You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Ramón González <rg...@itera.com.do> on 2019/07/26 00:31:02 UTC
Update user info in Active Directory from SQL Server
Hello,
An HR department uses an app to manage employee info such as manager,
position, phone number, cellphone, birthday, emergency contact, etc. This
info is stored in *SQL Server.*
Is it possible to update user info in *Active Directory (AD)* from SQL
Server?
Right now, user info is updated in SQL Server but is outdated in AD.
Thanks in advance.
Regards,
RG
Re: Update user info in Active Directory from SQL Server
Posted by Ramón González <rg...@itera.com.do>.
Thanks, guys.
On Fri, Jul 26, 2019 at 3:42 AM Andrea Patricelli <
andreapatricelli@apache.org> wrote:
> P.S.
>
> Sorry, the link [1] is referring to the first row of the response ;)
> " Syncope can do the work for you if rightly setup and configured."
>
> Best regards,
> Andrea
> Il 26/07/19 09:40, Andrea Patricelli ha scritto:
>
> Hi Ramón González,
>
> Definitely what Tavernt said. Syncope can do the work for you if rightly
> setup and configured.
>
> Here are some references:
> - To setup a Syncope environment [2]
> - To configure a (source) SQL server connector and resource through
> Database table or Scripted SQL connector [3] [4] and an Active Directory
> (destination) connector and resource [5].
>
> Once configured resources, you have to pull [6] users into Syncope and
> define some logic in Java or Groovy (the business rules addressed by
> Tavernt), i.e. [7], if you need to make so processing before sending users
> to AD resource. While pulling you can automatically assign, in different
> ways, users to AD and link Syncope users to SQL server and AD.
> Moreover, once users have assigned AD and SQL server resources, at each
> change, Syncope takes care of synchronizing entities towards resources. To
> have an idea of what a pull task is and how to configure (also scheduling)
> it, please take a look at [8].
>
> Thanks also to Tavernt for the precise overview of the whole flow.
>
> Best regards,
> Andrea
>
> [1]
> https://syncope.apache.org/docs/2.1/reference-guide.html#identity-stores
> [2]
> <https://syncope.apache.org/docs/2.1/reference-guide.html#identity-stores>
> https://syncope.apache.org/docs/2.1/getting-started#obtain-apache-syncope
> [3]
> <https://syncope.apache.org/docs/2.1/getting-started#obtain-apache-syncope>
> https://syncope.apache.org/docs/2.1/reference-guide.html#connector-bundles
> [4]
> <https://syncope.apache.org/docs/2.1/reference-guide.html#connector-bundles>
> https://connid.atlassian.net/wiki/spaces/BASE/pages/5570562/Database
> [5] <https://connid.atlassian.net/wiki/spaces/BASE/pages/5570562/Database>
> https://connid.atlassian.net/wiki/spaces/BASE/pages/360482/Active+Directory+JNDI
> [6]
> <https://connid.atlassian.net/wiki/spaces/BASE/pages/360482/Active+Directory+JNDI>
> https://syncope.apache.org/docs/2.1/reference-guide.html#provisioning-pull
> [7]
> <https://syncope.apache.org/docs/2.1/reference-guide.html#provisioning-pull>
> https://syncope.apache.org/docs/2.1/reference-guide.html#pullactions
> [8] <https://syncope.apache.org/docs/2.1/reference-guide.html#pullactions>
> https://syncope.apache.org/docs/2.1/reference-guide.html#tasks-pull
> Il 26/07/19 09:13, Tavernt Muchenje ha scritto:
>
> Hi RG,
>
>
>
> Yes, that’s the role of IdM to provision users/account to downstream
> systems (AD in this case).
>
> Apache Syncope can easily be configured to read and pull users from SQL
> server DB and apply some business rules before creating the users in AD.
>
>
>
> In addition you can schedule how often you need to check for user changes
> in SQL.
>
>
>
> Cheers
>
>
>
>
>
> ---
>
> [image: signature_1995866963]
>
> Tavernt J. Muchenje (MBA, CCSP, CISSP)
>
> Managing Director | Enterprise Security Architect
>
> I’CURITY SOLUTIONS (PTY) LTD
>
> M: +27 (0)72 727 8371
>
> W: www.icurity.co.za
>
> BEE: Level 1
>
>
>
>
>
> *From: *Ramón González <rg...@itera.com.do> <rg...@itera.com.do>
> *Reply-To: *<us...@syncope.apache.org> <us...@syncope.apache.org>
> *Date: *Friday, 26 July 2019 at 02:32
> *To: *<us...@syncope.apache.org> <us...@syncope.apache.org>
> *Subject: *Update user info in Active Directory from SQL Server
>
>
>
> Hello,
>
> An HR department uses an app to manage employee info such as manager,
> position, phone number, cellphone, birthday, emergency contact, etc. This
> info is stored in *SQL Server.*
>
> Is it possible to update user info in *Active Directory (AD)* from SQL
> Server?
