>>>>
>>>>>>> ?
>>>>>> The Scripted Sqlallows to synchronize users, groups or any type.
>>>>>> Groovy script gives the possibility to specify which type of
>>>>>> object you like to manage, for example, during a search you can
>>>>>> add different case statement one for each type:
>>>>>>
>>>>>> switch ( objectClass ) {
>>>>>> case "__ACCOUNT__":
>>>>>> sql.eachRow("SELECT * FROM Users " + where",
>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>>>> NAME:it.name, ...,....])} );
>>>>>> break
>>>>>>
>>>>>> case "__GROUPS__":
>>>>>> sql.eachRow("SELECT * FROM Groups " + where",
>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>>>> NAME:it.name, ...,....])} );
>>>>>> break
>>>>>>
>>>>>> case "__DEPARTMENT__":
>>>>>> sql.eachRow("SELECT * FROM Departments " + where",
>>>>>> {result.add([__UID__:it.id, __NAME__:it.id, NAME:it.name,
>>>>>> DEPARTMENT:it.department, ...,....])} );
>>>>>> break
>>>>>>
>>>>>> default:
>>>>>> result;
>>>>>> }
>>>>>>
>>>>>> In order to assign a group to a user, you must implement a pull
>>>>>> action. But before doing this, you have to know if thegroups
>>>>>> already exist on Syncope or are to be created simultaneously with
>>>>>> the users. In the first case you need to implement a simpler action:
>>>>>>
>>>>>> final UserTO userTO = (UserTO) entity;
>>>>>>
>>>>>> Group group = groupDAO.findByName(groupName);
>>>>>> if (group == null) {
>>>>>> throw new RuntimeException("Group not found");
>>>>>> }
>>>>>>
>>>>>> final MembershipTO membershipTO = new
>>>>>> MembershipTO.Builder().group(group.getKey()).build();
>>>>>> userTO.getMemberships().add(membershipTO);
>>>>>>
>>>>>> second case you must create the group (with dao)
>>>>>>
>>>>>> Group group = groupDAO.findByName(groupName);
>>>>>> if (group == null) {
>>>>>> group = entityFactory.newEntity(Group.class);
>>>>>> group.setRealm(realmDAO.getRoot());
>>>>>> group.setName(groupName);
>>>>>> group = groupDAO.save(courseGroup);
>>>>>> }
>>>>>>
>>>>>> and then assign it to the user during the after action.
>>>>>>
>>>>>> Regards
>>>>>> M
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 01/03/17 14:40, Francesco Chicchiricc� wrote:
>>>>>>>> Hi,
>>>>>>>> are you sure that you are using the Scripted SQL connector?
>>>>>>>> The Database Table connector, in fact, only provides support
>>>>>>>> for the __ACCOUNT__ ObjectClass, e.g. only for users, as
>>>>>>>> suggested by the error below.
>>>>>>>>
>>>>>>>> In order to use the Scripted SQL connector, you must also
>>>>>>>> provide the adequate Groovy scripts matching your own database
>>>>>>>> schema; some samples can be found under the
>>>>>>>>
>>>>>>>> core/src/test/resources/scriptedsql
>>>>>>>>
>>>>>>>> directory of your generated Maven project.
>>>>>>>>
>>>>>>>> HTH
>>>>>>>> Regards.
>>>>>>>>
>>>>>>>> On 27/02/2017 17:47, Tech wrote:
>>>>>>>>>
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>> coming back to this point: we prepared the code to integrate
>>>>>>>>> the group propagation from a DB to Syncope but we encountered
>>>>>>>>> some problems.
>>>>>>>>>
>>>>>>>>> Before integrating the code that we developed, we started to
>>>>>>>>> add the concept of Group into our system.
>>>>>>>>>
>>>>>>>>> * Our database has a column called "role", where the only
>>>>>>>>> content is "GroupTest".
>>>>>>>>> * We created the group "GroupTest" also in Syncope to have a
>>>>>>>>> 1:1 relation.
>>>>>>>>> * We created the type "role" and we put it into the
>>>>>>>>> "BaseGroup" schema.
>>>>>>>>> * We go back to the resources and we Edit provision rules,
>>>>>>>>> we add a Group that we map with name:role.
>>>>>>>>>
>>>>>>>>> Since now on, every Pull, also the one for the Users, will
>>>>>>>>> terminate in a FAILURE with the error:
>>>>>>>>>
>>>>>>>>> org.quartz.JobExecutionException: While pulling from connector
>>>>>>>>> [See nested exception: java.lang.IllegalArgumentException:
>>>>>>>>> Operation requires an Account ObjectClass.]
>>>>>>>>> at
>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>>>>>>>>> at
>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>>>>>>>>> at
>>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>>>>>>>>> at
>>>>>>>>> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
>>>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>>>> at
>>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>>>>>>>> at
>>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Removing the mapping of the group, everything will turn back
>>>>>>>>> to normality.
>>>>>>>>>
>>>>>>>>> Any idea why this could happen?
>>>>>>>>>
>>>>>>>>> Thanks!
>>>>>>>>>
>>>>>>>>> On 06/02/17 17:58, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>>
>>>>>>>>>> Il 06/02/2017 17:41, Marco Di Sabatino Di Diodoro ha scritto:
>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Il 06/02/2017 17:11, Tech ha scritto:
>>>>>>>>>>>>
>>>>>>>>>>>> Dear experts,
>>>>>>>>>>>>
>>>>>>>>>>>> we're pulling information from a database. We want to
>>>>>>>>>>>> assign automatically a group to a user.
>>>>>>>>>>>>
>>>>>>>>>>>> The original table has a format like
>>>>>>>>>>>>
>>>>>>>>>>>> -- "USERNAME" : "user01"
>>>>>>>>>>>>
>>>>>>>>>>>> -- "ROLE": "employee"
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> In a pull task is possible to add a template. The template
>>>>>>>>>>> can be used for setting default values on entities during a
>>>>>>>>>>> pull task.
>>>>>>>>>>> To configure a template go to Topology --> select the
>>>>>>>>>>> external resource to pull --> Pull Task and click the
>>>>>>>>>>> Template icon [1 Pull Templates].
>>>>>>>>>>>
>>>>>>>>>>> [1]
>>>>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#provisioning-pull
>>>>>>>>>>
>>>>>>>>>> If a User is associated to a Group in your Database, and you
>>>>>>>>>> like assign the corresponding User as a member of the
>>>>>>>>>> corresponding Group in Syncope, you must implement a Pull
>>>>>>>>>> Action [1]. Connid doesn't implement the assignment of a
>>>>>>>>>> membership, so to obviate we can use a pull action.
>>>>>>>>>>
>>>>>>>>>> [1]
>>>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#pullactions
>>>>>>>>>>>>
>>>>>>>>>>>> We want the user being created into Syncope associated to
>>>>>>>>>>>> the already existing group "employee", but we don't see how
>>>>>>>>>>>> to create this association.
>>>>>>>>>>>>
>>>>>>>>>>>> Is there any reference that we should check?
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks
>>>>>>>>>>>>
>>>>>>>> --
>>>>>>>> Francesco Chicchiricc�
>>>>>>>>
>>>>>>>> Tirasa - Open Source Excellence
>>>>>>>> http://www.tirasa.net/
>>>>>>>>
>>>>>>>> Member at The Apache Software Foundation
>>>>>>>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>>>>>>>> http://home.apache.org/~ilgrosso/
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>>> Tel. +39 3939065570
>>>>>>
>>>>>> Tirasa S.r.l.
>>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>>> http://www.tirasa.net
>>>>>>
>>>>>> Apache Syncope PMC Member
>>>>>> http://people.apache.org/~mdisabatino/
>>>>>
>>>>
>>>> --
>>>> Dott. Marco Di Sabatino Di Diodoro
>>>> Tel. +39 3939065570
>>>>
>>>> Tirasa S.r.l.
>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>> http://www.tirasa.net
>>>>
>>>> Apache Syncope PMC Member
>>>> http://people.apache.org/~mdisabatino/
>>>
>>
>> --
>> Dott. Marco Di Sabatino Di Diodoro
>> Tel. +39 3939065570
>>
>> Tirasa S.r.l.
>> Viale D'Annunzio 267 - 65127 Pescara
>> Tel +39 0859116307 / FAX +39 0859111173
>> http://www.tirasa.net
>>
>> Apache Syncope PMC Member
>> http://people.apache.org/~mdisabatino/
>
Re: Assign group to user from DB
Posted by Tech <te...@psynd.net>.
Yes, finally working, thanks a lot!
On 06/03/17 16:51, Marco Di Sabatino Di Diodoro wrote:
>
>
>
> Il 06/03/2017 16:40, Tech ha scritto:
>>
>> Actually you were right, we used already a "beforeUpdate".
