[Freeipa-devel] FreeIPA ConnId connector for usage with Apache Syncope
Dmitri Pal
dpal at redhat.com
Thu Jan 30 18:25:20 UTC 2014
On 01/30/2014 11:35 AM, Francesco Chicchiriccò wrote:
> Hi all,
> I am PMC chair at Apache Syncope [1], an Open Source system for
> managing digital identities in enterprise environments, implemented in
> JEE technology and released under Apache 2.0 license.
>
> Apache Syncope can be classified as provisioning engine, and its duty
> can be summarized as keeping synchronized account data across
> different identity datastores (RDBMS, LDAP, Active Directory, ....).
>
> For the actual communication with such external identity datastores,
> Apache Syncope relies upon ConnId [2], an Open Source fork of Sun
> Microsystem's Identity Connectors framework [3], left dead after Sun's
> acquisition by Oracle.
> I am also project owner at ConnId.
>
> My company Tirasa is about to start the development of a FreeIPA
> ConnId connector [4] that would allow the integration of FreeIPA into
> Apache Syncope-based IdM architectures.
>
> We are currently installing and testing FreeIPA in order to understand
> what is the better way to implement the communication with Syncope: do
> you have any suggestion about where to start from?
> Thanks.
>
Can you please list provisioning use cases that you want to support?
Add user?
Edit user?
Reset password?
Keep in mind that after password is set for a user user needs to change
it on the first login. This is done to make sure that no one can
impersonate user and password is not know outside the system. So this is
one of the first hurdles you need to deal with, i.e. fire and forget and
not try to use password for anything else in IPA use case.
To call into IPA you can use "ipa ..." command line or use out API from
python client. Since you are using Java calling into "ipa" command is
probably the best option.
In future we plan to allow insertion of the users via an ldap command
https://fedorahosted.org/freeipa/ticket/3911 it is on the roadmap for
this spring.
What are other use cases and workflows you have?
Do you have a password reset self service?
If you do it might be nice external addition to FreeIPA if it integrates
into the UI seamlessly.
> Best regards.
>
> [1] http://syncope.apache.org/
> [2] http://tirasa.github.io/ConnId/
> [3] http://java.net/projects/identityconnectors/
> [4] https://github.com/Tirasa/ConnIdFreeIPABundle
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list