Displaying #apache-syncope/2015-08-26.log:

Wed Aug 26 06:26:24 2015  ilgrosso:Joined the channel
Wed Aug 26 08:42:04 2015  coheig:Joined the channel
Wed Aug 26 09:27:01 2015  ilgrosso_:Joined the channel
Wed Aug 26 09:28:16 2015  ilgrosso:Joined the channel
Wed Aug 26 09:43:10 2015  coheig:Hi guys. Just looking at the new UI (great job BTW) - is the task of synchronizing users implemented yet from the resources? I would have expected to see the users in the "Realms" section, or am I missing something?
Wed Aug 26 10:03:37 2015  ilgrosso:hi coheig
Wed Aug 26 10:03:54 2015  ilgrosso:you should check via REST if users are there
Wed Aug 26 10:04:20 2015  ilgrosso:marco is working to implement the realms section, which is completely empty ATM
Wed Aug 26 10:04:55 2015  svizzero81:Joined the channel
Wed Aug 26 10:04:56 2015  coheig:thanks ilgrosso...I'm just playing around with it.
Wed Aug 26 10:05:07 2015  ilgrosso:coheig: that's good :-)
Wed Aug 26 10:05:26 2015  coheig:Two questions for you if you have time
Wed Aug 26 10:06:08 2015  coheig:1) The common/client bundles are now jars on master. How open are you to the idea of revisting OSGi support for 2.0.0? It might be easier for core/console now that we're not dealing with wars
Wed Aug 26 10:08:05 2015  ilgrosso:About 1) sure, it's on my personal (and looong) TODO list - we also discussed this briefly a while ago http://markmail.org/message/uvbuor6e5ivzi2y5
Wed Aug 26 10:08:05 2015  ilgrosso:Should you have time for that - being me completely noob on the topic - it would be just great
Wed Aug 26 10:09:25 2015  coheig:ok I will revisit it + see what I can do
Wed Aug 26 10:11:43 2015  coheig:I deleted the Two* files from core/src/test/resources/domains + fired up the UI but I still see the option to select the "Two" domain...what am I missing here?
Wed Aug 26 10:12:23 2015  ilgrosso:yes: you should still see a row in the Domains table
Wed Aug 26 10:12:28 2015  ilgrosso:remove it
Wed Aug 26 10:13:22 2015  coheig:ok. Another Q. - core/src/test/resource/domains doesn't have MasterDomain.xml that core/src/main/resources/domains has?
Wed Aug 26 10:13:43 2015  ilgrosso:not needed, it's picked up from classpath
Wed Aug 26 10:13:51 2015  ilgrosso:(core-persistence-jpa.jar)
Wed Aug 26 10:14:07 2015  coheig:ok thanks.
Wed Aug 26 10:16:34 2015  coheig:How will domains work with the UI? If you have user A in resource X + resource Y (different domains), how will user A be represented in the UI?
Wed Aug 26 10:19:58 2015  ilgrosso:this is not the use case covered by domains
Wed Aug 26 10:20:10 2015  ilgrosso:each domain is a completely new Syncope instance
Wed Aug 26 10:20:19 2015  ilgrosso:as if you had two distinct deployments
Wed Aug 26 10:20:26 2015  ilgrosso:it is meant for *aaS
Wed Aug 26 10:27:04 2015  coheig:ah right ok. So a Syncope instance in one domain has no concept of the other domain?
Wed Aug 26 10:27:13 2015  ilgrosso:exactly
Wed Aug 26 10:27:42 2015  ilgrosso:each domain is even persisted on a distinct database (possibly on etherogeneous DBMS), with nothing in common
Wed Aug 26 10:30:12 2015  coheig:ok great thx
Wed Aug 26 10:46:11 2015  coheig:Is a realm associated with a resource? Or can you specify a realm in the backend resource per-user so that you can map users in the same resource to different realms?
Wed Aug 26 10:51:24 2015  ilgrosso:realms are not related to resources
Wed Aug 26 10:51:32 2015  ilgrosso:not directly, at least
Wed Aug 26 10:52:20 2015  ilgrosso:you can set, though, which is the destination realm for users, groups or any objects synchronized from resource
Wed Aug 26 10:52:33 2015  ilgrosso:realms are much like LDAP organizations
Wed Aug 26 10:53:08 2015  ilgrosso:a mean to enforce a hierarchy, and consequently to build the new security model (for delegation)
Wed Aug 26 10:53:26 2015  coheig:ok thanks.
