> Do you see any error in the task execution message? I would expect that
there could be some problem when subscribing an existing
> user to an external resource, with no password (see SYNCOPE-136).
Thanks, that is the problem:
org.apache.syncope.client.validation.SyncopeClientCompositeErrorException:
{[RequiredValuesMissing [password cannot be empty when subscribing to new
resources]], }
at
org.apache.syncope.core.rest.data.UserDataBinder.update(UserDataBinder.java:218)
Is this error covered by SYNCOPE-136 or should I open a new JIRA?
Colm.
On Mon, Aug 13, 2012 at 2:58 PM, Francesco Chicchiriccò <[email protected]
> wrote:
> On 13/08/2012 15.15, Colm O hEigeartaigh wrote:
>
> Hi Francesco,
>
> > Yes: you can define what attributes, roles and resources a synchronized
> user should have by editing the user template associated to
> > the synchronization task (look at [1] for an example).
>
> Cool thanks. I think there may be a bug here in that this is working fine
> when you add a resource by editing the user template before the task
> executes for the first time, but if you later add it in after the user has
> already been synchronized to Syncope and run the task again, the resource
> does not show up on the previously synchronized user. Shall I open a JIRA
> for this?
>
>
> Has this resource the 'Updated matched identities' flagged as well?
>
> Do you see any error in the task execution message? I would expect that
> there could be some problem when subscribing an existing user to an
> external resource, with no password (see SYNCOPE-136).
>
>
> A minor suggestion - the configuration page for the LDAP Connector is a
> bit confusing, as the configuration options seem to appear in a random
> order. Should we move to either alphabetical or else a more coherent flow
> as appears here:
>
> https://code.google.com/p/connid/wiki/LDAP
>
> ?
>
>
> AFAIK, the presentation order in the Syncope admin console is derived from
> the order defined on each connector bundle.
> For the LDAP bundle [2], there is no ordering defined at all (check
> @ConfigurationProperty annotation), while for the DB bundle [3], ordering
> is well defined.
>
> Regards.
>
> [2]
> http://connid.googlecode.com/svn/bundles/ldap/tags/org.connid.bundles.ldap-1.3.1/src/main/java/org/identityconnectors/ldap/LdapConfiguration.java
> [3]
> http://connid.googlecode.com/svn/bundles/db/tags/db-2.1.2/table/src/main/java/org/identityconnectors/databasetable/DatabaseTableConfiguration.java
>
>
> On Fri, Aug 10, 2012 at 4:34 PM, Francesco Chicchiriccò <
> [email protected]> wrote:
>
>> On 10/08/2012 17.26, Colm O hEigeartaigh wrote:
>>
>> Great thanks, selecting 'full reconciliation' did the trick. Do you know
>> is there a fix planned to only use the delta with Apache DS?
>>
>>
>> Not that I know, but we can discuss this on [email protected]
>> you want.
>>
>> Another question: After importing user entries from an Apache DS backend,
>> they don't have the corresponding "Resource" selected. So to update a user
>> entry I need to manually select the corresponding Connector before the
>> change gets propagated back. Is this expected?
>>
>>
>> Yes: you can define what attributes, roles and resources a synchronized
>> user should have by editing the user template associated to the
>> synchronization task (look at [1] for an example).
>>
>> Regards.
>>
>> [1]
>> https://cwiki.apache.org/confluence/display/SYNCOPE/Synchronize+Active+Directory+with+SQL+database#SynchronizeActiveDirectorywithSQLdatabase-Provideausertemplate
>>
>> On Fri, Aug 10, 2012 at 1:25 PM, Francesco Chicchiriccò <
>> [email protected]> wrote:
>>
>>> On 10/08/2012 14.09, Colm O hEigeartaigh wrote:
>>>
>>>> Hi all,
>>>>
>>>> A quick sanity check: Is there any reason why I can't synchronize from
>>>> an Apache DS backend in Syncope? I can create users in Syncope and
>>>> propagate them to the resource fine, but I can't do the reverse.
>>>>
>>>
>>> Hi Colm,
>>> synchronization from an external resource might fail for many different
>>> reasons: I'd suggest to increase the level for the
>>> 'org.apache.syncope.core.scheduling' logger in order to have some insight
>>> about the failure.
>>>
>>> Generally speaking, you can perform a proper synchronization only when
>>> the underlying connector supports the SYNC operation (and has the
>>> correspondent capability enabled in Syncope). The LDAP connector,
>>> specifically, only supports that for Sun Directory Server and OpenDS /
>>> OpenDJ.
>>>
>>> When SYNC operation is not supported / enabled, you can only perform a
>>> 'full reconciliation' - the difference is that with the latter all entries
>>> are sent at every request from the external resource, while the former only
>>> sends the delta compared to prior call.
>>>
>>> You can choose full reconciliation from the admin console, when editing
>>> the resource.
>>>
>>> Regards.
>>>
>> --
> Francesco Chicchiriccò
>
> ASF Member, Apache Cocoon PMC and Apache Syncope PPMC
> Memberhttp://people.apache.org/~ilgrosso/
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
