Hi Guys,
I think I made some new progress on understanding my problems with
synchro/recon.
I started from scratch, rebuilt my env based on 1.1.2-SNAPSHOT.
Followed the blog and now I'm getting closer to get the ldap users
created on syncope (my goal).
I believe all my issues are coming from bad mappings and bad
interpretation on my part from the docs:
When I look at the sync task log I see what is failing now in my mappings:
e.g.
Users [created/failures]: 0/13 [updated/failures]: 0/0 [deleted/failures]: 0/0
Roles [created/failures]: 0/0 [updated/failures]: 9/0 [deleted/failures]: 0/0
Users failed to create: CREATE FAILURE (id/name): null/null with message:
{[RequiredValuesMissing [userId]], [InvalidValues [userId: uid=nik,ou=people,o=usharesoft
- "uid=nik,ou=people,o=usharesoft" is not a valid email address]]}
CREATE FAILURE (id/name): null/null with message: {[InvalidValues [userId:
uid=olive,ou=people,o=usharesoft - "uid=olive,ou=people,o=usharesoft" is not a
valid email address]], [RequiredValuesMissing [userId]]}
CREATE FAILURE (id/name): null/null with message: {[RequiredValuesMissing [userId]],
[InvalidValues [userId: uid=bolive,ou=people,o=usharesoft -
"uid=bolive,ou=people,o=usharesoft" is not a valid email address]]}
CREATE FAILURE (id/name): null/null with message: {[InvalidValues [userId:
uid=gfoe,ou=people,o=usharesoft - "uid=gfoe,ou=people,o=usharesoft" is not a
valid email address]], [RequiredValuesMissing [userId]]}
CREATE FAILURE (id/name): null/null with message: {[RequiredValuesMissing [userId]],
[InvalidValues [userId: uid=jeff4,ou=people,o=usharesoft -
"uid=jeff4,ou=people,o=usharesoft" is not a valid email address]]}
CREATE FAILURE (id/name): null/null with message: {[RequiredValuesMissing [userId]],
[InvalidValues [userId: uid=Gioacchino,ou=people,o=usharesoft -
"uid=Gioacchino,ou=people,o=usharesoft" is not a valid email address]]}
CREATE FAILURE (id/name): null/null with message: {[RequiredValuesMissing [userId]],
[InvalidValues [userId: uid=Vincenzo,ou=people,o=usharesoft -
"uid=Vincenzo,ou=people,o=usharesoft" is not a valid email address]]}
CREATE FAILURE (id/name): null/null with message: {[RequiredValuesMissing [userId]],
[InvalidValues [userId: uid=moofink,ou=people,o=usharesoft -
"uid=moofink,ou=people,o=usharesoft" is not a valid email address]]}
CREATE FAILURE (id/name): null/null with message: {[InvalidValues [userId:
uid=moo,ou=people,o=usharesoft - "uid=moo,ou=people,o=usharesoft" is not a
valid email address]], [RequiredValuesMissing [userId]]}
CREATE FAILURE (id/name): null/null with message: {[RequiredValuesMissing [userId]],
[InvalidValues [userId: uid=niknik,ou=people,o=usharesoft -
"uid=niknik,ou=people,o=usharesoft" is not a valid email address]]}
CREATE FAILURE (id/name): null/null with message: {[RequiredValuesMissing [userId]],
[InvalidValues [userId: uid=user1,ou=people,o=usharesoft -
"uid=user1,ou=people,o=usharesoft" is not a valid email address]]}
CREATE FAILURE (id/name): null/null with message: {[RequiredValuesMissing [userId]],
[InvalidValues [userId: uid=Gioacchino-1,ou=people,o=usharesoft -
"uid=Gioacchino-1,ou=people,o=usharesoft" is not a valid email address]]}
CREATE FAILURE (id/name): null/null with message: {[RequiredValuesMissing [userId]],
[InvalidValues [userId: uid=Vincenzo-1,ou=people,o=usharesoft -
"uid=Vincenzo-1,ou=people,o=usharesoft" is not a valid email address]]}
Users created:
Users updated:
Users deleted:
Roles created:
Roles updated:
UPDATE SUCCESS (id/name): 119/cn=managing director,ou=groups,o=usharesoft
UPDATE SUCCESS (id/name): 120/cn=artdirector,ou=groups,o=usharesoft
UPDATE SUCCESS (id/name): 121/cn=ROLE_NAME,ou=groups,o=usharesoft
UPDATE SUCCESS (id/name): 122/cn=ROLE,ou=groups,o=usharesoft
UPDATE SUCCESS (id/name): 123/cn=tink,ou=groups,o=usharesoft
UPDATE SUCCESS (id/name): 124/cn=managing director-1,ou=groups,o=usharesoft
UPDATE SUCCESS (id/name): 125/cn=managing director-1-1,ou=groups,o=usharesoft
UPDATE SUCCESS (id/name): 126/cn=tink-1,ou=groups,o=usharesoft
UPDATE SUCCESS (id/name): 127/cn=tink-2,ou=groups,o=usharesoft
Roles deleted:
rgds,
Nik
Hi Guys,
I have always had problems trying to get syncope synchronization (or
at least reconciliation)working in my setup.