Wed Aug 26 10:53:41 2015  ilgrosso:moreover, users, groups and any objects are contained in a realm and all subrealms
Wed Aug 26 10:54:05 2015  ilgrosso:not in two distinct realms from different hierarchies
Wed Aug 26 10:54:55 2015  coheig:looking at what's returned via the REST API for users, I notice there are memberships + roles. Were roles included before for 1.2.x or are they new here?
Wed Aug 26 10:56:05 2015  ilgrosso:roles in 2.0.0 are not what they used to be
Wed Aug 26 10:56:26 2015  ilgrosso:https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+Realms
Wed Aug 26 10:56:43 2015  ilgrosso:roles are now used to enforce security, old roles are now groups
Wed Aug 26 10:57:25 2015  ilgrosso:you can think that new roles took security off from old roles, realms took off hierarchy and groups took off the rest
Wed Aug 26 10:57:41 2015  ilgrosso:(attrbutes, resources,...)
Wed Aug 26 10:59:16 2015  coheig:ok thanks again.
Wed Aug 26 10:59:27 2015  ilgrosso:you're welcome :-)
Wed Aug 26 11:00:36 2015  coheig:So a Role confers the list of entitlements on all of the realms for that Role?
Wed Aug 26 11:01:00 2015  ilgrosso:no
Wed Aug 26 11:01:15 2015  ilgrosso:a role confers a set of entitlements to one or more realms
Wed Aug 26 11:01:24 2015  ilgrosso:(and al subrealms)
Wed Aug 26 11:01:37 2015  ilgrosso:a role does not have realm
Wed Aug 26 11:01:45 2015  ilgrosso:realms are only for users, groups and any objects
Wed Aug 26 11:01:55 2015  ilgrosso:e.g. the "managed" objects
Wed Aug 26 11:02:32 2015  coheig:ok I got it, I think :-)
Wed Aug 26 11:02:59 2015  coheig:In relationships, what is left/right?
Wed Aug 26 11:03:05 2015  coheig:Sorry memberships
Wed Aug 26 11:03:26 2015  ilgrosso:left and right are the two ends of the association
Wed Aug 26 11:03:43 2015  coheig:ok
Wed Aug 26 11:03:48 2015  ilgrosso:relationships are generic association between users and any objects (or any objects and any objects)
Wed Aug 26 11:03:59 2015  ilgrosso:memberships are relationships where right end is a group
Wed Aug 26 11:04:25 2015  ilgrosso:new memberships don't have attrbutes any more
Wed Aug 26 11:04:37 2015  ilgrosso:this was moved to any object classes
Wed Aug 26 11:04:42 2015  ilgrosso:(again kind of LDAP)
Wed Aug 26 11:05:11 2015  coheig:Finally for now, how I can I change the archetype to start up with a blank slate? Previously I used to just swap the main content.xml into test?
Wed Aug 26 11:05:40 2015  ilgrosso:old content.xml is now MasterContent.xml
Wed Aug 26 11:05:47 2015  ilgrosso:you can grab it from source tree
Wed Aug 26 11:06:18 2015  ilgrosso:and you naturally need to remove the Two domain - but you should've already done this
Wed Aug 26 11:07:19 2015  ilgrosso:thx for your review and questions, anyway: I took this out from my personal IdM experience, tried to put it down on wiki and mplement - hope this is seen as an improvement, in general
Wed Aug 26 11:08:40 2015  coheig:I think it is definately an improvement - do you have a tentative release date in mind?
Wed Aug 26 11:09:30 2015  ilgrosso:I believe it should be possible to have at least M1 in october / beginning of november
Wed Aug 26 11:09:55 2015  ilgrosso:I would love to have it before ApacheCon of course
Wed Aug 26 11:10:01 2015  ilgrosso:but not sure we can make it
Wed Aug 26 11:12:54 2015  coheig:ok. I won't be able to make Apachecon unfortunately this year.
Wed Aug 26 11:12:55 2015  _massi_:Joined the channel
Wed Aug 26 11:39:02 2015  coheig:When trying to create a new group I get back " X-Application-Error-Code=[InvalidRealm]". Is it mandatory to specify a realm when creating a group? Must it be an existing realm?
Wed Aug 26 11:39:42 2015  ilgrosso:yes and yes
Wed Aug 26 11:39:59 2015  ilgrosso:consider that the root realm (/) is always there
Wed Aug 26 16:40:15 2015  coheig:Left the channel
Wed Aug 26 18:13:04 2015  elecharny:Joined the channel
Wed Aug 26 18:50:13 2015  elecharny:Joined the channel
Wed Aug 26 19:16:37 2015  elecharny1:Joined the channel

Comments