>>
>> Here the code, there is nothing strange apparently, the boolean
>> "result" returns "true", but the user is not added to the group
>>
>>
>> /
>> /
>>
>> /@Transactional//
>> // @Override//
>> // public <A extends AnyTO, M extends AnyPatch> SyncDelta
>> beforeUpdate(//
>> // final ProvisioningProfile<?, ?> profile,//
>> // final SyncDelta delta,//
>> // final A any,//
>> // final M anyPatch) throws JobExecutionException {//
>> //
>> // if (anyPatch instanceof UserPatch) {//
>> // final UserTO user = ((UserTO) any);//
>> // Group oGroup = null;/
>>
>> / String oGroupColumn = "group_colum";/
>>
>> / Set<AttrTO> attrs = user.getPlainAttrs();//
>> /
>>
>> / for(AttrTO attr : attrs) {//
>> // if(attr.getSchema().equalsIgnoreCase( oGroupColumn)){//
>> // LOG.warn("We check the schema:"+
>> attr.getSchema()); //Found//
>> // LOG.warn("Content:
>> "+attr.getValues().get(0).toString()); //Found//
>> // oGroup =
>> groupDAO.findByName(attr.getValues().get(0).toString());//
>> // LOG.warn("Group Key: "+oGroup.getKey());
>> //Group key correctly retrieved//
>> // final MembershipTO membershipTO = new
>> MembershipTO.Builder().group(oGroup.getKey()).build();//
>> // LOG.warn("Check membership :"+
>> membershipTO.getGroupKey()); //Correct, it corresponds to the
>> previous group key//
>> // LOG.warn("Get user key:"+ user.getUsername());
>> // Correct, it corresponds to what found in Syncope DB//
>> // boolean result =
>> user.getMemberships().add(membershipTO); //
>> // LOG.warn("Was the user added to the group?:
>> "+result); // Returns true//
>> // }//
>> // group = user.getPlainAttrMap().get("role");//
>> // }//
>> // return delta;//
>> // }//
>> //
>> /
>>
>>
>
> If you're working in the beforeUpdate you need to update the UserPatch
> object:
>
> final UserPatch userPatch = (UserPatch) anyMod;
>
> final MembershipPatch membershipPatch = new
> MembershipPatch.Builder().group(/oGroup.getKey()/).build();
> userPatch.getMemberships().add(membershipPatch);
>
> Regards
> Marco
>
>>
>>
>> On 06/03/17 16:10, Marco Di Sabatino Di Diodoro wrote:
>>>
>>> Hi,
>>>
>>>
>>> Il 06/03/2017 15:45, Tech ha scritto:
>>>>
>>>> Hello,
>>>>
>>>> as suggested, we started to work on the easiest case, we created
>>>> the Group1 in Syncope manually and we inserted into the database
>>>> column "Group" the entry "Group1".
>>>>
>>>> We implemented only an "after" in this case: we pulled the
>>>> information into Syncope and after the java is running.
>>>>
>>>> Following the log we see that:
>>>>
>>>> * we are able to find the user, and his userkey
>>>> * we are able to find the group column (a new custom field into
>>>> Syncope)
>>>> * we are able to find the group key of the group into Syncope,
>>>> based on the group column found in the previous point
>>>> * we create the membership based on the group key (final
>>>> MembershipTO membershipTO = new
>>>> MembershipTO.Builder().group(group.getKey()).build();)
>>>> * we add the membership to the user.
>>>>
>>>> Checking the return value of the last "add(membershipTO)", we see
>>>> that it's returning a "true", therefore we think that everything
>>>> went well, but when we enter into the admin console of Syncope, the
>>>> user has not being assigned to the Group1.
>>>>
>>>> Is there a missing step?
>>>>
>>> you're near the solution. I presume you're working with UserTO. So,
>>> to update an user during the pull process, you must implement the
>>> assignment of the membership during beforeProvision, beforeAssign or
>>> beforeUpdate.
>>>
>>> Updating the UserTO in the "after" is too late. The only way to
>>> update an user in the after is with the DAO.
>>>
>>> Regards
>>> Marco
>>>
>>>> Thanks
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 03/03/17 19:49, Marco Di Sabatino Di Diodoro wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>>
>>>>> Il 03/03/2017 15:53, Tech ha scritto:
>>>>>>
>>>>>> Hello Francesco,
>>>>>>
>>>>>> we went through the directory
>>>>>> core/src/test/resources/scriptedsql, but we didn't find any
>>>>>> concrete example that might help us to implement what we might
>>>>>> need to do, we were expecting that the solution was in the
>>>>>> PullActions, but we didn't understood that that was addressing
>>>>>> only __ACCOUNT__ and not groups.
>>>>>>
>>>>>> What steps should be followed to assign the User1 to Group1 in
>>>>>> Syncope when the information into the database are something like
>>>>>>
>>>>>> USERNAME | GROUP
>>>>>>
>>>>>> User1 | Group1
>>>>>>
>>>>>> User2 | Group1
>>>>>>
>>>>>> ?
>>>>> The Scripted Sqlallows to synchronize users, groups or any type.
>>>>> Groovy script gives the possibility to specify which type of
>>>>> object you like to manage, for example, during a search you can
>>>>> add different case statement one for each type:
>>>>>
>>>>> switch ( objectClass ) {
>>>>> case "__ACCOUNT__":
>>>>> sql.eachRow("SELECT * FROM Users " + where",
>>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>>> NAME:it.name, ...,....])} );
>>>>> break
>>>>>
>>>>> case "__GROUPS__":
>>>>> sql.eachRow("SELECT * FROM Groups " + where",
>>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>>> NAME:it.name, ...,....])} );
>>>>> break
>>>>>
>>>>> case "__DEPARTMENT__":
>>>>> sql.eachRow("SELECT * FROM Departments " + where",
>>>>> {result.add([__UID__:it.id, __NAME__:it.id, NAME:it.name,
>>>>> DEPARTMENT:it.department, ...,....])} );
>>>>> break
>>>>>
>>>>> default:
>>>>> result;
>>>>> }
>>>>>
>>>>> In order to assign a group to a user, you must implement a pull
>>>>> action. But before doing this, you have to know if thegroups
>>>>> already exist on Syncope or are to be created simultaneously with
>>>>> the users. In the first case you need to implement a simpler action:
>>>>>
>>>>> final UserTO userTO = (UserTO) entity;
>>>>>
>>>>> Group group = groupDAO.findByName(groupName);
>>>>> if (group == null) {
>>>>> throw new RuntimeException("Group not found");
>>>>> }
>>>>>
>>>>> final MembershipTO membershipTO = new
>>>>> MembershipTO.Builder().group(group.getKey()).build();
>>>>> userTO.getMemberships().add(membershipTO);
>>>>>
>>>>> second case you must create the group (with dao)
>>>>>
>>>>> Group group = groupDAO.findByName(groupName);
>>>>> if (group == null) {
>>>>> group = entityFactory.newEntity(Group.class);
>>>>> group.setRealm(realmDAO.getRoot());
>>>>> group.setName(groupName);
>>>>> group = groupDAO.save(courseGroup);
>>>>> }
>>>>>
>>>>> and then assign it to the user during the after action.
>>>>>
>>>>> Regards
>>>>> M
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 01/03/17 14:40, Francesco Chicchiricc� wrote:
>>>>>>> Hi,
>>>>>>> are you sure that you are using the Scripted SQL connector?
>>>>>>> The Database Table connector, in fact, only provides support for
>>>>>>> the __ACCOUNT__ ObjectClass, e.g. only for users, as suggested
>>>>>>> by the error below.
>>>>>>>
>>>>>>> In order to use the Scripted SQL connector, you must also
>>>>>>> provide the adequate Groovy scripts matching your own database
>>>>>>> schema; some samples can be found under the
>>>>>>>
>>>>>>> core/src/test/resources/scriptedsql
>>>>>>>
>>>>>>> directory of your generated Maven project.
>>>>>>>
>>>>>>> HTH
>>>>>>> Regards.
>>>>>>>
>>>>>>> On 27/02/2017 17:47, Tech wrote:
>>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> coming back to this point: we prepared the code to integrate
>>>>>>>> the group propagation from a DB to Syncope but we encountered
>>>>>>>> some problems.
>>>>>>>>
>>>>>>>> Before integrating the code that we developed, we started to
>>>>>>>> add the concept of Group into our system.
>>>>>>>>
>>>>>>>> * Our database has a column called "role", where the only
>>>>>>>> content is "GroupTest".
>>>>>>>> * We created the group "GroupTest" also in Syncope to have a
>>>>>>>> 1:1 relation.
>>>>>>>> * We created the type "role" and we put it into the
>>>>>>>> "BaseGroup" schema.
>>>>>>>> * We go back to the resources and we Edit provision rules, we
>>>>>>>> add a Group that we map with name:role.
>>>>>>>>
>>>>>>>> Since now on, every Pull, also the one for the Users, will
>>>>>>>> terminate in a FAILURE with the error:
>>>>>>>>
>>>>>>>> org.quartz.JobExecutionException: While pulling from connector
>>>>>>>> [See nested exception: java.lang.IllegalArgumentException:
>>>>>>>> Operation requires an Account ObjectClass.]
>>>>>>>> at
>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>>>>>>>> at
>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>>>>>>>> at
>>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>>>>>>>> at
>>>>>>>> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
>>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>>> at
>>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>>>>>>> at
>>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>>>>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>>>>>>
>>>>>>>>
>>>>>>>> Removing the mapping of the group, everything will turn back to
>>>>>>>> normality.
>>>>>>>>
>>>>>>>> Any idea why this could happen?
>>>>>>>>
>>>>>>>> Thanks!
>>>>>>>>
>>>>>>>> On 06/02/17 17:58, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>>
>>>>>>>>> Il 06/02/2017 17:41, Marco Di Sabatino Di Diodoro ha scritto:
>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Il 06/02/2017 17:11, Tech ha scritto:
>>>>>>>>>>>
>>>>>>>>>>> Dear experts,
>>>>>>>>>>>
>>>>>>>>>>> we're pulling information from a database. We want to assign
>>>>>>>>>>> automatically a group to a user.
>>>>>>>>>>>
>>>>>>>>>>> The original table has a format like
>>>>>>>>>>>
>>>>>>>>>>> -- "USERNAME" : "user01"
>>>>>>>>>>>
>>>>>>>>>>> -- "ROLE": "employee"
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> In a pull task is possible to add a template. The template
>>>>>>>>>> can be used for setting default values on entities during a
>>>>>>>>>> pull task.
>>>>>>>>>> To configure a template go to Topology --> select the
>>>>>>>>>> external resource to pull --> Pull Task and click the
>>>>>>>>>> Template icon [1 Pull Templates].
>>>>>>>>>>
>>>>>>>>>> [1]
>>>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#provisioning-pull
>>>>>>>>>
>>>>>>>>> If a User is associated to a Group in your Database, and you
>>>>>>>>> like assign the corresponding User as a member of the
>>>>>>>>> corresponding Group in Syncope, you must implement a Pull
>>>>>>>>> Action [1]. Connid doesn't implement the assignment of a
>>>>>>>>> membership, so to obviate we can use a pull action.
>>>>>>>>>
>>>>>>>>> [1]
>>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#pullactions
>>>>>>>>>>>
>>>>>>>>>>> We want the user being created into Syncope associated to
>>>>>>>>>>> the already existing group "employee", but we don't see how
>>>>>>>>>>> to create this association.
>>>>>>>>>>>
>>>>>>>>>>> Is there any reference that we should check?
>>>>>>>>>>>
>>>>>>>>>>> Thanks
>>>>>>>>>>>
>>>>>>> --
>>>>>>> Francesco Chicchiricc�
>>>>>>>
>>>>>>> Tirasa - Open Source Excellence
>>>>>>> http://www.tirasa.net/
>>>>>>>
>>>>>>> Member at The Apache Software Foundation
>>>>>>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>>>>>>> http://home.apache.org/~ilgrosso/
>>>>>>
>>>>>
>>>>> --
>>>>> Dott. Marco Di Sabatino Di Diodoro
>>>>> Tel. +39 3939065570
>>>>>
>>>>> Tirasa S.r.l.
>>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>>> http://www.tirasa.net
>>>>>
>>>>> Apache Syncope PMC Member
>>>>> http://people.apache.org/~mdisabatino/
>>>>
>>>
>>> --
>>> Dott. Marco Di Sabatino Di Diodoro
>>> Tel. +39 3939065570
>>>
>>> Tirasa S.r.l.
>>> Viale D'Annunzio 267 - 65127 Pescara
>>> Tel +39 0859116307 / FAX +39 0859111173
>>> http://www.tirasa.net
>>>
>>> Apache Syncope PMC Member
>>> http://people.apache.org/~mdisabatino/
>>
>
> --
> Dott. Marco Di Sabatino Di Diodoro
> Tel. +39 3939065570
>
> Tirasa S.r.l.
> Viale D'Annunzio 267 - 65127 Pescara
> Tel +39 0859116307 / FAX +39 0859111173
> http://www.tirasa.net
>
> Apache Syncope PMC Member
> http://people.apache.org/~mdisabatino/
Re: Assign group to user from DB
Posted by Marco Di Sabatino Di Diodoro <ma...@tirasa.net>.
Il 06/03/2017 16:40, Tech ha scritto:
>
> Actually you were right, we used already a "beforeUpdate".
>
> Here the code, there is nothing strange apparently, the boolean
> "result" returns "true", but the user is not added to the group
>
>
> /
> /
>
> /@Transactional//
> // @Override//
> // public <A extends AnyTO, M extends AnyPatch> SyncDelta
> beforeUpdate(//
> // final ProvisioningProfile<?, ?> profile,//
> // final SyncDelta delta,//
> // final A any,//
> // final M anyPatch) throws JobExecutionException {//
> //
> // if (anyPatch instanceof UserPatch) {//
> // final UserTO user = ((UserTO) any);//
> // Group oGroup = null;/
>
> / String oGroupColumn = "group_colum";/
>
> / Set<AttrTO> attrs = user.getPlainAttrs();//
> /
>
> / for(AttrTO attr : attrs) {//
> // if(attr.getSchema().equalsIgnoreCase( oGroupColumn)){//
> // LOG.warn("We check the schema:"+
> attr.getSchema()); //Found//
> // LOG.warn("Content:
> "+attr.getValues().get(0).toString()); //Found//
> // oGroup =
> groupDAO.findByName(attr.getValues().get(0).toString());//
> // LOG.warn("Group Key: "+oGroup.getKey()); //Group
> key correctly retrieved//
> // final MembershipTO membershipTO = new
> MembershipTO.Builder().group(oGroup.getKey()).build();//
> // LOG.warn("Check membership :"+
> membershipTO.getGroupKey()); //Correct, it corresponds to the previous
> group key//
> // LOG.warn("Get user key:"+ user.getUsername());
> // Correct, it corresponds to what found in Syncope DB//
> // boolean result =
> user.getMemberships().add(membershipTO); //
> // LOG.warn("Was the user added to the group?:
> "+result); // Returns true//
> // }//
> // group = user.getPlainAttrMap().get("role");//
> // }//
> // return delta;//
> // }//
> //
> /
>
>
If you're working in the beforeUpdate you need to update the UserPatch
object:
final UserPatch userPatch = (UserPatch) anyMod;
final MembershipPatch membershipPatch = new
MembershipPatch.Builder().group(/oGroup.getKey()/).build();
userPatch.getMemberships().add(membershipPatch);
Regards
Marco
>
>
> On 06/03/17 16:10, Marco Di Sabatino Di Diodoro wrote:
>>
>> Hi,
>>
>>
>> Il 06/03/2017 15:45, Tech ha scritto:
>>>
>>> Hello,
>>>
>>> as suggested, we started to work on the easiest case, we created the
>>> Group1 in Syncope manually and we inserted into the database column
>>> "Group" the entry "Group1".
>>>
>>> We implemented only an "after" in this case: we pulled the
>>> information into Syncope and after the java is running.
>>>
>>> Following the log we see that:
>>>
>>> * we are able to find the user, and his userkey
>>> * we are able to find the group column (a new custom field into
>>> Syncope)
>>> * we are able to find the group key of the group into Syncope,
>>> based on the group column found in the previous point
>>> * we create the membership based on the group key (final
>>> MembershipTO membershipTO = new
>>> MembershipTO.Builder().group(group.getKey()).build();)
>>> * we add the membership to the user.
>>>
>>> Checking the return value of the last "add(membershipTO)", we see
>>> that it's returning a "true", therefore we think that everything
>>> went well, but when we enter into the admin console of Syncope, the
>>> user has not being assigned to the Group1.
>>>
>>> Is there a missing step?
>>>
>> you're near the solution. I presume you're working with UserTO. So,
>> to update an user during the pull process, you must implement the
>> assignment of the membership during beforeProvision, beforeAssign or
>> beforeUpdate.
>>
>> Updating the UserTO in the "after" is too late. The only way to
>> update an user in the after is with the DAO.
>>
>> Regards
>> Marco
>>
>>> Thanks
>>>
>>>
>>>
>>>
>>>
>>> On 03/03/17 19:49, Marco Di Sabatino Di Diodoro wrote:
>>>>
>>>> Hi,
>>>>
>>>>
>>>> Il 03/03/2017 15:53, Tech ha scritto:
>>>>>
>>>>> Hello Francesco,
>>>>>
>>>>> we went through the directory core/src/test/resources/scriptedsql,
>>>>> but we didn't find any concrete example that might help us to
>>>>> implement what we might need to do, we were expecting that the
>>>>> solution was in the PullActions, but we didn't understood that
>>>>> that was addressing only __ACCOUNT__ and not groups.
>>>>>
>>>>> What steps should be followed to assign the User1 to Group1 in
>>>>> Syncope when the information into the database are something like
>>>>>
>>>>> USERNAME | GROUP
>>>>>
>>>>> User1 | Group1
>>>>>
>>>>> User2 | Group1
>>>>>
>>>>> ?
>>>> The Scripted Sqlallows to synchronize users, groups or any type.
>>>> Groovy script gives the possibility to specify which type of object
>>>> you like to manage, for example, during a search you can add
>>>> different case statement one for each type:
>>>>
>>>> switch ( objectClass ) {
>>>> case "__ACCOUNT__":
>>>> sql.eachRow("SELECT * FROM Users " + where",
>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>> NAME:it.name, ...,....])} );
>>>> break
>>>>
>>>> case "__GROUPS__":
>>>> sql.eachRow("SELECT * FROM Groups " + where",
>>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>>> NAME:it.name, ...,....])} );
>>>> break
>>>>
>>>> case "__DEPARTMENT__":
>>>> sql.eachRow("SELECT * FROM Departments " + where",
>>>> {result.add([__UID__:it.id, __NAME__:it.id, NAME:it.name,
>>>> DEPARTMENT:it.department, ...,....])} );
>>>> break
>>>>
>>>> default:
>>>> result;
>>>> }
>>>>
>>>> In order to assign a group to a user, you must implement a pull
>>>> action. But before doing this, you have to know if thegroups
>>>> already exist on Syncope or are to be created simultaneously with
>>>> the users. In the first case you need to implement a simpler action:
>>>>
>>>> final UserTO userTO = (UserTO) entity;
>>>>
>>>> Group group = groupDAO.findByName(groupName);
>>>> if (group == null) {
>>>> throw new RuntimeException("Group not found");
>>>> }
>>>>
>>>> final MembershipTO membershipTO = new
>>>> MembershipTO.Builder().group(group.getKey()).build();
>>>> userTO.getMemberships().add(membershipTO);
>>>>
>>>> second case you must create the group (with dao)
>>>>
>>>> Group group = groupDAO.findByName(groupName);
>>>> if (group == null) {
>>>> group = entityFactory.newEntity(Group.class);
>>>> group.setRealm(realmDAO.getRoot());
>>>> group.setName(groupName);
>>>> group = groupDAO.save(courseGroup);
>>>> }
>>>>
>>>> and then assign it to the user during the after action.
>>>>
>>>> Regards
>>>> M
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 01/03/17 14:40, Francesco Chicchiriccò wrote:
>>>>>> Hi,
>>>>>> are you sure that you are using the Scripted SQL connector?
>>>>>> The Database Table connector, in fact, only provides support for
>>>>>> the __ACCOUNT__ ObjectClass, e.g. only for users, as suggested by
>>>>>> the error below.
>>>>>>
>>>>>> In order to use the Scripted SQL connector, you must also provide
>>>>>> the adequate Groovy scripts matching your own database schema;
>>>>>> some samples can be found under the
>>>>>>
>>>>>> core/src/test/resources/scriptedsql
>>>>>>
>>>>>> directory of your generated Maven project.
>>>>>>
>>>>>> HTH
>>>>>> Regards.
>>>>>>
>>>>>> On 27/02/2017 17:47, Tech wrote:
>>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> coming back to this point: we prepared the code to integrate the
>>>>>>> group propagation from a DB to Syncope but we encountered some
>>>>>>> problems.
>>>>>>>
>>>>>>> Before integrating the code that we developed, we started to add
>>>>>>> the concept of Group into our system.
>>>>>>>
>>>>>>> * Our database has a column called "role", where the only
>>>>>>> content is "GroupTest".
>>>>>>> * We created the group "GroupTest" also in Syncope to have a
>>>>>>> 1:1 relation.
>>>>>>> * We created the type "role" and we put it into the
>>>>>>> "BaseGroup" schema.
>>>>>>> * We go back to the resources and we Edit provision rules, we
>>>>>>> add a Group that we map with name:role.
>>>>>>>
>>>>>>> Since now on, every Pull, also the one for the Users, will
>>>>>>> terminate in a FAILURE with the error:
>>>>>>>
>>>>>>> org.quartz.JobExecutionException: While pulling from connector
>>>>>>> [See nested exception: java.lang.IllegalArgumentException:
>>>>>>> Operation requires an Account ObjectClass.]
>>>>>>> at
>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>>>>>>> at
>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>>>>>>> at
>>>>>>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>>>>>>> at
>>>>>>> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
>>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>>> at
>>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>>>>>> at
>>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>>>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>>>>>
>>>>>>>
>>>>>>> Removing the mapping of the group, everything will turn back to
>>>>>>> normality.
>>>>>>>
>>>>>>> Any idea why this could happen?
>>>>>>>
>>>>>>> Thanks!
>>>>>>>
>>>>>>> On 06/02/17 17:58, Marco Di Sabatino Di Diodoro wrote:
>>>>>>>
>>>>>>>> Il 06/02/2017 17:41, Marco Di Sabatino Di Diodoro ha scritto:
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Il 06/02/2017 17:11, Tech ha scritto:
>>>>>>>>>>
>>>>>>>>>> Dear experts,
>>>>>>>>>>
>>>>>>>>>> we're pulling information from a database. We want to assign
>>>>>>>>>> automatically a group to a user.
>>>>>>>>>>
>>>>>>>>>> The original table has a format like
>>>>>>>>>>
>>>>>>>>>> -- "USERNAME" : "user01"
>>>>>>>>>>
>>>>>>>>>> -- "ROLE": "employee"
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> In a pull task is possible to add a template. The template can
>>>>>>>>> be used for setting default values on entities during a pull task.
>>>>>>>>> To configure a template go to Topology --> select the external
>>>>>>>>> resource to pull --> Pull Task and click the Template icon [1
>>>>>>>>> Pull Templates].
>>>>>>>>>
>>>>>>>>> [1]
>>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#provisioning-pull
>>>>>>>>
>>>>>>>> If a User is associated to a Group in your Database, and you
>>>>>>>> like assign the corresponding User as a member of the
>>>>>>>> corresponding Group in Syncope, you must implement a Pull
>>>>>>>> Action [1]. Connid doesn't implement the assignment of a
>>>>>>>> membership, so to obviate we can use a pull action.
>>>>>>>>
>>>>>>>> [1]
>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#pullactions
>>>>>>>>>>
>>>>>>>>>> We want the user being created into Syncope associated to the
>>>>>>>>>> already existing group "employee", but we don't see how to
>>>>>>>>>> create this association.
>>>>>>>>>>
>>>>>>>>>> Is there any reference that we should check?
>>>>>>>>>>
>>>>>>>>>> Thanks
>>>>>>>>>>
>>>>>> --
>>>>>> Francesco Chicchiriccò
>>>>>>
>>>>>> Tirasa - Open Source Excellence
>>>>>> http://www.tirasa.net/
>>>>>>
>>>>>> Member at The Apache Software Foundation
>>>>>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>>>>>> http://home.apache.org/~ilgrosso/
>>>>>
>>>>
>>>> --
>>>> Dott. Marco Di Sabatino Di Diodoro
>>>> Tel. +39 3939065570
>>>>
>>>> Tirasa S.r.l.
>>>> Viale D'Annunzio 267 - 65127 Pescara
>>>> Tel +39 0859116307 / FAX +39 0859111173
>>>> http://www.tirasa.net
>>>>
>>>> Apache Syncope PMC Member
>>>> http://people.apache.org/~mdisabatino/
>>>
>>
>> --
>> Dott. Marco Di Sabatino Di Diodoro
>> Tel. +39 3939065570
>>
>> Tirasa S.r.l.
>> Viale D'Annunzio 267 - 65127 Pescara
>> Tel +39 0859116307 / FAX +39 0859111173
>> http://www.tirasa.net
>>
>> Apache Syncope PMC Member
>> http://people.apache.org/~mdisabatino/
>
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
Re: Assign group to user from DB
Posted by Tech <te...@psynd.net>.
Actually you were right, we used already a "beforeUpdate".
Here the code, there is nothing strange apparently, the boolean "result"
returns "true", but the user is not added to the group
/
/
/@Transactional//
// @Override//
// public <A extends AnyTO, M extends AnyPatch> SyncDelta beforeUpdate(//
// final ProvisioningProfile<?, ?> profile,//
// final SyncDelta delta,//
// final A any,//
// final M anyPatch) throws JobExecutionException {//
//
// if (anyPatch instanceof UserPatch) {//
// final UserTO user = ((UserTO) any);//
// Group oGroup = null;/
/ String oGroupColumn = "group_colum";/
/ Set<AttrTO> attrs = user.getPlainAttrs();//
/
/ for(AttrTO attr : attrs) {//
// if(attr.getSchema().equalsIgnoreCase( oGroupColumn)){//
// LOG.warn("We check the schema:"+
attr.getSchema()); //Found//
// LOG.warn("Content:
"+attr.getValues().get(0).toString()); //Found//
// oGroup =
groupDAO.findByName(attr.getValues().get(0).toString());//
// LOG.warn("Group Key: "+oGroup.getKey()); //Group
key correctly retrieved//
// final MembershipTO membershipTO = new
MembershipTO.Builder().group(oGroup.getKey()).build();//
// LOG.warn("Check membership :"+
membershipTO.getGroupKey()); //Correct, it corresponds to the previous
group key//
// LOG.warn("Get user key:"+ user.getUsername()); //
Correct, it corresponds to what found in Syncope DB//
// boolean result =
user.getMemberships().add(membershipTO); //
// LOG.warn("Was the user added to the group?:
"+result); // Returns true//
// }//
// group = user.getPlainAttrMap().get("role");//
// }//
// return delta;//
// }//
//
/
On 06/03/17 16:10, Marco Di Sabatino Di Diodoro wrote:
>
> Hi,
>
>
> Il 06/03/2017 15:45, Tech ha scritto:
>>
>> Hello,
>>
>> as suggested, we started to work on the easiest case, we created the
>> Group1 in Syncope manually and we inserted into the database column
>> "Group" the entry "Group1".
>>
>> We implemented only an "after" in this case: we pulled the
>> information into Syncope and after the java is running.
>>
>> Following the log we see that:
>>
>> * we are able to find the user, and his userkey
>> * we are able to find the group column (a new custom field into
>> Syncope)
>> * we are able to find the group key of the group into Syncope,
>> based on the group column found in the previous point
>> * we create the membership based on the group key (final
>> MembershipTO membershipTO = new
>> MembershipTO.Builder().group(group.getKey()).build();)
>> * we add the membership to the user.
>>
>> Checking the return value of the last "add(membershipTO)", we see
>> that it's returning a "true", therefore we think that everything went
>> well, but when we enter into the admin console of Syncope, the user
>> has not being assigned to the Group1.
>>
>> Is there a missing step?
>>
> you're near the solution. I presume you're working with UserTO. So, to
> update an user during the pull process, you must implement the
> assignment of the membership during beforeProvision, beforeAssign or
> beforeUpdate.
>
> Updating the UserTO in the "after" is too late. The only way to update
> an user in the after is with the DAO.