Assumptions:
1) I can take as a given, that synchronization from ldap V3/openDJ to
syncope, of users and groups works and has been verified ( for me it
would be a basic feature of any IDM)?
2) that following the blog
http://blog.tirasa.net/blogs/index.php/ilgrosso/unlock-full-ldap-features-in
shows the correct way to enable synchronization/reconciliationfor
OpenDJ resources.
Given these 2 assumptions, I can conclude that I am missing some
important steps to configure this feature in syncopeproperly.
After I step 2) above and look at the log traces I see the following
output.
10:30:46.153 DEBUG
org.identityconnectors.framework.api.operations.SearchApiOp.search
Enter: search(ObjectClass: __ACCOUNT__, null,
org.apache.syncope.core.propagation.impl.ConnectorFacadeProxy$2@62f9d23b,
OperationOptions:
{ATTRS_TO_GET:[mail,sn,description,__UID__,__NAME__,displayName,__PASSWORD__,__ENABLE__]})
10:30:46.156 WARN
org.connid.bundles.ldap.search.LdapSearch.getAttributesToGet Reading
passwords not supported
10:30:46.156 WARN
org.connid.bundles.ldap.schema.LdapSchemaMapping.getLdapAttribute
Attribute __ENABLE__ of object class __ACCOUNT__ is not mapped to an
LDAP attribute
10:30:46.156 DEBUG
org.connid.bundles.ldap.search.DefaultSearchStrategy.doSearch
Searching in [ou=people,o=usharesoft, ou=groups,o=usharesoft] with
filter (&(objectClass=inetOrgPerson)(uid=*)) and SearchControls:
{returningAttributes=[cn, description, displayName, mail, sn,
userPassword], scope=SUBTREE}
10:30:46.158 WARN
org.connid.bundles.ldap.schema.LdapSchemaMapping.getLdapAttribute
Attribute __ENABLE__ of object class __ACCOUNT__ is not mapped to an
LDAP attribute
10:30:46.159 WARN
org.connid.bundles.ldap.schema.LdapSchemaMapping.getLdapAttribute
Attribute __ENABLE__ of object class __ACCOUNT__ is not mapped to an
LDAP attribute
10:30:46.160 WARN
org.connid.bundles.ldap.schema.LdapSchemaMapping.getLdapAttribute
Attribute __ENABLE__ of object class __ACCOUNT__ is not mapped to an
LDAP attribute
10:30:46.160 WARN
org.connid.bundles.ldap.schema.LdapSchemaMapping.getLdapAttribute
Attribute __ENABLE__ of object class __ACCOUNT__ is not mapped to an
LDAP attribute
10:30:46.161 WARN
org.connid.bundles.ldap.schema.LdapSchemaMapping.getLdapAttribute
Attribute __ENABLE__ of object class __ACCOUNT__ is not mapped to an
LDAP attribute
10:30:46.162 DEBUG
org.identityconnectors.framework.api.operations.SearchApiOp.search
Exception:
java.lang.NullPointerException: null
at
org.apache.syncope.core.persistence.dao.impl.AttributableSearchDAOImpl.search(AttributableSearchDAOImpl.java:145)
~[AttributableSearchDAOImpl.class:na]
at
org.apache.syncope.core.persistence.dao.impl.AttributableSearchDAOImpl.search(AttributableSearchDAOImpl.java:133)
~[AttributableSearchDAOImpl.class:na]
at
