On 02/05/2013 10:06, Oliver Wulff wrote:
Do you agree that this is an issue in syncope and shall I open a JIRA?
No: we can discuss whether this is an issue of the LDAP connector, not
in Syncope: please write to [email protected] for this, with
full details (including the LDAP server you are working with).
Regards.
------------------------------------------------------------------------
*From:* Oliver Wulff [[email protected]]
*Sent:* 30 April 2013 16:59
*To:* [email protected]
*Subject:* RE: Synchronized LDAP users got UUID assigned as username
>>>
Or to "cn", if using roles as well.
>>>
You said the uid attribute name should be cn if using roles as well.
I've configured uid because cn is usually the full name in an ldap
directory (as mentioned before).
How, I've configured the roles and get the following exception:
[LDAP: error code 65 - OBJECT_CLASS_VIOLATION: failed for MessageType
: ADD_REQUEST
Message ID : 14
Add Request :
Entry
dn[n]: cn=TestRole,ou=groups,dc=fediz,dc=org
objectClass: groupOfNames
objectClass: top
member: uid=admin,ou=system
uid: TestRole
cn: TestRole
: ERR_277 Attribute uid not declared in objectClasses of entry
cn=TestRole,ou=groups,dc=fediz,dc=org]
Is this the reason why you mentioned this?
If yes, then I think it makes sense to provide two
configuration items, one for group and one for the user.
Thanks
Oli
------------------------------------------------------------------------
*From:* Oliver Wulff [[email protected]]
*Sent:* 29 April 2013 20:40
*To:* [email protected]
*Subject:* RE: Synchronized LDAP users got UUID assigned as username
Hi Francesco
I've configured my connector now to use uid for the uid
attribute instead of cn. Usually, cn is the fullname and not the login
name (marriage, divorce, etc. -> name change) which would finally
result into having the fullname as the login id (username) in syncope.
Provisioning didn't work before for me because cn is a mandatory
attribute. Therfore, I've created a derived attribute fullname in the
schema and configured a mapping for internal "fullname" to external
"cn" and it worked.
Thanks
Oli
------------------------------------------------------------------------
*From:* Francesco Chicchiriccò [[email protected]]
*Sent:* 26 April 2013 14:24
*To:* [email protected]
*Subject:* Re: Synchronized LDAP users got UUID assigned as username
On 26/04/2013 08:28, Marco Di Sabatino Di Diodoro wrote:
Hi Oliver,
On Apr 25, 2013, at 10:05 PM, Oliver Wulff wrote:
Hi there
I've set up an LDAP connector and corresponding resource. The
import/synchronization works fine (for all attributes defined in my
user schema) but the username got assigned a UUID instead of the
username I defined as account link:
'uid=' + username + ',o=users,dc=fediz,dc=org'
or
Account User Name Attributes (uid).
In the Ldap Connector configuration you must set the Uid Attribute
Field with value uid.
Or to "cn", if using roles as well.
I have reported some more information at
http://blog.tirasa.net/blogs/index.php/ilgrosso/unlock-full-ldap-features-in
I've set up the LDAP connector based on the docs here:
https://connid.atlassian.net/wiki/display/BASE/LDAP
But my synchronized users got assigned a username with a UUID - not
stored in my LDAP directory.
What am I doing wrong?
--
Francesco Chicchiriccò
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/
