Synchronization of groups with external source
Group synchronization allows to fill the Perun's group with the users from external system. In order to use group synchronization, you have to have properly setup external sources Perun_external_sources which define how to connect to the external source.
To the group which we need to synchronize with external source we have to set following attributes:
- urn:perun:group:attribute-def:def:synchronizationEnabled - required values are true/false
- urn:perun:group:attribute-def:def:synchronizationInterval - it must be set in multiples of 5 minutes
- urn:perun:group:attribute-def:def:groupExtSource - name of external source from which are getting data about group, list of logins which can be than searched in groupMembersExtSource for getting information about each member
- urn:perun:group:attribute-def:def:groupMembersExtSource - name of external source from which are getting data about members of group. Attribute is optional it is used only if one external source provides information about groups and different one provides data about group members
- urn:perun:group:attribute-def:def:groupMembersQuery - query to the external source which must return only one column called login
SQL Database
- Example of groupMembersQuery for external source of type SQL database cz.metacentrum.perun.core.impl.ExtSourceSql, this query must return one column called login.
select logname as login from someTable where theirsGroupId=123
SQL Query
SQL query returns column firstName, lastName, login. Optionally middleName, titleBefore, titleAfter. SQL query could return columns with names of concrete attributes. Due to size restriction, attribute names must be shorten, where x:y:z means:
| x | meaning |
| m | member |
| u | user |
| f | facility |
| r | resource |
| g | group |
| v | vo |
| h | host |
| mr | member_resource |
| uf | user_facility |
| gr | group_resource |
| y | meaning |
| d | def |
| o | opt |
Examples:
m:d:address -> urn:perun:member:attribute-def:def:address u:d:login-namespace:mu -> urn:perun:user:attribute-def:def:login-namespace:mu
- Example groupMembersQuery for external resource SQL database cz.metacentrum.perun.core.impl.ExtSourceSql
select name as first_name, surname as last_name, login, mail as "m:d:mail", telephone as "m:d:phone" from someTable
- Example groupMembersQuery for external resource LDAP cz.metacentrum.perun.core.impl.ExtSourceLdap
TBA
- Example groupMembersQuery for external resource ISMU cz.metacentrum.perun.core.impl.ExtSourceISMU
https://is.muni.cz/auth/export/skupina_osob.pl?format=csv&kodovani=utf-8&skup_zkratka=1433:15
LDAP
- Example groupMembersQuery for external source of type LDAP cz.metacentrum.perun.core.impl.ExtSourceLdap
(gropuId=123)
IS MU
- Example of groupMembersQuery for external source of type ISMU cz.metacentrum.perun.core.impl.ExtSourceISMU
https://is.muni.cz/auth/export/skupina_osob.pl?format=csv&kodovani=utf-8&skup_zkratka=1433:15
ISXML (MU)
Five basic attributes are required:
- urn:perun:group:attribute-def:def:groupExtSource have to be set to value ISXML
- urn:perun:group:attribute-def:def:groupMembersExtSource have to be set to value INET
- urn:perun:group:attribute-def:def:groupMembersQuery have to be set to value number_of_work_department (from list of work departments from IS): name_of_group (from IS). For example 1492:storage-ff-prekl
- urn:perun:group:attribute-def:def:synchronizationEnabled have to be set to value true
- urn:perun:group:attribute-def:def:synchronizationInterval have to be set to interval between two successful synchronizations. For example to value 100
Synchronization with the other Perun group
Group members could be synchronized with other group. As external resource is used the with the name 'PERUN'. Attributes must be filled in the followin way:
- urn:perun:group:attribute-def:def:synchronizationEnabled set true/false depending on manual or automatic synchronization
* urn:perun:group:attribute-def:def:synchronizationInterval fill required value. When value in preceding attribute is true, multiple this value by 5 minutes. * urn:perun:group:attribute-def:def:groupExtSource set to PERUN * urn:perun:group:attribute-def:def:groupMembersQuery set to select members.user_id as login from members, groups_members where groups_members.group_id=[id skupiny] and members.id=groups_members.member_id
Syncing validates synchronized members. To get only VALID members add and members.status=0 to the membersQuery.
Example
- How to create group synchronized with external source of type SQL, in 5 minutes interval:
groupExtSource = PERUNPEOPLE groupMembersQuery = 'select logname as login from someTable where groupId=123' synchronizationEnabled = true synchronizationInterval = 1
- Fire up synchronization manually using CLI:
./synchronizeGroup --groupId 123
- The same task using CLI:
./setGroupAttribute --groupId 123 --attributeName 'urn:perun:group:attribute-def:def:groupExtSource' --attributeValue PERUNPEOPLE ./setGroupAttribute --groupId 123 --attributeName 'urn:perun:group:attribute-def:def:groupMembersQuery' --attributeValue 'select name as first_name, surname as last_name, login, mail as urn:perun:member:attribute-def:def:mail, telephone as urn:perun:member:attribute-def:def:phone from someTable' ./setGroupAttribute --groupId 123 --attributeName 'urn:perun:group:attribute-def:def:synchronizationEnabled' --attributeValue true ./setGroupAttribute --groupId 123 --attributeName 'urn:perun:group:attribute-def:def:synchronizationInterval' --attributeValue 1
Manual synchronization in CLI:
./synchronizeGroup --groupId 123
Example
- The example shows how to add users to group. Users are from VO MetaCentrum and their organization is 'Masarykova univerzita'. As external resource is used 'PERUN'.
* urn:perun:group:attribute-def:def:synchronizationEnabled
set true/false depending on manual or automatic synchronization
* urn:perun:group:attribute-def:def:synchronizationInterval
fill required value. When value in preceding attribute is true, multiple this value by 5 minutes.
* urn:perun:group:attribute-def:def:groupExtSource
set to PERUN
* urn:perun:group:attribute-def:def:groupMembersQuery
set to select users.id as login from members, users, user_attr_values where user_attr_values.user_id=users.id and user_attr_values.attr_id=1363 and user_attr_values.attr_value='Masarykova univerzita' and members.vo_id=21 and members.user_id=users.id