Il giorno 15/mar/2012, alle ore 11.52, Emmanuel Lécharny ha scritto: > Le 3/15/12 11:27 AM, Fabio Martelli a écrit : >> Il giorno 15/mar/2012, alle ore 10.59, Antony Pulicken ha scritto: >> >>> Thanks a lot Fabio and get well soon :-) >>> >>> 1. We are using OpenDS >>> 2. I have attached the screenshots of mapping and the connector >>> configuration >>> >>> I'm facing another issue now. I doubt it is occurring because the LDAP >>> connector configuration is incorrect. The issue is the updates from AD are >>> not getting synced to LDAP. When an update happens in AD, it's getting >>> synced to syncope and then the LDAP search is getting invoked. Even though >>> the user exists in LDAP, it's returning null and because of that Create is >>> getting triggered. Can you please take a look at the configuration and spot >>> anything that is obvious ? >> Hi Antony, >> you are using uid in your AccountLink and Username as AccountId --> this >> could generate problems .... >> >> 1. Consider that in this way syncope will create users with specified DN >> (AccountLink) but it will search for users using the Username >> 2. In a certain way you are creating an entry specifying two UIDs: as far >> as I know, this happens because you are creating an entry specifying the dn >> (including the former uid value) and the uid attribute (latter uid value). >> This is absolutely normal if and only if the two UIDs are the same. > > FYI, a decent LDAP server will add the uid found in the DN if it's not > present in the entry. For instance, adding : > > dn: uid=jdoe,dc=example,dc=com > ... > uid:jacme > ... > > will create this entry : > dn: uid=jdoe,dc=example,dc=com > ... > uid: jacme > uid: jdoe > ... > > as the uid AT is multi-valued. > > Now, this might not be the expected things.
This is exactly what I mean. Thank you Emmanuel for your observation. Regards, F. > -- > Regards, > Cordialement, > Emmanuel Lécharny > www.iktek.com >
