R: Managing AD primary group
OK. Thank's Fabio. Da: Fabio Martelli [mailto:fabio.marte...@gmail.com] Inviato: venerdì 28 marzo 2014 09:46 A: user@syncope.apache.org Cc: connid-...@googlegroups.com; connid-us...@googlegroups.com Oggetto: Re: Managing AD primary group Il 27/03/2014 18:55, Mirko Signoretto ha scritto: Hello, I have a problem managing the AD primary group. I have mapped for the AD resource connector the "ldapgroups" attribute and I'm able to provision group memberships correctly in AD. The default AD primary group is "Domain Users". But if I change the user primary group directly in AD, setting as primary group a Syncope provisioned group, I obtain a propagation error. 18:42:15.717 DEBUG org.identityconnectors.framework.api.operations.UpdateApiOp.update Exception: org.identityconnectors.framework.common.exceptions.ConnectorException: javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 0528: UpdErr: DSID-031A0F4F, problem 6005 (ENTRY_EXISTS), data 0 ]; remaining name 'CN=SyncopeUsers,OU=Syncope,OU=Groups,dc=wip,dc=lab' How Syncope AD connector treat the primary group? It seems that I cannot overwrite the primary group. Hi Mirko, it seems that currently AD (JNDI) Connector doesn't take care of user primary groups. I do think that this is an AD connector bug to be fixed asap: just opened issue AD-29 [1]. Thank you for your contribution. Best regards, F. [1] https://connid.atlassian.net/browse/AD-29 -- Fabio Martelli Tirasa - Open Source Excellence http://www.tirasa.net/ Apache Syncope PMC http://people.apache.org/~fmartelli/
Re: Managing AD primary group
Il 27/03/2014 18:55, Mirko Signoretto ha scritto: Hello, I have a problem managing the AD primary group. I have mapped for the AD resource connector the "ldapgroups" attribute and I'm able to provision group memberships correctly in AD. The default AD primary group is "Domain Users". But if I change the user primary group directly in AD, setting as primary group a Syncope provisioned group, I obtain a propagation error. 18:42:15.717 DEBUG org.identityconnectors.framework.api.operations.UpdateApiOp.update Exception: org.identityconnectors.framework.common.exceptions.ConnectorException: javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 0528: UpdErr: DSID-031A0F4F, problem 6005 (ENTRY_EXISTS), data 0 ]; remaining name 'CN=SyncopeUsers,OU=Syncope,OU=Groups,dc=wip,dc=lab' How Syncope AD connector treat the primary group? It seems that I cannot overwrite the primary group. Hi Mirko, it seems that currently AD (JNDI) Connector doesn't take care of user primary groups. I do think that this is an AD connector bug to be fixed asap: just opened issue AD-29 [1]. Thank you for your contribution. Best regards, F. [1] https://connid.atlassian.net/browse/AD-29 -- Fabio Martelli Tirasa - Open Source Excellence http://www.tirasa.net/ Apache Syncope PMC http://people.apache.org/~fmartelli/
Managing AD primary group
Hello, I have a problem managing the AD primary group. I have mapped for the AD resource connector the "ldapgroups" attribute and I'm able to provision group memberships correctly in AD. The default AD primary group is "Domain Users". But if I change the user primary group directly in AD, setting as primary group a Syncope provisioned group, I obtain a propagation error. 18:42:15.717 DEBUG org.identityconnectors.framework.api.operations.UpdateApiOp.update Exception: org.identityconnectors.framework.common.exceptions.ConnectorException: javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 0528: UpdErr: DSID-031A0F4F, problem 6005 (ENTRY_EXISTS), data 0 ]; remaining name 'CN=SyncopeUsers,OU=Syncope,OU=Groups,dc=wip,dc=lab' How Syncope AD connector treat the primary group? It seems that I cannot overwrite the primary group. I'm using Syncope 1.1.3 and AD 1.2 connector. Thanks, Mirko