>
> Regards
> Marco
>
>> Thanks
>>
>>
>>
>>
>>
>> On 03/03/17 19:49, Marco Di Sabatino Di Diodoro wrote:
>>>
>>> Hi,
>>>
>>>
>>> Il 03/03/2017 15:53, Tech ha scritto:
>>>>
>>>> Hello Francesco,
>>>>
>>>> we went through the directory core/src/test/resources/scriptedsql,
>>>> but we didn't find any concrete example that might help us to
>>>> implement what we might need to do, we were expecting that the
>>>> solution was in the PullActions, but we didn't understood that that
>>>> was addressing only __ACCOUNT__ and not groups.
>>>>
>>>> What steps should be followed to assign the User1 to Group1 in
>>>> Syncope when the information into the database are something like
>>>>
>>>> USERNAME | GROUP
>>>>
>>>> User1 | Group1
>>>>
>>>> User2 | Group1
>>>>
>>>> ?
>>> The Scripted Sqlallows to synchronize users, groups or any type.
>>> Groovy script gives the possibility to specify which type of object
>>> you like to manage, for example, during a search you can add
>>> different case statement one for each type:
>>>
>>> switch ( objectClass ) {
>>> case "__ACCOUNT__":
>>> sql.eachRow("SELECT * FROM Users " + where",
>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>> NAME:it.name, ...,....])} );
>>> break
>>>
>>> case "__GROUPS__":
>>> sql.eachRow("SELECT * FROM Groups " + where",
>>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>>> NAME:it.name, ...,....])} );
>>> break
>>>
>>> case "__DEPARTMENT__":
>>> sql.eachRow("SELECT * FROM Departments " + where",
>>> {result.add([__UID__:it.id, __NAME__:it.id, NAME:it.name,
>>> DEPARTMENT:it.department, ...,....])} );
>>> break
>>>
>>> default:
>>> result;
>>> }
>>>
>>> In order to assign a group to a user, you must implement a pull
>>> action. But before doing this, you have to know if thegroups already
>>> exist on Syncope or are to be created simultaneously with the users.
>>> In the first case you need to implement a simpler action:
>>>
>>> final UserTO userTO = (UserTO) entity;
>>>
>>> Group group = groupDAO.findByName(groupName);
>>> if (group == null) {
>>> throw new RuntimeException("Group not found");
>>> }
>>>
>>> final MembershipTO membershipTO = new
>>> MembershipTO.Builder().group(group.getKey()).build();
>>> userTO.getMemberships().add(membershipTO);
>>>
>>> second case you must create the group (with dao)
>>>
>>> Group group = groupDAO.findByName(groupName);
>>> if (group == null) {
>>> group = entityFactory.newEntity(Group.class);
>>> group.setRealm(realmDAO.getRoot());
>>> group.setName(groupName);
>>> group = groupDAO.save(courseGroup);
>>> }
>>>
>>> and then assign it to the user during the after action.
>>>
>>> Regards
>>> M
>>>>
>>>> Thanks
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 01/03/17 14:40, Francesco Chicchiricc� wrote:
>>>>> Hi,
>>>>> are you sure that you are using the Scripted SQL connector?
>>>>> The Database Table connector, in fact, only provides support for
>>>>> the __ACCOUNT__ ObjectClass, e.g. only for users, as suggested by
>>>>> the error below.
>>>>>
>>>>> In order to use the Scripted SQL connector, you must also provide
>>>>> the adequate Groovy scripts matching your own database schema;
>>>>> some samples can be found under the
>>>>>
>>>>> core/src/test/resources/scriptedsql
>>>>>
>>>>> directory of your generated Maven project.
>>>>>
>>>>> HTH
>>>>> Regards.
>>>>>
>>>>> On 27/02/2017 17:47, Tech wrote:
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> coming back to this point: we prepared the code to integrate the
>>>>>> group propagation from a DB to Syncope but we encountered some
>>>>>> problems.
>>>>>>
>>>>>> Before integrating the code that we developed, we started to add
>>>>>> the concept of Group into our system.
>>>>>>
>>>>>> * Our database has a column called "role", where the only
>>>>>> content is "GroupTest".
>>>>>> * We created the group "GroupTest" also in Syncope to have a
>>>>>> 1:1 relation.
>>>>>> * We created the type "role" and we put it into the "BaseGroup"
>>>>>> schema.
>>>>>> * We go back to the resources and we Edit provision rules, we
>>>>>> add a Group that we map with name:role.
>>>>>>
>>>>>> Since now on, every Pull, also the one for the Users, will
>>>>>> terminate in a FAILURE with the error:
>>>>>>
>>>>>> org.quartz.JobExecutionException: While pulling from connector
>>>>>> [See nested exception: java.lang.IllegalArgumentException:
>>>>>> Operation requires an Account ObjectClass.]
>>>>>> at
>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>>>>>> at
>>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>>>>>> at
>>>>>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>>>>>> at
>>>>>> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>> at
>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>>>>> at
>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>>>>
>>>>>>
>>>>>> Removing the mapping of the group, everything will turn back to
>>>>>> normality.
>>>>>>
>>>>>> Any idea why this could happen?
>>>>>>
>>>>>> Thanks!
>>>>>>
>>>>>> On 06/02/17 17:58, Marco Di Sabatino Di Diodoro wrote:
>>>>>>
>>>>>>> Il 06/02/2017 17:41, Marco Di Sabatino Di Diodoro ha scritto:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>>
>>>>>>>> Il 06/02/2017 17:11, Tech ha scritto:
>>>>>>>>>
>>>>>>>>> Dear experts,
>>>>>>>>>
>>>>>>>>> we're pulling information from a database. We want to assign
>>>>>>>>> automatically a group to a user.
>>>>>>>>>
>>>>>>>>> The original table has a format like
>>>>>>>>>
>>>>>>>>> -- "USERNAME" : "user01"
>>>>>>>>>
>>>>>>>>> -- "ROLE": "employee"
>>>>>>>>>
>>>>>>>>
>>>>>>>> In a pull task is possible to add a template. The template can
>>>>>>>> be used for setting default values on entities during a pull task.
>>>>>>>> To configure a template go to Topology --> select the external
>>>>>>>> resource to pull --> Pull Task and click the Template icon [1
>>>>>>>> Pull Templates].
>>>>>>>>
>>>>>>>> [1]
>>>>>>>> https://syncope.apache.org/docs/reference-guide.html#provisioning-pull
>>>>>>>
>>>>>>> If a User is associated to a Group in your Database, and you
>>>>>>> like assign the corresponding User as a member of the
>>>>>>> corresponding Group in Syncope, you must implement a Pull Action
>>>>>>> [1]. Connid doesn't implement the assignment of a membership, so
>>>>>>> to obviate we can use a pull action.
>>>>>>>
>>>>>>> [1] https://syncope.apache.org/docs/reference-guide.html#pullactions
>>>>>>>>>
>>>>>>>>> We want the user being created into Syncope associated to the
>>>>>>>>> already existing group "employee", but we don't see how to
>>>>>>>>> create this association.
>>>>>>>>>
>>>>>>>>> Is there any reference that we should check?
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>>
>>>>> --
>>>>> Francesco Chicchiricc�
>>>>>
>>>>> Tirasa - Open Source Excellence
>>>>> http://www.tirasa.net/
>>>>>
>>>>> Member at The Apache Software Foundation
>>>>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>>>>> http://home.apache.org/~ilgrosso/
>>>>
>>>
>>> --
>>> Dott. Marco Di Sabatino Di Diodoro
>>> Tel. +39 3939065570
>>>
>>> Tirasa S.r.l.
>>> Viale D'Annunzio 267 - 65127 Pescara
>>> Tel +39 0859116307 / FAX +39 0859111173
>>> http://www.tirasa.net
>>>
>>> Apache Syncope PMC Member
>>> http://people.apache.org/~mdisabatino/
>>
>
> --
> Dott. Marco Di Sabatino Di Diodoro
> Tel. +39 3939065570
>
> Tirasa S.r.l.
> Viale D'Annunzio 267 - 65127 Pescara
> Tel +39 0859116307 / FAX +39 0859111173
> http://www.tirasa.net
>
> Apache Syncope PMC Member
> http://people.apache.org/~mdisabatino/
Re: Assign group to user from DB
Posted by Marco Di Sabatino Di Diodoro <ma...@tirasa.net>.
Hi,
Il 06/03/2017 15:45, Tech ha scritto:
>
> Hello,
>
> as suggested, we started to work on the easiest case, we created the
> Group1 in Syncope manually and we inserted into the database column
> "Group" the entry "Group1".
>
> We implemented only an "after" in this case: we pulled the information
> into Syncope and after the java is running.
>
> Following the log we see that:
>
> * we are able to find the user, and his userkey
> * we are able to find the group column (a new custom field into Syncope)
> * we are able to find the group key of the group into Syncope, based
> on the group column found in the previous point
> * we create the membership based on the group key (final
> MembershipTO membershipTO = new
> MembershipTO.Builder().group(group.getKey()).build();)
> * we add the membership to the user.
>
> Checking the return value of the last "add(membershipTO)", we see that
> it's returning a "true", therefore we think that everything went well,
> but when we enter into the admin console of Syncope, the user has not
> being assigned to the Group1.
>
> Is there a missing step?
>
you're near the solution. I presume you're working with UserTO. So, to
update an user during the pull process, you must implement the
assignment of the membership during beforeProvision, beforeAssign or
beforeUpdate.
Updating the UserTO in the "after" is too late. The only way to update
an user in the after is with the DAO.
Regards
Marco
> Thanks
>
>
>
>
>
> On 03/03/17 19:49, Marco Di Sabatino Di Diodoro wrote:
>>
>> Hi,
>>
>>
>> Il 03/03/2017 15:53, Tech ha scritto:
>>>
>>> Hello Francesco,
>>>
>>> we went through the directory core/src/test/resources/scriptedsql,
>>> but we didn't find any concrete example that might help us to
>>> implement what we might need to do, we were expecting that the
>>> solution was in the PullActions, but we didn't understood that that
>>> was addressing only __ACCOUNT__ and not groups.
