You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2016/07/06 11:48:37 UTC
Re: Dynamic Groups/Roles
Thanks for the explanation Francesco, I can see how this could be a useful
feature.
Using the default standalone server, I created a new group with dynamic
user assignment "ATTRIBUTE, gender, ==, M". When I look at the membership
of the group, I only see "Bellini". However the other users (e.g. Verdi)
also have gender "M". Is there a reason why it is only adding one user to
the group?
Colm.
On Wed, Jun 29, 2016 at 7:32 AM, Francesco Chicchiriccò <ilgrosso@apache.org
> wrote:
> On 28 June 2016 18:47:23 CEST, Colm O hEigeartaigh <co...@apache.org>
> wrote:
> >Hi all,
> >
> >Just a quick question - could someone outline to me a basic use-case
> >for
> >dynamic groups/roles in 2.0.0? There is nothing on the wiki about this
> >new
> >feature....
>
> Hi Colm,
> the idea is to include such information (and more about new and old
> features) in the reference guide, which looks to me as the biggest effort
> remaining before 2.0.0 - and help is highly appreciated ;-)
> Once done, we will also need to discuss about reorganizing the wiki to
> coexist with it.
>
> Anyway, think about the case in which you have a "department" attribute
> for users - pulled by Active Directory for example. You can easily select
> HR or IT department users in a dynamic group (for propagation onto an
> external db) or in a dynamic role (for delegated administration via
> console).
>
> But this is just a bare sample, maybe others can come with more.
>
> AFAIR such feature originated from COS templates in Sun Directory Server.
>
> Regards.
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Involved at The Apache Software Foundation:
> member, Syncope PMC chair, Cocoon PMC, Olingo PMC,
> CXF Committer, OpenJPA Committer
> http://home.apache.org/~ilgrosso/
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Dynamic Groups/Roles
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 06/07/2016 17:15, Colm O hEigeartaigh wrote:
> Ah, you're right. The problem is actually that when you edit a user + look
> at a drop down list attribute, it shows the first value even if the user
> doesn't have that value. So if you edit "Verdi", it shows "M" as the
> Gender, but this only takes effect if you finish editing the user. I think
> instead a drop down list value should remain blank until a value is
> actually specified, WDYT?
I would say that this should depend on whether the related schema is set
to be mandatory or not.
In Wicket terms, the related DropDownChoice component needs to have the
setNullValid() set to false only if the mandatoryCondition on the
related schema is 'true'.
I'd say we need an issue on JIRA for this.
Regards.
> On Wed, Jul 6, 2016 at 3:57 PM, Francesco Chicchiricc� <il...@apache.org>
> wrote:
>
>> On 06/07/2016 13:48, Colm O hEigeartaigh wrote:
>>
>>> Thanks for the explanation Francesco, I can see how this could be a useful
>>> feature.
>>>
>>> Using the default standalone server, I created a new group with dynamic
>>> user assignment "ATTRIBUTE, gender, ==, M". When I look at the membership
>>> of the group, I only see "Bellini". However the other users (e.g. Verdi)
>>> also have gender "M". Is there a reason why it is only adding one user to
>>> the group?
>>>
>> Hi Colm,
>> within test data, only Bellini has the gender attribute with value 'M';
>> other users don't have any value for it.
>>
>> Regards.
>>
>>
>> On Wed, Jun 29, 2016 at 7:32 AM, Francesco Chicchiricc� <
>>> ilgrosso@apache.org> wrote:
>>>
>>> On 28 June 2016 18:47:23 CEST, Colm O hEigeartaigh <co...@apache.org>
>>>> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> Just a quick question - could someone outline to me a basic use-case
>>>>> for
>>>>> dynamic groups/roles in 2.0.0? There is nothing on the wiki about this
>>>>> new
>>>>> feature....
>>>>>
>>>> Hi Colm,
>>>> the idea is to include such information (and more about new and old
>>>> features) in the reference guide, which looks to me as the biggest effort
>>>> remaining before 2.0.0 - and help is highly appreciated ;-)
>>>> Once done, we will also need to discuss about reorganizing the wiki to
>>>> coexist with it.
>>>>
>>>> Anyway, think about the case in which you have a "department" attribute
>>>> for users - pulled by Active Directory for example. You can easily select
>>>> HR or IT department users in a dynamic group (for propagation onto an
>>>> external db) or in a dynamic role (for delegated administration via
>>>> console).
>>>>
>>>> But this is just a bare sample, maybe others can come with more.
>>>>
>>>> AFAIR such feature originated from COS templates in Sun Directory Server.
>>>>
>>>> Regards.