org.apache.syncope.core.sync.impl.SyncopeSyncResultHandler.search(SyncopeSyncResultHandler.java:348)
~[SyncopeSyncResultHandler.class:na]
at
org.apache.syncope.core.sync.impl.SyncopeSyncResultHandler.findByAttributableSearch(SyncopeSyncResultHandler.java:421)
~[SyncopeSyncResultHandler.class:na]
at
org.apache.syncope.core.sync.impl.SyncopeSyncResultHandler.findExisting(SyncopeSyncResultHandler.java:453)
~[SyncopeSyncResultHandler.class:na]
at
org.apache.syncope.core.sync.impl.SyncopeSyncResultHandler.doHandle(SyncopeSyncResultHandler.java:834)
~[SyncopeSyncResultHandler.class:na]
at
org.apache.syncope.core.sync.impl.SyncopeSyncResultHandler.handle(SyncopeSyncResultHandler.java:262)
~[SyncopeSyncResultHandler.class:na]
at
org.apache.syncope.core.propagation.impl.ConnectorFacadeProxy$2.handle(ConnectorFacadeProxy.java:367)
~[ConnectorFacadeProxy$2.class:na]
at
org.identityconnectors.framework.impl.api.StreamHandlerUtil$ObjectStreamHandlerAdapter.handle(StreamHandlerUtil.java:79)
~[connid-framework-internal-1.3.3.jar:na]
at
org.identityconnectors.framework.impl.api.BufferedResultsProxy.invoke(BufferedResultsProxy.java:268)
~[connid-framework-internal-1.3.3.jar:na]
at
org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:102)
~[connid-framework-internal-1.3.3.jar:na]
at com.sun.proxy.$Proxy182.search(Unknown Source) [na:na]
at sun.reflect.GeneratedMethodAccessor730.invoke(Unknown Source)
~[na:na]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.7.0_19]
at java.lang.reflect.Method.invoke(Method.java:601) ~[na:1.7.0_19]
at
org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:76)
~[connid-framework-internal-1.3.3.jar:na]
at com.sun.proxy.$Proxy182.search(Unknown Source) [na:na]
at
org.identityconnectors.framework.impl.api.AbstractConnectorFacade.search(AbstractConnectorFacade.java:142)
[connid-framework-internal-1.3.3.jar:na]
at
org.apache.syncope.core.propagation.impl.ConnectorFacadeProxy.search(ConnectorFacadeProxy.java:492)
[ConnectorFacadeProxy.class:na]
at
org.apache.syncope.core.propagation.impl.ConnectorFacadeProxy.getAllObjects(ConnectorFacadeProxy.java:357)
[ConnectorFacadeProxy.class:na]
at
org.apache.syncope.core.sync.impl.SyncJob.executeWithSecurityContext(SyncJob.java:401)
[SyncJob.class:na]
at
org.apache.syncope.core.sync.impl.SyncJob.doExecute(SyncJob.java:341)
[SyncJob.class:na]
at
org.apache.syncope.core.quartz.AbstractTaskJob.execute(AbstractTaskJob.java:104)
[AbstractTaskJob.class:na]
at org.quartz.core.JobRunShell.run(JobRunShell.java:213)
[quartz-2.1.7.jar:na]
at
org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:557)
[quartz-2.1.7.jar:na]
Any clues on how to proceed on getting the synchro/recon feature of
syncope working with OpenDJ?
I attach the content.xml from the setup above which fails.
rgds,
Nik