>>>
>>> What steps should be followed to assign the User1 to Group1 in
>>> Syncope when the information into the database are something like
>>>
>>> USERNAME | GROUP
>>>
>>> User1 | Group1
>>>
>>> User2 | Group1
>>>
>>> ?
>> The Scripted Sqlallows to synchronize users, groups or any type.
>> Groovy script gives the possibility to specify which type of object
>> you like to manage, for example, during a search you can add
>> different case statement one for each type:
>>
>> switch ( objectClass ) {
>> case "__ACCOUNT__":
>> sql.eachRow("SELECT * FROM Users " + where",
>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>> NAME:it.name, ...,....])} );
>> break
>>
>> case "__GROUPS__":
>> sql.eachRow("SELECT * FROM Groups " + where",
>> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
>> NAME:it.name, ...,....])} );
>> break
>>
>> case "__DEPARTMENT__":
>> sql.eachRow("SELECT * FROM Departments " + where",
>> {result.add([__UID__:it.id, __NAME__:it.id, NAME:it.name,
>> DEPARTMENT:it.department, ...,....])} );
>> break
>>
>> default:
>> result;
>> }
>>
>> In order to assign a group to a user, you must implement a pull
>> action. But before doing this, you have to know if thegroups already
>> exist on Syncope or are to be created simultaneously with the users.
>> In the first case you need to implement a simpler action:
>>
>> final UserTO userTO = (UserTO) entity;
>>
>> Group group = groupDAO.findByName(groupName);
>> if (group == null) {
>> throw new RuntimeException("Group not found");
>> }
>>
>> final MembershipTO membershipTO = new
>> MembershipTO.Builder().group(group.getKey()).build();
>> userTO.getMemberships().add(membershipTO);
>>
>> second case you must create the group (with dao)
>>
>> Group group = groupDAO.findByName(groupName);
>> if (group == null) {
>> group = entityFactory.newEntity(Group.class);
>> group.setRealm(realmDAO.getRoot());
>> group.setName(groupName);
>> group = groupDAO.save(courseGroup);
>> }
>>
>> and then assign it to the user during the after action.
>>
>> Regards
>> M
>>>
>>> Thanks
>>>
>>>
>>>
>>>
>>>
>>> On 01/03/17 14:40, Francesco Chicchiriccò wrote:
>>>> Hi,
>>>> are you sure that you are using the Scripted SQL connector?
>>>> The Database Table connector, in fact, only provides support for
>>>> the __ACCOUNT__ ObjectClass, e.g. only for users, as suggested by
>>>> the error below.
>>>>
>>>> In order to use the Scripted SQL connector, you must also provide
>>>> the adequate Groovy scripts matching your own database schema; some
>>>> samples can be found under the
>>>>
>>>> core/src/test/resources/scriptedsql
>>>>
>>>> directory of your generated Maven project.
>>>>
>>>> HTH
>>>> Regards.
>>>>
>>>> On 27/02/2017 17:47, Tech wrote:
>>>>>
>>>>> Hello,
>>>>>
>>>>> coming back to this point: we prepared the code to integrate the
>>>>> group propagation from a DB to Syncope but we encountered some
>>>>> problems.
>>>>>
>>>>> Before integrating the code that we developed, we started to add
>>>>> the concept of Group into our system.
>>>>>
>>>>> * Our database has a column called "role", where the only
>>>>> content is "GroupTest".
>>>>> * We created the group "GroupTest" also in Syncope to have a 1:1
>>>>> relation.
>>>>> * We created the type "role" and we put it into the "BaseGroup"
>>>>> schema.
>>>>> * We go back to the resources and we Edit provision rules, we
>>>>> add a Group that we map with name:role.
>>>>>
>>>>> Since now on, every Pull, also the one for the Users, will
>>>>> terminate in a FAILURE with the error:
>>>>>
>>>>> org.quartz.JobExecutionException: While pulling from connector
>>>>> [See nested exception: java.lang.IllegalArgumentException:
>>>>> Operation requires an Account ObjectClass.]
>>>>> at
>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>>>>> at
>>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>>>>> at
>>>>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>>>>> at
>>>>> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>> at
>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>>>> at
>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>>>
>>>>>
>>>>> Removing the mapping of the group, everything will turn back to
>>>>> normality.
>>>>>
>>>>> Any idea why this could happen?
>>>>>
>>>>> Thanks!
>>>>>
>>>>> On 06/02/17 17:58, Marco Di Sabatino Di Diodoro wrote:
>>>>>
>>>>>> Il 06/02/2017 17:41, Marco Di Sabatino Di Diodoro ha scritto:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>>
>>>>>>> Il 06/02/2017 17:11, Tech ha scritto:
>>>>>>>>
>>>>>>>> Dear experts,
>>>>>>>>
>>>>>>>> we're pulling information from a database. We want to assign
>>>>>>>> automatically a group to a user.
>>>>>>>>
>>>>>>>> The original table has a format like
>>>>>>>>
>>>>>>>> -- "USERNAME" : "user01"
>>>>>>>>
>>>>>>>> -- "ROLE": "employee"
>>>>>>>>
>>>>>>>
>>>>>>> In a pull task is possible to add a template. The template can
>>>>>>> be used for setting default values on entities during a pull task.
>>>>>>> To configure a template go to Topology --> select the external
>>>>>>> resource to pull --> Pull Task and click the Template icon [1
>>>>>>> Pull Templates].
>>>>>>>
>>>>>>> [1]
>>>>>>> https://syncope.apache.org/docs/reference-guide.html#provisioning-pull
>>>>>>
>>>>>> If a User is associated to a Group in your Database, and you like
>>>>>> assign the corresponding User as a member of the corresponding
>>>>>> Group in Syncope, you must implement a Pull Action [1]. Connid
>>>>>> doesn't implement the assignment of a membership, so to obviate
>>>>>> we can use a pull action.
>>>>>>
>>>>>> [1] https://syncope.apache.org/docs/reference-guide.html#pullactions
>>>>>>>>
>>>>>>>> We want the user being created into Syncope associated to the
>>>>>>>> already existing group "employee", but we don't see how to
>>>>>>>> create this association.
>>>>>>>>
>>>>>>>> Is there any reference that we should check?
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>>
>>>> --
>>>> Francesco Chicchiriccò
>>>>
>>>> Tirasa - Open Source Excellence
>>>> http://www.tirasa.net/
>>>>
>>>> Member at The Apache Software Foundation
>>>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>>>> http://home.apache.org/~ilgrosso/
>>>
>>
>> --
>> Dott. Marco Di Sabatino Di Diodoro
>> Tel. +39 3939065570
>>
>> Tirasa S.r.l.
>> Viale D'Annunzio 267 - 65127 Pescara
>> Tel +39 0859116307 / FAX +39 0859111173
>> http://www.tirasa.net
>>
>> Apache Syncope PMC Member
>> http://people.apache.org/~mdisabatino/
>
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
Re: Assign group to user from DB
Posted by Tech <te...@psynd.net>.
Hello,
as suggested, we started to work on the easiest case, we created the
Group1 in Syncope manually and we inserted into the database column
"Group" the entry "Group1".
We implemented only an "after" in this case: we pulled the information
into Syncope and after the java is running.
Following the log we see that:
* we are able to find the user, and his userkey
* we are able to find the group column (a new custom field into Syncope)
* we are able to find the group key of the group into Syncope, based
on the group column found in the previous point
* we create the membership based on the group key (final MembershipTO
membershipTO = new
MembershipTO.Builder().group(group.getKey()).build();)
* we add the membership to the user.
Checking the return value of the last "add(membershipTO)", we see that
it's returning a "true", therefore we think that everything went well,
but when we enter into the admin console of Syncope, the user has not
being assigned to the Group1.
Is there a missing step?
Thanks
On 03/03/17 19:49, Marco Di Sabatino Di Diodoro wrote:
>
> Hi,
>
>
> Il 03/03/2017 15:53, Tech ha scritto:
>>
>> Hello Francesco,
>>
>> we went through the directory core/src/test/resources/scriptedsql,
>> but we didn't find any concrete example that might help us to
>> implement what we might need to do, we were expecting that the
>> solution was in the PullActions, but we didn't understood that that
>> was addressing only __ACCOUNT__ and not groups.
>>
>> What steps should be followed to assign the User1 to Group1 in
>> Syncope when the information into the database are something like
>>
>> USERNAME | GROUP
>>
>> User1 | Group1
>>
>> User2 | Group1
>>
>> ?
> The Scripted Sqlallows to synchronize users, groups or any type.
> Groovy script gives the possibility to specify which type of object
> you like to manage, for example, during a search you can add different
> case statement one for each type:
>
> switch ( objectClass ) {
> case "__ACCOUNT__":
> sql.eachRow("SELECT * FROM Users " + where",
> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
> NAME:it.name, ...,....])} );
> break
>
> case "__GROUPS__":
> sql.eachRow("SELECT * FROM Groups " + where",
> {result.add([__UID__:it.id, __NAME__:it.id, ID:it.id,
> NAME:it.name, ...,....])} );
> break
>
> case "__DEPARTMENT__":
> sql.eachRow("SELECT * FROM Departments " + where",
> {result.add([__UID__:it.id, __NAME__:it.id, NAME:it.name,
> DEPARTMENT:it.department, ...,....])} );
> break
>
> default:
> result;
> }
>
> In order to assign a group to a user, you must implement a pull
> action. But before doing this, you have to know if thegroups already
> exist on Syncope or are to be created simultaneously with the users.
