On 13/08/2012 16.11, Colm O hEigeartaigh wrote:
> Do you see any error in the task execution message? I would expect
that there could be some problem when subscribing an existing
> user to an external resource, with no password (see SYNCOPE-136).
Thanks, that is the problem:
org.apache.syncope.client.validation.SyncopeClientCompositeErrorException:
{[RequiredValuesMissing [password cannot be empty when subscribing to
new resources]], }
at
org.apache.syncope.core.rest.data.UserDataBinder.update(UserDataBinder.java:218)
Is this error covered by SYNCOPE-136 or should I open a new JIRA?
If you would add a comment on it, we wouldn't like to miss this
particular aspect when working on it, thanks.
Regards.
On Mon, Aug 13, 2012 at 2:58 PM, Francesco Chicchiriccò
<[email protected] <mailto:[email protected]>> wrote:
On 13/08/2012 15.15, Colm O hEigeartaigh wrote:
Hi Francesco,
> Yes: you can define what attributes, roles and resources a
synchronized user should have by editing the user template
associated to
> the synchronization task (look at [1] for an example).
Cool thanks. I think there may be a bug here in that this is
working fine when you add a resource by editing the user template
before the task executes for the first time, but if you later add
it in after the user has already been synchronized to Syncope and
run the task again, the resource does not show up on the
previously synchronized user. Shall I open a JIRA for this?
Has this resource the 'Updated matched identities' flagged as well?
Do you see any error in the task execution message? I would expect
that there could be some problem when subscribing an existing user
to an external resource, with no password (see SYNCOPE-136).
A minor suggestion - the configuration page for the LDAP
Connector is a bit confusing, as the configuration options seem
to appear in a random order. Should we move to either
alphabetical or else a more coherent flow as appears here:
https://code.google.com/p/connid/wiki/LDAP
?
AFAIK, the presentation order in the Syncope admin console is
derived from the order defined on each connector bundle.
For the LDAP bundle [2], there is no ordering defined at all
(check @ConfigurationProperty annotation), while for the DB bundle
[3], ordering is well defined.
Regards.
[2]
http://connid.googlecode.com/svn/bundles/ldap/tags/org.connid.bundles.ldap-1.3.1/src/main/java/org/identityconnectors/ldap/LdapConfiguration.java
[3]
http://connid.googlecode.com/svn/bundles/db/tags/db-2.1.2/table/src/main/java/org/identityconnectors/databasetable/DatabaseTableConfiguration.java
On Fri, Aug 10, 2012 at 4:34 PM, Francesco Chicchiriccò
<[email protected] <mailto:[email protected]>> wrote:
On 10/08/2012 17.26, Colm O hEigeartaigh wrote:
Great thanks, selecting 'full reconciliation' did the trick.
Do you know is there a fix planned to only use the delta
with Apache DS?
Not that I know, but we can discuss this on
[email protected]
<mailto:[email protected]> if you want.
Another question: After importing user entries from an
Apache DS backend, they don't have the corresponding
"Resource" selected. So to update a user entry I need to
manually select the corresponding Connector before the
change gets propagated back. Is this expected?
Yes: you can define what attributes, roles and resources a
synchronized user should have by editing the user template
associated to the synchronization task (look at [1] for an
example).
Regards.
[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/Synchronize+Active+Directory+with+SQL+database#SynchronizeActiveDirectorywithSQLdatabase-Provideausertemplate
On Fri, Aug 10, 2012 at 1:25 PM, Francesco Chicchiriccò
<[email protected] <mailto:[email protected]>> wrote:
On 10/08/2012 14.09, Colm O hEigeartaigh wrote:
Hi all,
A quick sanity check: Is there any reason why I
can't synchronize from an Apache DS backend in
Syncope? I can create users in Syncope and propagate
them to the resource fine, but I can't do the reverse.
Hi Colm,
synchronization from an external resource might fail for
many different reasons: I'd suggest to increase the
level for the 'org.apache.syncope.core.scheduling'
logger in order to have some insight about the failure.
Generally speaking, you can perform a proper
synchronization only when the underlying connector
supports the SYNC operation (and has the correspondent
capability enabled in Syncope). The LDAP connector,
specifically, only supports that for Sun Directory
Server and OpenDS / OpenDJ.
When SYNC operation is not supported / enabled, you can
only perform a 'full reconciliation' - the difference is
that with the latter all entries are sent at every
request from the external resource, while the former
only sends the delta compared to prior call.
You can choose full reconciliation from the admin
console, when editing the resource.
Regards.
--
Francesco Chicchiriccò
ASF Member, Apache Cocoon PMC and Apache Syncope PPMC Member
http://people.apache.org/~ilgrosso/
