Do you agree that this is an issue in syncope and shall I open a JIRA?
Thanks Oliver ________________________________ From: Oliver Wulff [[email protected]] Sent: 30 April 2013 16:59 To: [email protected] Subject: RE: Synchronized LDAP users got UUID assigned as username >>> Or to "cn", if using roles as well. >>> You said the uid attribute name should be cn if using roles as well. I've configured uid because cn is usually the full name in an ldap directory (as mentioned before). How, I've configured the roles and get the following exception: [LDAP: error code 65 - OBJECT_CLASS_VIOLATION: failed for MessageType : ADD_REQUEST Message ID : 14 Add Request : Entry dn[n]: cn=TestRole,ou=groups,dc=fediz,dc=org objectClass: groupOfNames objectClass: top member: uid=admin,ou=system uid: TestRole cn: TestRole : ERR_277 Attribute uid not declared in objectClasses of entry cn=TestRole,ou=groups,dc=fediz,dc=org] Is this the reason why you mentioned this? If yes, then I think it makes sense to provide two configuration items, one for group and one for the user. Thanks Oli ________________________________ From: Oliver Wulff [[email protected]] Sent: 29 April 2013 20:40 To: [email protected] Subject: RE: Synchronized LDAP users got UUID assigned as username Hi Francesco I've configured my connector now to use uid for the uid attribute instead of cn. Usually, cn is the fullname and not the login name (marriage, divorce, etc. -> name change) which would finally result into having the fullname as the login id (username) in syncope. Provisioning didn't work before for me because cn is a mandatory attribute. Therfore, I've created a derived attribute fullname in the schema and configured a mapping for internal "fullname" to external "cn" and it worked. Thanks Oli ________________________________ From: Francesco Chicchiriccò [[email protected]] Sent: 26 April 2013 14:24 To: [email protected] Subject: Re: Synchronized LDAP users got UUID assigned as username On 26/04/2013 08:28, Marco Di Sabatino Di Diodoro wrote: Hi Oliver, On Apr 25, 2013, at 10:05 PM, Oliver Wulff wrote: Hi there I've set up an LDAP connector and corresponding resource. The import/synchronization works fine (for all attributes defined in my user schema) but the username got assigned a UUID instead of the username I defined as account link: 'uid=' + username + ',o=users,dc=fediz,dc=org' or Account User Name Attributes (uid). In the Ldap Connector configuration you must set the Uid Attribute Field with value uid. Or to "cn", if using roles as well. I have reported some more information at http://blog.tirasa.net/blogs/index.php/ilgrosso/unlock-full-ldap-features-in I've set up the LDAP connector based on the docs here: https://connid.atlassian.net/wiki/display/BASE/LDAP But my synchronized users got assigned a username with a UUID - not stored in my LDAP directory. What am I doing wrong? -- Francesco Chicchiriccò ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member http://people.apache.org/~ilgrosso/