> In the first case you need to implement a simpler action:
>
> final UserTO userTO = (UserTO) entity;
>
> Group group = groupDAO.findByName(groupName);
> if (group == null) {
> throw new RuntimeException("Group not found");
> }
>
> final MembershipTO membershipTO = new
> MembershipTO.Builder().group(group.getKey()).build();
> userTO.getMemberships().add(membershipTO);
>
> second case you must create the group (with dao)
>
> Group group = groupDAO.findByName(groupName);
> if (group == null) {
> group = entityFactory.newEntity(Group.class);
> group.setRealm(realmDAO.getRoot());
> group.setName(groupName);
> group = groupDAO.save(courseGroup);
> }
>
> and then assign it to the user during the after action.
>
> Regards
> M
>>
>> Thanks
>>
>>
>>
>>
>>
>> On 01/03/17 14:40, Francesco Chicchiricc� wrote:
>>> Hi,
>>> are you sure that you are using the Scripted SQL connector?
>>> The Database Table connector, in fact, only provides support for the
>>> __ACCOUNT__ ObjectClass, e.g. only for users, as suggested by the
>>> error below.
>>>
>>> In order to use the Scripted SQL connector, you must also provide
>>> the adequate Groovy scripts matching your own database schema; some
>>> samples can be found under the
>>>
>>> core/src/test/resources/scriptedsql
>>>
>>> directory of your generated Maven project.
>>>
>>> HTH
>>> Regards.
>>>
>>> On 27/02/2017 17:47, Tech wrote:
>>>>
>>>> Hello,
>>>>
>>>> coming back to this point: we prepared the code to integrate the
>>>> group propagation from a DB to Syncope but we encountered some
>>>> problems.
>>>>
>>>> Before integrating the code that we developed, we started to add
>>>> the concept of Group into our system.
>>>>
>>>> * Our database has a column called "role", where the only content
>>>> is "GroupTest".
>>>> * We created the group "GroupTest" also in Syncope to have a 1:1
>>>> relation.
>>>> * We created the type "role" and we put it into the "BaseGroup"
>>>> schema.
>>>> * We go back to the resources and we Edit provision rules, we add
>>>> a Group that we map with name:role.
>>>>
>>>> Since now on, every Pull, also the one for the Users, will
>>>> terminate in a FAILURE with the error:
>>>>
>>>> org.quartz.JobExecutionException: While pulling from connector [See
>>>> nested exception: java.lang.IllegalArgumentException: Operation
>>>> requires an Account ObjectClass.]
>>>> at
>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>>>> at
>>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>>>> at
>>>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>>>> at
>>>> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>> at
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>>> at
>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>>
>>>>
>>>> Removing the mapping of the group, everything will turn back to
>>>> normality.
>>>>
>>>> Any idea why this could happen?
>>>>
>>>> Thanks!
>>>>
>>>> On 06/02/17 17:58, Marco Di Sabatino Di Diodoro wrote:
>>>>
>>>>> Il 06/02/2017 17:41, Marco Di Sabatino Di Diodoro ha scritto:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>>
>>>>>> Il 06/02/2017 17:11, Tech ha scritto:
>>>>>>>
>>>>>>> Dear experts,
>>>>>>>
>>>>>>> we're pulling information from a database. We want to assign
>>>>>>> automatically a group to a user.
>>>>>>>
>>>>>>> The original table has a format like
>>>>>>>
>>>>>>> -- "USERNAME" : "user01"
>>>>>>>
>>>>>>> -- "ROLE": "employee"
>>>>>>>
>>>>>>
>>>>>> In a pull task is possible to add a template. The template can be
>>>>>> used for setting default values on entities during a pull task.
>>>>>> To configure a template go to Topology --> select the external
>>>>>> resource to pull --> Pull Task and click the Template icon [1
>>>>>> Pull Templates].
>>>>>>
>>>>>> [1]
>>>>>> https://syncope.apache.org/docs/reference-guide.html#provisioning-pull
>>>>>
>>>>> If a User is associated to a Group in your Database, and you like
>>>>> assign the corresponding User as a member of the corresponding
>>>>> Group in Syncope, you must implement a Pull Action [1]. Connid
>>>>> doesn't implement the assignment of a membership, so to obviate we
>>>>> can use a pull action.
>>>>>
>>>>> [1] https://syncope.apache.org/docs/reference-guide.html#pullactions
>>>>>>>
>>>>>>> We want the user being created into Syncope associated to the
>>>>>>> already existing group "employee", but we don't see how to
>>>>>>> create this association.
>>>>>>>
>>>>>>> Is there any reference that we should check?
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>> --
>>> Francesco Chicchiricc�
>>>
>>> Tirasa - Open Source Excellence
>>> http://www.tirasa.net/
>>>
>>> Member at The Apache Software Foundation
>>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>>> http://home.apache.org/~ilgrosso/
>>
>
> --
> Dott. Marco Di Sabatino Di Diodoro
> Tel. +39 3939065570
>
> Tirasa S.r.l.
> Viale D'Annunzio 267 - 65127 Pescara
> Tel +39 0859116307 / FAX +39 0859111173
> http://www.tirasa.net
>
> Apache Syncope PMC Member
> http://people.apache.org/~mdisabatino/
Re: Assign group to user from DB
Posted by Marco Di Sabatino Di Diodoro <ma...@tirasa.net>.
Hi,
Il 03/03/2017 15:53, Tech ha scritto:
>
> Hello Francesco,
>
> we went through the directory core/src/test/resources/scriptedsql, but
> we didn't find any concrete example that might help us to implement
> what we might need to do, we were expecting that the solution was in
> the PullActions, but we didn't understood that that was addressing
> only __ACCOUNT__ and not groups.
>
> What steps should be followed to assign the User1 to Group1 in Syncope
> when the information into the database are something like
>
> USERNAME | GROUP
>
> User1 | Group1
>
> User2 | Group1
>
> ?
The Scripted Sqlallows to synchronize users, groups or any type. Groovy
script gives the possibility to specify which type of object you like to
manage, for example, during a search you can add different case
statement one for each type:
switch ( objectClass ) {
case "__ACCOUNT__":
sql.eachRow("SELECT * FROM Users " + where",
{result.add([__UID__:it.id, __NAME__:it.id, ID:it.id, NAME:it.name,
...,....])} );
break
case "__GROUPS__":
sql.eachRow("SELECT * FROM Groups " + where",
{result.add([__UID__:it.id, __NAME__:it.id, ID:it.id, NAME:it.name,
...,....])} );
break
case "__DEPARTMENT__":
sql.eachRow("SELECT * FROM Departments " + where",
{result.add([__UID__:it.id, __NAME__:it.id, NAME:it.name,
DEPARTMENT:it.department, ...,....])} );
break
default:
result;
}
In order to assign a group to a user, you must implement a pull action.
But before doing this, you have to know if thegroups already exist on
Syncope or are to be created simultaneously with the users. In the first
case you need to implement a simpler action:
final UserTO userTO = (UserTO) entity;
Group group = groupDAO.findByName(groupName);
if (group == null) {
throw new RuntimeException("Group not found");
}
final MembershipTO membershipTO = new
MembershipTO.Builder().group(group.getKey()).build();
userTO.getMemberships().add(membershipTO);
second case you must create the group (with dao)
Group group = groupDAO.findByName(groupName);
if (group == null) {
group = entityFactory.newEntity(Group.class);
group.setRealm(realmDAO.getRoot());
group.setName(groupName);
group = groupDAO.save(courseGroup);
}
and then assign it to the user during the after action.
Regards
M
>
> Thanks
>
>
>
>
>
> On 01/03/17 14:40, Francesco Chicchiriccò wrote:
>> Hi,
>> are you sure that you are using the Scripted SQL connector?
>> The Database Table connector, in fact, only provides support for the
>> __ACCOUNT__ ObjectClass, e.g. only for users, as suggested by the
>> error below.
>>
>> In order to use the Scripted SQL connector, you must also provide the
>> adequate Groovy scripts matching your own database schema; some
>> samples can be found under the
>>
>> core/src/test/resources/scriptedsql
>>
>> directory of your generated Maven project.
>>
>> HTH
>> Regards.
>>
>> On 27/02/2017 17:47, Tech wrote:
>>>
>>> Hello,
>>>
>>> coming back to this point: we prepared the code to integrate the
>>> group propagation from a DB to Syncope but we encountered some problems.
>>>
>>> Before integrating the code that we developed, we started to add the
>>> concept of Group into our system.
>>>
>>> * Our database has a column called "role", where the only content
>>> is "GroupTest".
>>> * We created the group "GroupTest" also in Syncope to have a 1:1
>>> relation.
>>> * We created the type "role" and we put it into the "BaseGroup"
>>> schema.
>>> * We go back to the resources and we Edit provision rules, we add
>>> a Group that we map with name:role.
>>>
>>> Since now on, every Pull, also the one for the Users, will terminate
>>> in a FAILURE with the error:
>>>
>>> org.quartz.JobExecutionException: While pulling from connector [See
>>> nested exception: java.lang.IllegalArgumentException: Operation
>>> requires an Account ObjectClass.]
>>> at
>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>>> at
>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>>> at
>>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>>> at
>>> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:498)
>>>
>>>
>>> Removing the mapping of the group, everything will turn back to
>>> normality.
