You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Nisreen <ni...@sts.com.jo> on 2016/03/29 15:19:22 UTC
Why LDAP external users are also saved at Syncope DB
Hi all;
I am a new syncope user, i have deployed it in my environment, and
configure it with an external LDAP resource, after synchronizing LDAP users
with syncope, i have noticed that users are also created at syncope internal
DB, how can i prevent this from happening, I might have a huge number of
users and i do not want them to be stored at syncope DB.
Thanks in advance
--
View this message in context: http://syncope-user.1051894.n5.nabble.com/Why-LDAP-external-users-are-also-saved-at-Syncope-DB-tp5708401.html
Sent from the syncope-user mailing list archive at Nabble.com.
Re: Why LDAP external users are also saved at Syncope DB
Posted by Nisreen <ni...@sts.com.jo>.
Thanks a lot for your reply Francesco;
I will stop working at the SYNC problem now, and get back to it later, but i
really need your input regrading the password problem, yes i am using
version 1.2.7, and i have set the action class to LDAPPasswordSyncAction,
and run the task, but when i try to edit the password of a certain user from
the admin console, it gives me success, and when i go to Apache directory
studio to check the LDAP entry that supposed to be updated, i found the
userPassword attribute deleted! highly appreciate any suggestions.
Thanx in advance
--
View this message in context: http://syncope-user.1051894.n5.nabble.com/Why-LDAP-external-users-are-also-saved-at-Syncope-DB-tp5708401p5708413.html
Sent from the syncope-user mailing list archive at Nabble.com.
Re: Why LDAP external users are also saved at Syncope DB
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 02/04/2016 15:21, Nisreen wrote:
> Thanks alot for your reply, would you please elaporate more on the second
> point, do you mean i can edit the ldap connid connector in a way that will
> support The SYNC operations?
Of course, no :-)
For having a given connector to support SYNC, someone needs to code the
logic that parses and reports about the given technology's changelog: at
the moment the ConnId LDAP connector only supports this for Oracle DSEE
/ RedHat 389 / OpenDJ - and the relevant classes are available at [1].
Should you need proper support for IBM TDS, you'll have to fork the
ConnId LDAP connector [2], add your code there and maybe eventually
request to have it merged back.
What I was referring to in my previous reply is the possibility - having
clear your own specific requirements - to adjust the overall
synchronization process by providing your own SyncActions classes [3].
Clearly, which logic is to code into such classes cannot be stated in
general here, but heavily depends on your organization's internal processes.
HTH
Regards.
[1]
https://github.com/Tirasa/ConnIdLDAPBundle/tree/master/src/main/java/net/tirasa/connid/bundles/ldap/sync/sunds
[2] https://github.com/Tirasa/ConnIdLDAPBundle
[3] https://cwiki.apache.org/confluence/display/SYNCOPE/SyncActionsClass
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF committer
http://home.apache.org/~ilgrosso/
Re: Why LDAP external users are also saved at Syncope DB
Posted by Nisreen <ni...@sts.com.jo>.
Thanks alot for your reply, would you please elaporate more on the second
point, do you mean i can edit the ldap connid connector in a way that will
support The SYNC operations?
Thanx in advance,,,
--
View this message in context: http://syncope-user.1051894.n5.nabble.com/Why-LDAP-external-users-are-also-saved-at-Syncope-DB-tp5708401p5708409.html
Sent from the syncope-user mailing list archive at Nabble.com.
Re: Why LDAP external users are also saved at Syncope DB
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 2016-04-01 19:26 Nisreen wrote:
> Thanks for your reply ,,,
> Well, i have three problems,
> 1. the first one is that there will be a large number of users, more
> than
> a million, will syncope be able to handle such a large number
> considering
> performance issues,,,,
My company has several customers with user base around 1 million, and
one counts about 8 million customers.
Naturally, as always with large numbers, you'll need to tweak and tune,
but I can assure you that is definitely possible, indeed.
> 2. I am connecting to IBM TDS ldap, where the LDAP connid bundle, dose
> not
> support SYNC operations, hence, everytime i run the sync task, all LDAP
> entries will be synced which will be a great performance issue, correct
> me
> if i am wrong please, plus if any one deleted a person from the LDAP,
> no way
> to tell syncope about this!!
You are right; without SYNC support on the underlying connector, there
is no OTB support for delete on Syncope.
There are, however, several possibilities to inject some smart logic
that will greatly help in obtaining better results than you might get
with default settings.
Or it might be simply easier to extend the ConnId LDAP connector with
support for IBM TDS changelog, that's another possibility.
> 3. I am trying to sync the password with LDAP userPassword but with no
> success , unless i made it a virtual property but it will be a clear
> text in
> admin console....
You need to select the LDAPPasswordSyncActions class, for the LDAP
SyncTask you are working with (you are on 1.2, right?).
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF Committer
http://home.apache.org/~ilgrosso/
Re: Why LDAP external users are also saved at Syncope DB
Posted by Nisreen <ni...@sts.com.jo>.
Thanks for your reply ,,,
Well, i have three problems,
1. the first one is that there will be a large number of users, more than
a million, will syncope be able to handle such a large number considering
performance issues,,,,
2. I am connecting to IBM TDS ldap, where the LDAP connid bundle, dose not
support SYNC operations, hence, everytime i run the sync task, all LDAP
entries will be synced which will be a great performance issue, correct me
if i am wrong please, plus if any one deleted a person from the LDAP, no way
to tell syncope about this!!
3. I am trying to sync the password with LDAP userPassword but with no
success , unless i made it a virtual property but it will be a clear text in
admin console....
Do you have any recommendations or suggestions for my problems,,,,
Thanx in advance,,,
--
View this message in context: http://syncope-user.1051894.n5.nabble.com/Why-LDAP-external-users-are-also-saved-at-Syncope-DB-tp5708401p5708405.html
Sent from the syncope-user mailing list archive at Nabble.com.
Re: Why LDAP external users are also saved at Syncope DB
Posted by ilgrosso <il...@apache.org>.
Hi,
you cannot avoid storing users into the Syncope's internal storage (e.g.
database).
You might, however, empower virtual attributes to minimize the occupancy:
see this other thread [1] for more information.
Regards.
[1]
http://syncope-user.1051894.n5.nabble.com/Virtual-Attributes-td5708402.html
--
View this message in context: http://syncope-user.1051894.n5.nabble.com/Why-LDAP-external-users-are-also-saved-at-Syncope-DB-tp5708401p5708404.html
Sent from the syncope-user mailing list archive at Nabble.com.