You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@syncope.apache.org by Alan Evans <al...@gmail.com> on 2015/04/01 00:39:56 UTC

Dealing with many resources

I am going to end up with maybe a dozen resources and some parts of the
schema are going to be unique to each resource.  Instead of having a bunch
of different derrived attributes is there a better way of dealing with
similar but distinct attributes?

That's not clear, let me provide an example.

Consider that I might have 3 instances of Active Directory.  Instead of
defining 5 different "userPrincipalName" attributes

ad1userPrincipalName = username + '@ad1.example.com'
ad2userPrincipalName = username + '@ad2.example.com'
ad3userPrincipalName = username + '@ad3.example.com'

And then in the user attribute map defining userPrincipalName =
ad1userPrincipalName for the resource AD1 and so on.

For a derrived attribute is there a way to define the domain outside of the
attribute?  On the reousrce perhaps?

So the derrived attribute looks like:
userPrincipalName = username + '@' + resource.domainname

Regards,
-Alan

Re: Dealing with many resources

Posted by Marco Di Sabatino Di Diodoro <ma...@tirasa.net>.

Il 01/04/2015 00:39, Alan Evans ha scritto:
> I am going to end up with maybe a dozen resources and some parts of 
> the schema are going to be unique to each resource.  Instead of having 
> a bunch of different derrived attributes is there a better way of 
> dealing with similar but distinct attributes?
The easiest way to satisfy your requirement is to use derived 
attributes, like you're doing.
>
> That's not clear, let me provide an example.
>
> Consider that I might have 3 instances of Active Directory.  Instead 
> of defining 5 different "userPrincipalName" attributes
>
> ad1userPrincipalName = username + '@ad1.example.com 
> <http://ad1.example.com>'
> ad2userPrincipalName = username + '@ad2.example.com 
> <http://ad2.example.com>'
> ad3userPrincipalName = username + '@ad3.example.com 
> <http://ad3.example.com>'
>
> And then in the user attribute map defining userPrincipalName = 
> ad1userPrincipalName for the resource AD1 and so on.
>
> For a derrived attribute is there a way to define the domain outside 
> of the attribute?  On the reousrce perhaps?
>
You can't read the parameters of a resource with Jexl.

> So the derrived attribute looks like:
> userPrincipalName = username + '@' + resource.domainname

Below another possible solution:

if you don't like defining different n userPrincipalName for every 
resource, you can work with a PropagationActionClass [1].

1) Create a new user attribute (normal/virtual).
2) Add the attribute to each resource mapping

[InternalMapping] userPrincipalName --> [ExternalMapping] 
userPrincipalName -->  [Scope] Propagation

3) In your PropagationAction class, ovveride the method "before" 
andbuildyour userPrincipalName for the resource X.

If the domain name (ad1.example.com <http://ad1.example.com>) is an 
information present on your resource/connector configuration (like host, 
resource name, etc etc), you can read the parameters with

task.getResource()  for resource parameters
task.getResource().getConnector() for connector parameters

4)Build your userPrincipalName

Set<Attribute> attributes = new HashSet<Attribute>(task.getAttributes())

String userPrincipalName = ...
...
Attribute userPrincipaleNameAttribute = 
AttributeBuilder.build("userPrincipalName", userPrincipalName);
...
attributes.add(userPrincipalNameAttribute);
task.setAttributes(attributes)


Let me know what you think.
Regards
Marco


[1] 
https://cwiki.apache.org/confluence/display/SYNCOPE/PropagationActionsClass

>
> Regards,
> -Alan

-- 
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570

Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net

Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/