>>>
>>> Any idea why this could happen?
>>>
>>> Thanks!
>>>
>>> On 06/02/17 17:58, Marco Di Sabatino Di Diodoro wrote:
>>>
>>>> Il 06/02/2017 17:41, Marco Di Sabatino Di Diodoro ha scritto:
>>>>
>>>>> Hi,
>>>>>
>>>>>
>>>>> Il 06/02/2017 17:11, Tech ha scritto:
>>>>>>
>>>>>> Dear experts,
>>>>>>
>>>>>> we're pulling information from a database. We want to assign
>>>>>> automatically a group to a user.
>>>>>>
>>>>>> The original table has a format like
>>>>>>
>>>>>> -- "USERNAME" : "user01"
>>>>>>
>>>>>> -- "ROLE": "employee"
>>>>>>
>>>>>
>>>>> In a pull task is possible to add a template. The template can be
>>>>> used for setting default values on entities during a pull task.
>>>>> To configure a template go to Topology --> select the external
>>>>> resource to pull --> Pull Task and click the Template icon [1 Pull
>>>>> Templates].
>>>>>
>>>>> [1]
>>>>> https://syncope.apache.org/docs/reference-guide.html#provisioning-pull
>>>>
>>>> If a User is associated to a Group in your Database, and you like
>>>> assign the corresponding User as a member of the corresponding
>>>> Group in Syncope, you must implement a Pull Action [1]. Connid
>>>> doesn't implement the assignment of a membership, so to obviate we
>>>> can use a pull action.
>>>>
>>>> [1] https://syncope.apache.org/docs/reference-guide.html#pullactions
>>>>>>
>>>>>> We want the user being created into Syncope associated to the
>>>>>> already existing group "employee", but we don't see how to create
>>>>>> this association.
>>>>>>
>>>>>> Is there any reference that we should check?
>>>>>>
>>>>>> Thanks
>>>>>>
>> --
>> Francesco Chicchiriccò
>>
>> Tirasa - Open Source Excellence
>> http://www.tirasa.net/
>>
>> Member at The Apache Software Foundation
>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>> http://home.apache.org/~ilgrosso/
>
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
Re: Assign group to user from DB
Posted by Tech <te...@psynd.net>.
Hello Francesco,
we went through the directory core/src/test/resources/scriptedsql, but
we didn't find any concrete example that might help us to implement what
we might need to do, we were expecting that the solution was in the
PullActions, but we didn't understood that that was addressing only
__ACCOUNT__ and not groups.
What steps should be followed to assign the User1 to Group1 in Syncope
when the information into the database are something like
USERNAME | GROUP
User1 | Group1
User2 | Group1
?
Thanks
On 01/03/17 14:40, Francesco Chicchiricc� wrote:
> Hi,
> are you sure that you are using the Scripted SQL connector?
> The Database Table connector, in fact, only provides support for the
> __ACCOUNT__ ObjectClass, e.g. only for users, as suggested by the
> error below.
>
> In order to use the Scripted SQL connector, you must also provide the
> adequate Groovy scripts matching your own database schema; some
> samples can be found under the
>
> core/src/test/resources/scriptedsql
>
> directory of your generated Maven project.
>
> HTH
> Regards.
>
> On 27/02/2017 17:47, Tech wrote:
>>
>> Hello,
>>
>> coming back to this point: we prepared the code to integrate the
>> group propagation from a DB to Syncope but we encountered some problems.
>>
>> Before integrating the code that we developed, we started to add the
>> concept of Group into our system.
>>
>> * Our database has a column called "role", where the only content
>> is "GroupTest".
>> * We created the group "GroupTest" also in Syncope to have a 1:1
>> relation.
>> * We created the type "role" and we put it into the "BaseGroup" schema.
>> * We go back to the resources and we Edit provision rules, we add a
>> Group that we map with name:role.
>>
>> Since now on, every Pull, also the one for the Users, will terminate
>> in a FAILURE with the error:
>>
>> org.quartz.JobExecutionException: While pulling from connector [See
>> nested exception: java.lang.IllegalArgumentException: Operation
>> requires an Account ObjectClass.]
>> at
>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>> at
>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>> at
>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>> at
>> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>>
>>
>> Removing the mapping of the group, everything will turn back to
>> normality.
>>
>> Any idea why this could happen?
>>
>> Thanks!
>>
>> On 06/02/17 17:58, Marco Di Sabatino Di Diodoro wrote:
>>
>>> Il 06/02/2017 17:41, Marco Di Sabatino Di Diodoro ha scritto:
>>>
>>>> Hi,
>>>>
>>>>
>>>> Il 06/02/2017 17:11, Tech ha scritto:
>>>>>
>>>>> Dear experts,
>>>>>
>>>>> we're pulling information from a database. We want to assign
>>>>> automatically a group to a user.
>>>>>
>>>>> The original table has a format like
>>>>>
>>>>> -- "USERNAME" : "user01"
>>>>>
>>>>> -- "ROLE": "employee"
>>>>>
>>>>
>>>> In a pull task is possible to add a template. The template can be
>>>> used for setting default values on entities during a pull task.
>>>> To configure a template go to Topology --> select the external
>>>> resource to pull --> Pull Task and click the Template icon [1 Pull
>>>> Templates].
>>>>
>>>> [1]
>>>> https://syncope.apache.org/docs/reference-guide.html#provisioning-pull
>>>
>>> If a User is associated to a Group in your Database, and you like
>>> assign the corresponding User as a member of the corresponding Group
>>> in Syncope, you must implement a Pull Action [1]. Connid doesn't
>>> implement the assignment of a membership, so to obviate we can use a
>>> pull action.
>>>
>>> [1] https://syncope.apache.org/docs/reference-guide.html#pullactions
>>>>>
>>>>> We want the user being created into Syncope associated to the
>>>>> already existing group "employee", but we don't see how to create
>>>>> this association.
>>>>>
>>>>> Is there any reference that we should check?
>>>>>
>>>>> Thanks
>>>>>
> --
> Francesco Chicchiricc�
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
Re: Assign group to user from DB
Posted by Tech <te...@psynd.net>.
We didn't know at all that about the Scripted SQL connectors, we were
following the pull/pushactions examples.
On 01/03/17 14:40, Francesco Chicchiricc� wrote:
> Hi,
> are you sure that you are using the Scripted SQL connector?
> The Database Table connector, in fact, only provides support for the
> __ACCOUNT__ ObjectClass, e.g. only for users, as suggested by the
> error below.
>
> In order to use the Scripted SQL connector, you must also provide the
> adequate Groovy scripts matching your own database schema; some
> samples can be found under the
>
> core/src/test/resources/scriptedsql
>
> directory of your generated Maven project.
>
> HTH
> Regards.
>
> On 27/02/2017 17:47, Tech wrote:
>>
>> Hello,
>>
>> coming back to this point: we prepared the code to integrate the
>> group propagation from a DB to Syncope but we encountered some problems.
>>
>> Before integrating the code that we developed, we started to add the
>> concept of Group into our system.
>>
>> * Our database has a column called "role", where the only content
>> is "GroupTest".
>> * We created the group "GroupTest" also in Syncope to have a 1:1
>> relation.
>> * We created the type "role" and we put it into the "BaseGroup" schema.
>> * We go back to the resources and we Edit provision rules, we add a
>> Group that we map with name:role.
>>
>> Since now on, every Pull, also the one for the Users, will terminate
>> in a FAILURE with the error:
>>
>> org.quartz.JobExecutionException: While pulling from connector [See
>> nested exception: java.lang.IllegalArgumentException: Operation
>> requires an Account ObjectClass.]
>> at
>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>> at
>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>> at
>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>> at
>> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>>
>>
>> Removing the mapping of the group, everything will turn back to
>> normality.
>>
>> Any idea why this could happen?
>>
>> Thanks!
>>
>> On 06/02/17 17:58, Marco Di Sabatino Di Diodoro wrote:
>>
>>> Il 06/02/2017 17:41, Marco Di Sabatino Di Diodoro ha scritto:
>>>
>>>> Hi,
>>>>
>>>>
>>>> Il 06/02/2017 17:11, Tech ha scritto:
>>>>>
>>>>> Dear experts,
>>>>>
>>>>> we're pulling information from a database. We want to assign
>>>>> automatically a group to a user.
>>>>>
>>>>> The original table has a format like
>>>>>
>>>>> -- "USERNAME" : "user01"
>>>>>
>>>>> -- "ROLE": "employee"
>>>>>
>>>>
>>>> In a pull task is possible to add a template. The template can be
>>>> used for setting default values on entities during a pull task.
>>>> To configure a template go to Topology --> select the external
>>>> resource to pull --> Pull Task and click the Template icon [1 Pull
>>>> Templates].
>>>>
>>>> [1]
>>>> https://syncope.apache.org/docs/reference-guide.html#provisioning-pull
>>>
>>> If a User is associated to a Group in your Database, and you like
>>> assign the corresponding User as a member of the corresponding Group
>>> in Syncope, you must implement a Pull Action [1]. Connid doesn't
>>> implement the assignment of a membership, so to obviate we can use a
>>> pull action.
>>>
>>> [1] https://syncope.apache.org/docs/reference-guide.html#pullactions
>>>>>
>>>>> We want the user being created into Syncope associated to the
>>>>> already existing group "employee", but we don't see how to create
>>>>> this association.
>>>>>
>>>>> Is there any reference that we should check?
>>>>>
>>>>> Thanks
>>>>>
> --
> Francesco Chicchiricc�
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/