>
>
>
> Right now, user info is updated in SQL Server but is outdated in AD.
>
>
>
> Thanks in advance.
>
>
>
> Regards,
>
> RG
>
>
>
>
>
>
>
>
>
> --
> Dott. Andrea Patricelli
> Tel. +39 3204524292
>
> Engineer @ Tirasa S.r.l.
> Viale Vittoria Colonna 97 - 65127 Pescara
> Tel +39 0859116307 / FAX +39 0859111173http://www.tirasa.net
>
> Apache Syncope PMC Member
>
> --
> Dott. Andrea Patricelli
> Tel. +39 3204524292
>
> Engineer @ Tirasa S.r.l.
> Viale Vittoria Colonna 97 - 65127 Pescara
> Tel +39 0859116307 / FAX +39 0859111173http://www.tirasa.net
>
> Apache Syncope PMC Member
>
>
Re: Update user info in Active Directory from SQL Server
Posted by Andrea Patricelli <an...@apache.org>.
P.S.
Sorry, the link [1] is referring to the first row of the response ;)
" Syncope can do the work for you if rightly setup and configured."
Best regards,
Andrea
Il 26/07/19 09:40, Andrea Patricelli ha scritto:
>
> Hi Ramón González,
>
> Definitely what Tavernt said. Syncope can do the work for you if
> rightly setup and configured.
>
> Here are some references:
> - To setup a Syncope environment [2]
> - To configure a (source) SQL server connector and resource through
> Database table or Scripted SQL connector [3] [4] and an Active
> Directory (destination) connector and resource [5].
>
> Once configured resources, you have to pull [6] users into Syncope and
> define some logic in Java or Groovy (the business rules addressed by
> Tavernt), i.e. [7], if you need to make so processing before sending
> users to AD resource. While pulling you can automatically assign, in
> different ways, users to AD and link Syncope users to SQL server and AD.
> Moreover, once users have assigned AD and SQL server resources, at
> each change, Syncope takes care of synchronizing entities towards
> resources. To have an idea of what a pull task is and how to
> configure (also scheduling) it, please take a look at [8].
>
> Thanks also to Tavernt for the precise overview of the whole flow.
>
> Best regards,
> Andrea
>
> [1]
> https://syncope.apache.org/docs/2.1/reference-guide.html#identity-stores
> [2]
> https://syncope.apache.org/docs/2.1/getting-started#obtain-apache-syncope
> [3]
> https://syncope.apache.org/docs/2.1/reference-guide.html#connector-bundles
> [4] https://connid.atlassian.net/wiki/spaces/BASE/pages/5570562/Database
> [5]
> https://connid.atlassian.net/wiki/spaces/BASE/pages/360482/Active+Directory+JNDI
> [6]
> https://syncope.apache.org/docs/2.1/reference-guide.html#provisioning-pull
> [7] https://syncope.apache.org/docs/2.1/reference-guide.html#pullactions
> [8] https://syncope.apache.org/docs/2.1/reference-guide.html#tasks-pull
>
> Il 26/07/19 09:13, Tavernt Muchenje ha scritto:
>>
>> Hi RG,
>>
>> Yes, that’s the role of IdM to provision users/account to downstream
>> systems (AD in this case).
>>
>> Apache Syncope can easily be configured to read and pull users from
>> SQL server DB and apply some business rules before creating the users
>> in AD.
>>
>> In addition you can schedule how often you need to check for user
>> changes in SQL.
>>
>> Cheers
>>
>> ---
>>
>> signature_1995866963
>>
>>
>>
>> Tavernt J. Muchenje (MBA, CCSP, CISSP)
>>
>> Managing Director | Enterprise Security Architect
>>
>> I’CURITY SOLUTIONS (PTY) LTD
>>
>> M: +27 (0)72 727 8371
>>
>> W: www.icurity.co.za <http://www.icurity.co.za>
>>
>> BEE: Level 1
>>
>> *From: *Ramón González <rg...@itera.com.do>
>> *Reply-To: *<us...@syncope.apache.org>
>> *Date: *Friday, 26 July 2019 at 02:32
>> *To: *<us...@syncope.apache.org>
>> *Subject: *Update user info in Active Directory from SQL Server
>>
>> Hello,
>>
>> An HR department uses an app to manage employee info such as manager,
>> position, phone number, cellphone, birthday, emergency contact, etc.
>> This info is stored in *SQL Server.*
>>
>> Is it possible to update user info in *Active Directory (AD)* from
>> SQL Server?
>>
>> Right now, user info is updated in SQL Server but is outdated in AD.
>>
>> Thanks in advance.
>>
>> Regards,
>>
>> RG
>>
> --
> Dott. Andrea Patricelli
> Tel. +39 3204524292
>
> Engineer @ Tirasa S.r.l.
> Viale Vittoria Colonna 97 - 65127 Pescara
> Tel +39 0859116307 / FAX +39 0859111173
> http://www.tirasa.net
>
> Apache Syncope PMC Member
--
Dott. Andrea Patricelli
Tel. +39 3204524292
Engineer @ Tirasa S.r.l.
Viale Vittoria Colonna 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
Re: Update user info in Active Directory from SQL Server
Posted by Andrea Patricelli <an...@apache.org>.
Hi Ramón González,
Definitely what Tavernt said. Syncope can do the work for you if rightly
setup and configured.
Here are some references:
- To setup a Syncope environment [2]
- To configure a (source) SQL server connector and resource through
Database table or Scripted SQL connector [3] [4] and an Active Directory
(destination) connector and resource [5].
Once configured resources, you have to pull [6] users into Syncope and
define some logic in Java or Groovy (the business rules addressed by
Tavernt), i.e. [7], if you need to make so processing before sending
users to AD resource. While pulling you can automatically assign, in
different ways, users to AD and link Syncope users to SQL server and AD.
Moreover, once users have assigned AD and SQL server resources, at each
change, Syncope takes care of synchronizing entities towards resources.
To have an idea of what a pull task is and how to configure (also
scheduling) it, please take a look at [8].
Thanks also to Tavernt for the precise overview of the whole flow.
Best regards,
Andrea
[1] https://syncope.apache.org/docs/2.1/reference-guide.html#identity-stores
[2]
https://syncope.apache.org/docs/2.1/getting-started#obtain-apache-syncope
[3]
https://syncope.apache.org/docs/2.1/reference-guide.html#connector-bundles
[4] https://connid.atlassian.net/wiki/spaces/BASE/pages/5570562/Database
[5]
https://connid.atlassian.net/wiki/spaces/BASE/pages/360482/Active+Directory+JNDI
[6]
https://syncope.apache.org/docs/2.1/reference-guide.html#provisioning-pull
[7] https://syncope.apache.org/docs/2.1/reference-guide.html#pullactions
[8] https://syncope.apache.org/docs/2.1/reference-guide.html#tasks-pull
Il 26/07/19 09:13, Tavernt Muchenje ha scritto:
>
> Hi RG,
>
> Yes, that’s the role of IdM to provision users/account to downstream
> systems (AD in this case).
>
> Apache Syncope can easily be configured to read and pull users from
> SQL server DB and apply some business rules before creating the users
> in AD.
>
> In addition you can schedule how often you need to check for user
> changes in SQL.
>
> Cheers
>
> ---
>
> signature_1995866963
>
>
>
> Tavernt J. Muchenje (MBA, CCSP, CISSP)
>
> Managing Director | Enterprise Security Architect
>
> I’CURITY SOLUTIONS (PTY) LTD
>
> M: +27 (0)72 727 8371
>
> W: www.icurity.co.za <http://www.icurity.co.za>
>
> BEE: Level 1
>
> *From: *Ramón González <rg...@itera.com.do>
> *Reply-To: *<us...@syncope.apache.org>
> *Date: *Friday, 26 July 2019 at 02:32
> *To: *<us...@syncope.apache.org>
> *Subject: *Update user info in Active Directory from SQL Server
>
> Hello,
>
> An HR department uses an app to manage employee info such as manager,
> position, phone number, cellphone, birthday, emergency contact, etc.
> This info is stored in *SQL Server.*
>
> Is it possible to update user info in *Active Directory (AD)* from SQL
> Server?
>
> Right now, user info is updated in SQL Server but is outdated in AD.
>
> Thanks in advance.
>
> Regards,
>
> RG
>
--
Dott. Andrea Patricelli
Tel. +39 3204524292
Engineer @ Tirasa S.r.l.
Viale Vittoria Colonna 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
Re: Update user info in Active Directory from SQL Server
Posted by Tavernt Muchenje <ta...@icurity.co.za>.
Hi RG,
Yes, that’s the role of IdM to provision users/account to downstream systems (AD in this case).
Apache Syncope can easily be configured to read and pull users from SQL server DB and apply some business rules before creating the users in AD.
In addition you can schedule how often you need to check for user changes in SQL.
Cheers
---
Tavernt J. Muchenje (MBA, CCSP, CISSP)Managing Director | Enterprise Security ArchitectI’CURITY SOLUTIONS (PTY) LTDM: +27 (0)72 727 8371W: www.icurity.co.zaBEE: Level 1
From: Ramón González <rg...@itera.com.do>
Reply-To: <us...@syncope.apache.org>
Date: Friday, 26 July 2019 at 02:32
To: <us...@syncope.apache.org>
Subject: Update user info in Active Directory from SQL Server
Hello,
An HR department uses an app to manage employee info such as manager, position, phone number, cellphone, birthday, emergency contact, etc. This info is stored in SQL Server.
Is it possible to update user info in Active Directory (AD) from SQL Server?
Right now, user info is updated in SQL Server but is outdated in AD.
Thanks in advance.
Regards,
RG