You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Alan Evans <al...@gmail.com> on 2015/04/01 00:39:56 UTC
Dealing with many resources
I am going to end up with maybe a dozen resources and some parts of the
schema are going to be unique to each resource. Instead of having a bunch
of different derrived attributes is there a better way of dealing with
similar but distinct attributes?
That's not clear, let me provide an example.
Consider that I might have 3 instances of Active Directory. Instead of
defining 5 different "userPrincipalName" attributes
ad1userPrincipalName = username + '@ad1.example.com'
ad2userPrincipalName = username + '@ad2.example.com'
ad3userPrincipalName = username + '@ad3.example.com'
And then in the user attribute map defining userPrincipalName =
ad1userPrincipalName for the resource AD1 and so on.
For a derrived attribute is there a way to define the domain outside of the
attribute? On the reousrce perhaps?
So the derrived attribute looks like:
userPrincipalName = username + '@' + resource.domainname
Regards,
-Alan
Re: Dealing with many resources
Posted by Marco Di Sabatino Di Diodoro <ma...@tirasa.net>.
Il 01/04/2015 00:39, Alan Evans ha scritto:
> I am going to end up with maybe a dozen resources and some parts of
> the schema are going to be unique to each resource. Instead of having
> a bunch of different derrived attributes is there a better way of
> dealing with similar but distinct attributes?
The easiest way to satisfy your requirement is to use derived
attributes, like you're doing.
>
> That's not clear, let me provide an example.
>
> Consider that I might have 3 instances of Active Directory. Instead
> of defining 5 different "userPrincipalName" attributes
>
> ad1userPrincipalName = username + '@ad1.example.com
> <http://ad1.example.com>'
> ad2userPrincipalName = username + '@ad2.example.com
> <http://ad2.example.com>'
> ad3userPrincipalName = username + '@ad3.example.com
> <http://ad3.example.com>'
>
> And then in the user attribute map defining userPrincipalName =
> ad1userPrincipalName for the resource AD1 and so on.
>
> For a derrived attribute is there a way to define the domain outside
> of the attribute? On the reousrce perhaps?
>
You can't read the parameters of a resource with Jexl.
> So the derrived attribute looks like:
> userPrincipalName = username + '@' + resource.domainname
Below another possible solution:
if you don't like defining different n userPrincipalName for every
resource, you can work with a PropagationActionClass [1].
1) Create a new user attribute (normal/virtual).
2) Add the attribute to each resource mapping
[InternalMapping] userPrincipalName --> [ExternalMapping]
userPrincipalName --> [Scope] Propagation
3) In your PropagationAction class, ovveride the method "before"
andbuildyour userPrincipalName for the resource X.
If the domain name (ad1.example.com <http://ad1.example.com>) is an
information present on your resource/connector configuration (like host,
resource name, etc etc), you can read the parameters with
task.getResource() for resource parameters
task.getResource().getConnector() for connector parameters
4)Build your userPrincipalName
Set<Attribute> attributes = new HashSet<Attribute>(task.getAttributes())
String userPrincipalName = ...
...
Attribute userPrincipaleNameAttribute =
AttributeBuilder.build("userPrincipalName", userPrincipalName);
...
attributes.add(userPrincipalNameAttribute);
task.setAttributes(attributes)
Let me know what you think.
Regards
Marco
[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/PropagationActionsClass
>
> Regards,
> -Alan
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/