Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2014-12-22

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:08 MegaMatt joined #openam
02:00 penk joined #openam
02:36 aldaris joined #openam
05:50 ramteid joined #openam
10:28 aldaris joined #openam
10:39 SteveFerris joined #openam
12:13 MegaMatt joined #openam
12:31 insanidade joined #openam
12:31 insanidade hi everyone.
12:33 insanidade I've tried to create a identity repo based on a database but it seems that the 'groups' part of it doesn't work. I'm able to retrieve users but no groups.
12:33 insanidade any hints ?
12:34 insanidade in a nutshell, all that I need is a way to retrieve some strings from a database and use them as groups so that I could send them to my j2ee agent.
13:17 penk joined #openam
13:20 insanidade nothing ? :(
13:21 asyd hello insanidade
13:31 insanidade hi, asyd
13:31 insanidade looks like what I'm trying to do will not work.
13:32 asyd insanidade: just curious, how are authenticated users on you database?
13:32 asyd i mean how the passowrd is stored
13:32 SteveFerris joined #openam
13:33 insanidade they are not stored in my database. identity repo is a ldap. the database I need to retrieve data from has data which is relevant to represent the groups.
13:33 insanidade I can successfuly authenticate users. I'd like to complete their profile with group information. and such information cames from a database.
13:34 asyd so why not synchronize membership from DB to LDAP ?
13:34 asyd there are some tools
13:34 insanidade ldap belogs to our customer and we can't write to it.
13:35 insanidade asyd: and I don't know how to perform such sync. do I have to use any other tool beyond openam ?
13:35 asyd openidm, lsc-project
13:36 MegaMatt I think I’ve mentioned IDM like 3 times now
13:36 insanidade yes. I can't use idm.
13:36 insanidade I remember you mentioned it.
13:37 asyd so look at lsc-project
13:37 insanidade what if I create my custom module? is there a way I could add any string to my Subject?
13:38 insanidade I'll take a look at lsc-project as well.
13:52 insanidade asyd: I'm taking a look at lsc.
13:53 rghose joined #openam
13:54 insanidade asyd: would it be useful in a scenario where I can't write to ldap (only read it) ?
13:55 insanidade where does it sync data? if I have that ldap set as my identity repo in openam, are groups (synced from db)  available in openap along with its ldap counterparts ?
13:58 asyd well I think you should consolidate data from LDAP and DB into another LDAP
13:58 asyd and use the first LDAP only for authentication purpose
14:09 insanidade asyd: just read something interesting in lsc docs: their example uses an opendj instance.
14:09 insanidade asyd: what if I use openam's default identity repo (which is opendj) and sync data from database into it ?
14:10 MegaMatt Sounds plausible
14:10 MegaMatt But I don’t think you’re supposed to use the embedded DJ as an id store in production
14:11 MegaMatt Aren’t there warnings about that?
14:11 insanidade not sure. I'm concerned about customers requirements. I don't think they would provide a second ldap so that I could feed it with synchronized data.
14:13 asyd MegaMatt: there is one - at least :)
14:13 asyd insanidade: well, we don't know your requirements etc so it's hard to tell
14:14 insanidade asyd: sure. just saying. that's why I thougt about not using anything besides openam and some java code (a custom module)
14:16 MegaMatt Seems silly that you can install OPenAM but not another DJ or IDM on the same machine
14:16 MegaMatt Maybe the customer would appreciate doing it right
14:16 MegaMatt rather than some weird hack because of their random requirements
14:18 insanidade I'll probably try using idm and/or another dj. just trying to figure out where I could go with the current tools I have.
14:19 insanidade a main requierment is that they wouldn't like to have auth data in two places.
14:20 insanidade they would like data in db to be only in db and not mapped in openam/idm/dj
14:21 penk joined #openam
14:21 MegaMatt But yet you are trying to map the data from the DB to a profile
14:22 insanidade MegaMatt: yes. that's because I could not simply retrieve data from db in my custom module and make it available for the agent.
14:24 insanidade the best scenario would be to use my custom module to retrieve data from db. I can do things like subject.getPrincipals().add(new WLSGroupImpl("my-custom-group")); but I still can't have that 'my-custom-group' showing up in my list of principals
14:31 rghose i use ad datastore with openam 11 and when I delete an user it does not get reflected on openam. any pointers?
14:31 rghose reflected on the AD *
14:32 rghose I can delete in openam though
14:32 rghose openam version is 12.0.0
14:34 insanidade if anyone could take a look at my custom module code and provide hints on why I can't get the principals ... http://pastebin.com/2S7KWyny
14:35 insanidade all that I need is to make those principals show up in my code after the authentication (the same way mapped groups do)
16:25 aldaris joined #openam
16:26 MegaMatt joined #openam
17:59 insanidade does any of you guys know if the creation of a data store based on a database repositiry is fully implemented? It works fine for retrieving users but not for retrieving groups.
17:59 insanidade we have version 12 installed.
18:02 MegaMatt joined #openam
18:03 insanidade MegaMatt :_)
18:03 MegaMatt hola
18:04 insanidade does anybody here know about the implementation status of some features in openam?
18:05 MegaMatt I’d just check the RFE in Jira
18:05 insanidade looks like the creation of a data store based on a database does not work completely.  it correctly retrieves data for users but not for groups.
18:06 MegaMatt How would it even know the difference?
18:07 insanidade there are two groups of configuration fields when creating the data store: one for mapping the db table that holds user data and another one for mapping the db table that holds group data.
18:07 insanidade one has to configure it, telling openam what tables and columns to look at.
18:07 insanidade that works fine for the users part.
18:07 insanidade not for the groups part.
18:08 MegaMatt So what’s the SQL query that is being sent for the groups part, and what is being returned, and why isn’t it what you want?
18:12 insanidade just found out how the groups part is implemented: it is empty.
18:12 insanidade the users part is fully implemented. for the groups, all we have is a few empty methods :_)
18:12 MegaMatt There ya go, that would explain it.
18:13 insanidade absolutely. allow me to implement that. we'll need it :_)
18:47 insanidade where in openam's repo do I find the code for a specific version?
18:47 MegaMatt under the tags
18:48 MegaMatt http://sources.forgerock.org/browse/openam/tags
18:53 insanidade hm... I'm looking for version 11.0.0 but it seems to be empty: http://sources.forgerock.or​g/browse/openam/tags/11.0.0
18:53 MegaMatt Yeah, it’s been like that, but you can still check it out from svn
18:53 MegaMatt via the tag
18:57 insanidade I'm trying to check the following url out: http://sources.forgerock.or​g/browse/openam/tags/11.0.0
18:58 insanidade 'http://sources.forgerock.org​/browse/openam/tags/11.0.0': could not connect to server (http://sources.forgerock.org)
18:59 insanidade hmmm
18:59 insanidade sorry
18:59 insanidade checking it out...
19:01 MegaMatt yeah, that’s not the svn url :)
19:01 insanidade yeah, my bad. didn't notice. checking it out now.
19:50 penk joined #openam
21:28 aldaris joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary