[prev in list] [next in list] [prev in thread] [next in thread] 

List:       forgerock-openidm
Subject:    Re: [OpenIDM] Role provisioning to MySQL with ScriptedSQL
From:       Laurent Bristiel <laurent.bristiel () forgerock ! com>
Date:       2015-03-13 15:59:06
Message-ID: 035A3DAD-3E34-4281-B1DC-90722586A89F () forgerock ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi,

to manages the links between source and target and decide which ones match, you have \
to use correlation queries. See the integrator's guide section: \
http://openidm.forgerock.org/doc/bootstrap/integrators-guide/index.html#correlation \
<http://openidm.forgerock.org/doc/bootstrap/integrators-guide/index.html#correlation>

Laurent

> On 12 Mar 2015, at 16:37, Fabien <fdemarest@deloitte.com> wrote:
> 
> That particular problem has now been fixed. I had indeed used the wrong
> property name, not in the provisioner but in the groovy scripts...thanks!
> 
> Working code :
> createAttributes.hasAttribute("role") =>
> createAttributes.hasAttribute("*_id*")...
> 
> So basically, creating the entries in the DB kind of works now.
> But there are some problems with the configuration. I'll try to deal with
> each issue one by one.
> 
> Here is the first one :
> 
> Let's say I have 1 managed/role in OpenIDM.
> On the very first reconciliation run, a role entry is created in the DB but
> not properly linked (considered "missing"). If I change the "missing" policy
> to create, a second identical entry is created on the DB, and that entry is
> now correctly linked to OpenIDM. Any other new roles after that first one
> are properly linked.
> 
> I think the scripts work on the "id" of the DB table instead of looking for
> identical role names. How can I change this? 
> 
> -------
> By the way, there is NO link between managed/role and managed/user at the
> moment in the DB, I intend to keep it this way till provisioning of both
> object types (users, roles) works fine. In the end, the objective is to link
> users with their user_id to roles with roles_id in a third table like an
> array. In a way, it is a mix between the groups and organizations tables of
> sample3. I do have some trouble implementing this within the groovy scripts.
> 
> 
> 
> --
> View this message in context: \
> http://openidm-users.989380.n3.nabble.com/OpenIDM-Role-provisioning-to-MySQL-with-ScriptedSQL-tp4028129p4028133.html
>  Sent from the OpenIDM Users mailing list archive at Nabble.com.
> _______________________________________________
> OpenIDM mailing list
> OpenIDM@forgerock.org
> https://lists.forgerock.org/mailman/listinfo/openidm


[Attachment #5 (unknown)]

<html><head><meta http-equiv="Content-Type" content="text/html \
charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: \
space; -webkit-line-break: after-white-space;" class=""><div class="">Hi,</div><div \
class=""><br class=""></div><div class="">to manages the links between source and \
target and decide which ones match, you have to use correlation queries.</div><div \
class="">See the integrator's guide section:&nbsp;<a \
href="http://openidm.forgerock.org/doc/bootstrap/integrators-guide/index.html#correlation" \
class="">http://openidm.forgerock.org/doc/bootstrap/integrators-guide/index.html#correlation</a></div><div \
class=""><br class=""></div><div class="">Laurent</div><br class=""><div><blockquote \
type="cite" class=""><div class="">On 12 Mar 2015, at 16:37, Fabien &lt;<a \
href="mailto:fdemarest@deloitte.com" class="">fdemarest@deloitte.com</a>&gt; \
wrote:</div><br class="Apple-interchange-newline"><div class="">That particular \
problem has now been fixed. I had indeed used the wrong<br class="">property name, \
not in the provisioner but in the groovy scripts...thanks!<br class=""><br \
class="">Working code :<br class="">createAttributes.hasAttribute("role") =&gt;<br \
class="">createAttributes.hasAttribute("*_id*")...<br class=""><br class="">So \
basically, creating the entries in the DB kind of works now.<br class="">But there \
are some problems with the configuration. I'll try to deal with<br class="">each \
issue one by one.<br class=""><br class="">Here is the first one :<br class=""><br \
class="">Let's say I have 1 managed/role in OpenIDM.<br class="">On the very first \
reconciliation run, a role entry is created in the DB but<br class="">not properly \
linked (considered "missing"). If I change the "missing" policy<br class="">to \
create, a second identical entry is created on the DB, and that entry is<br \
class="">now correctly linked to OpenIDM. Any other new roles after that first one<br \
class="">are properly linked.<br class=""><br class="">I think the scripts work on \
the "id" of the DB table instead of looking for<br class="">identical role names. How \
can I change this? <br class=""><br class="">-------<br class="">By the way, there is \
NO link between managed/role and managed/user at the<br class="">moment in the DB, I \
intend to keep it this way till provisioning of both<br class="">object types (users, \
roles) works fine. In the end, the objective is to link<br class="">users with their \
user_id to roles with roles_id in a third table like an<br class="">array. In a way, \
it is a mix between the groups and organizations tables of<br class="">sample3. I do \
have some trouble implementing this within the groovy scripts.<br class=""><br \
class=""><br class=""><br class="">--<br class="">View this message in context: <a \
href="http://openidm-users.989380.n3.nabble.com/OpenIDM-Role-provisioning-to-MySQL-with-ScriptedSQL-tp4028129p4028133.html" \
class="">http://openidm-users.989380.n3.nabble.com/OpenIDM-Role-provisioning-to-MySQL-with-ScriptedSQL-tp4028129p4028133.html</a><br \
class="">Sent from the OpenIDM Users mailing list archive at <a \
href="http://Nabble.com" class="">Nabble.com</a>.<br \
class="">_______________________________________________<br class="">OpenIDM mailing \
list<br class=""><a href="mailto:OpenIDM@forgerock.org" \
class="">OpenIDM@forgerock.org</a><br \
class="">https://lists.forgerock.org/mailman/listinfo/openidm<br \
class=""></div></blockquote></div><br class=""></body></html>



_______________________________________________
OpenIDM mailing list
OpenIDM@forgerock.org
https://lists.forgerock.org/mailman/listinfo/openidm


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic