Il giorno 22/apr/2013, alle ore 15.33, Nik ha scritto: > Here is another issue Fabio, > > - create a new User->Normal syncope attribute called groups (see > Selection_112.png) > - Resources > -> uforge_resource > -> User mapping > add USER | UserSchema | groups | ldapGroups | .... | BOTH as you > suggested (see Selection_113.png) > "Save"
As per the previous email .... really strange behavior. Btw, looking at your attachments I can see three mappings for groups attribute (two perfectly equals). > - Resources > -> uforge_resource > -> User mapping. The change is no longer there! (see Selection_114.png) > > WRT to suggestion GROUP | RoleSchema | groupDN | ldapGroups | ... | BOTH For roles, you don't need to propagate ldapGroups. It has to be used just for memberships and not for role provisioning. You have to remove ldapGroups items from Rolle Mapping. > There is no "Entity" category GROUP in the standalone 1.1.0 "schema or user" > sections that I have. (see Selection_115.png) > So I try > ROLE | RoleSchema | groupDN | ldapGroups | ... | BOTH (see Selection_116.png) > but after the save it disappears like the USER data. > > > rgds, > Nik > >> Now, let's suppose to have a group on your OpenDJ, with DN "cn=groupA,o=isp" >> (created by syncope or not). >> In order to create a membership with this group you have to propagate user >> info with ldapGroups valued with that DN. >> To propagate ldapGroups you have to define a specific mapping for this >> special attribute. To the user mapping defined for your OpenDJ resource add >> one for ldapGroups. >> For example, if you have a user attribute storing membership information >> (may be a specific user schema called "groups") you'll have: >> >> USER | UserSchema | groups | ldapGroups | .... | BOTH >> >> Please, consider that you can map a group/membership attribute as well. >> Usually I create a specific group schema (let me call it "groupDN") and than >> I add map for it into user mapping. Ex: >> >> GROUP | RoleSchema | groupDN | ldapGroups | ... | BOTH >> >> In this way, I can specify a value for multivalued ldapGroups just adding >> one or more syncope role to the user. >> >> > > <Selection_116.png><Selection_115.png><Selection_114.png><Selection_113.png><Selection_112.png>