--
Francesco Chicchiricc�
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC,
CXF Committer, OpenJPA Committer, PonyMail PPMC
http://home.apache.org/~ilgrosso/
Re: Dynamic Groups/Roles
Posted by Colm O hEigeartaigh <co...@apache.org>.
Ah, you're right. The problem is actually that when you edit a user + look
at a drop down list attribute, it shows the first value even if the user
doesn't have that value. So if you edit "Verdi", it shows "M" as the
Gender, but this only takes effect if you finish editing the user. I think
instead a drop down list value should remain blank until a value is
actually specified, WDYT?
Colm.
On Wed, Jul 6, 2016 at 3:57 PM, Francesco Chicchiriccò <il...@apache.org>
wrote:
> On 06/07/2016 13:48, Colm O hEigeartaigh wrote:
>
>> Thanks for the explanation Francesco, I can see how this could be a useful
>> feature.
>>
>> Using the default standalone server, I created a new group with dynamic
>> user assignment "ATTRIBUTE, gender, ==, M". When I look at the membership
>> of the group, I only see "Bellini". However the other users (e.g. Verdi)
>> also have gender "M". Is there a reason why it is only adding one user to
>> the group?
>>
>
> Hi Colm,
> within test data, only Bellini has the gender attribute with value 'M';
> other users don't have any value for it.
>
> Regards.
>
>
> On Wed, Jun 29, 2016 at 7:32 AM, Francesco Chicchiriccò <
>> ilgrosso@apache.org> wrote:
>>
>> On 28 June 2016 18:47:23 CEST, Colm O hEigeartaigh <co...@apache.org>
>>> wrote:
>>>
>>>> Hi all,
>>>>
>>>> Just a quick question - could someone outline to me a basic use-case
>>>> for
>>>> dynamic groups/roles in 2.0.0? There is nothing on the wiki about this
>>>> new
>>>> feature....
>>>>
>>> Hi Colm,
>>> the idea is to include such information (and more about new and old
>>> features) in the reference guide, which looks to me as the biggest effort
>>> remaining before 2.0.0 - and help is highly appreciated ;-)
>>> Once done, we will also need to discuss about reorganizing the wiki to
>>> coexist with it.
>>>
>>> Anyway, think about the case in which you have a "department" attribute
>>> for users - pulled by Active Directory for example. You can easily select
>>> HR or IT department users in a dynamic group (for propagation onto an
>>> external db) or in a dynamic role (for delegated administration via
>>> console).
>>>
>>> But this is just a bare sample, maybe others can come with more.
>>>
>>> AFAIR such feature originated from COS templates in Sun Directory Server.
>>>
>>> Regards.
>>>
>>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Involved at The Apache Software Foundation:
> member, Syncope PMC chair, Cocoon PMC, Olingo PMC,
> CXF Committer, OpenJPA Committer, PonyMail PPMC
> http://home.apache.org/~ilgrosso/
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Dynamic Groups/Roles
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 06/07/2016 13:48, Colm O hEigeartaigh wrote:
> Thanks for the explanation Francesco, I can see how this could be a useful
> feature.
>
> Using the default standalone server, I created a new group with dynamic
> user assignment "ATTRIBUTE, gender, ==, M". When I look at the membership
> of the group, I only see "Bellini". However the other users (e.g. Verdi)
> also have gender "M". Is there a reason why it is only adding one user to
> the group?
Hi Colm,
within test data, only Bellini has the gender attribute with value 'M';
other users don't have any value for it.
Regards.
> On Wed, Jun 29, 2016 at 7:32 AM, Francesco Chicchiricc� <il...@apache.org> wrote:
>
>> On 28 June 2016 18:47:23 CEST, Colm O hEigeartaigh <co...@apache.org>
>> wrote:
>>> Hi all,
>>>
>>> Just a quick question - could someone outline to me a basic use-case
>>> for
>>> dynamic groups/roles in 2.0.0? There is nothing on the wiki about this
>>> new
>>> feature....
>> Hi Colm,
>> the idea is to include such information (and more about new and old
>> features) in the reference guide, which looks to me as the biggest effort
>> remaining before 2.0.0 - and help is highly appreciated ;-)
>> Once done, we will also need to discuss about reorganizing the wiki to
>> coexist with it.
>>
>> Anyway, think about the case in which you have a "department" attribute
>> for users - pulled by Active Directory for example. You can easily select
>> HR or IT department users in a dynamic group (for propagation onto an
>> external db) or in a dynamic role (for delegated administration via
>> console).
>>
>> But this is just a bare sample, maybe others can come with more.
>>
>> AFAIR such feature originated from COS templates in Sun Directory Server.
>>
>> Regards.
--
Francesco Chicchiricc�
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC,
CXF Committer, OpenJPA Committer, PonyMail PPMC
http://home.apache.org/~ilgrosso/