Hi Fabio,
thank you for your reply :)
Maybe I should try to explain in more detail what I want to Achieve, to avoid
misunderstandings:
+------------------------------------------+
| |
| Syncope +---------------+ |
+--------+
| | | | |
|
| +---->| DB-Resource A |+---->| DB
A |
| | | | | |
|
| +--------------|--+ | | | |
|
| | LDAP Service | | +---------------+ |
+--------+
+---------+ | +--------------|--+ |
| | | | | | |
| Forum | Authentication | | CN=de,CN=co | | |
| +--------------------->| OU=Extern --+ | +---------------+ |
+--------+
| | | | | | | | | |
|
+---------+ | | +---->| DB-Resource B |+---->| DB
B |
| | | | | | |
|
| +-----------------+ | | | |
|
| +---------------+ |
+--------+
+------------------------------------------+
I Have a couple of registered users sparse across multiple postgresql databases.
There are now a couple of applications which these users need access to (i.e. a
forum).
To achieve this I want to setup an LDAP Service for authentication purposes
(read only access).
The user tables in the databases look as follows
+--------------------+
| email | password |
|--------------------|
| ... | ... |
+--------------------+
So according to your help I restarted setting up syncope:
1. Setup a DB Connector for Database A
2. Added a new Resource referencing Connector A called "Users DB A"
3. Created a Mapping for the Resource "Users DB A"
+----------------------------------------------------------------------------------------------------+
| entity | internal mapping types | Internal Attributes | External Attributes
| Mandatory | AccounId |
|--------+------------------------+---------------------+---------------------+-----------+----------|
| user | UserId | - | -
| true | YES |
| | | |
| | |
| user | Password | - | -
| - | - |
| | | |
| | |
| user | UserSchema | email | email
| true | - |
| | | |
| | |
| user | UserSchema | fullname | email
| true | - |
| | | |
| | |
| user | UserSchema | surname | email
| true | - |
| | | |
| | |
+--------+------------------------+---------------------+---------------------+-----------+----------+
4. Add a new LDAP Resource + Account Link
5. Added the sync tasks(this is the point where I'm stuck):
I've setup a task called "sync users A", which for now should do a full
reconciliation of Database A:
+---------------------------------------------+
| | |
| name | sync users A |
| | |
| resource name | Users DB A |
| | |
| action class | Default Sync Action |
| | |
| create new identities | check |
| | |
| updating identities | check |
| | |
| full reconcilliation | check |
| | |
+---------------------------------------------+
Then I edited the user template. To keep it simple all attributes were set to
email
+---------------------------------------------+
| Details Tab |
|---------------------------------------------|
| | |
| Username | email |
| | |
| password | password |
+---------------------------------------------+
| Attributes Tab |
|---------------------------------------------|
| | |
| email | email |
| | |
| fullname | email |
| | |
| surname | email |
| | |
| userId | email |
+---------------------------------------------+
| Resources Tab |
|---------------------------------------------|
| Selected Resources | Users DB A |
+---------------------------------------------+
Unforutunately no users are added during sync. see log:
Users [created/failures]: 0/0 [updated/failures]: 0/0 [deleted/failures]: 0/0
Roles [created/failures]: 0/0 [updated/failures]: 0/0 [deleted/failures]: 0/0
Users created:
Users updated:
Users deleted:
Roles created:
Roles updated:
Roles deleted:
I feel so close to solving this riddle, must be some little detail I'm missing.
Do you see what it could be?
Greetings Carlo
Am 10.06.2013 um 11:05 schrieb Fabio Martelli <[email protected]>:
> Il 10/06/2013 10:25, Giancarlo Dessena ha scritto:
>> So i reduced the default schema to just userid and password to see if it
>> could be a mapping error.
>> unfortunately I still get the errors :/
>>
>> Does anybody have a sample setup for the default standalone schema?
>
> Hi Giancarlo, I cannot understand your scenario.
> Are you trying to synchronize users between sql (postgresql) and ldap?
> May be I'm wrong but It seems that you have specified a single target
> resource to achieve this.
>
> Let me summarize (at high level abstraction) the steps to sync a db resource
> with an ldap resource:
> 1. add and configure your db connector
> 2. add a new resource referencing the connector above
> 3. create your mapping (DO NOT specify any AccountLink)
> 4. add and configure a new ldap connector
> 5. add a new resource referencing the ldap connector above
> 6. create your ldap mapping and specify the account link
>
> If you want to sync from resource A and propagate synced users on B you have
> to change the configuration of the A's user template by specifying B as the
> resource to be assigned by default to each synced user (resource tab of A's
> user template).
>
> If you want to sync from a DB resource you need a changelog column on your db.
> If you don't have any changelog column you cannot perform an incremental sync
> but just a full reconciliation (configure it on resource configuration).
> Please, consider that a full reconciliation won't synchronize delete
> operations.
>
> Go on step-by-step and let me know about your progress.
>
> Best regards,
> F.
>>
>> Greetings Carlo
>>
>> Am 07.06.2013 um 18:50 schrieb Giancarlo Dessena
>> <[email protected]>:
>>
>>> Okay did some research myself,
>>> I'm pretty sure that I'm just missing a little detail.
>>> I tried experimenting with trying to execute the propagation and
>>> synchronization tasks
>>> When I try to run the Propagation Task i got the following exception:
>>> org.identityconnectors.framework.common.exceptions.ConnectorException:
>>> Creation failed
>>>
>>> When I try to synchronize i get the following exception
>>> org.quartz.JobExecutionException: While syncing on connector [See nested
>>> exception: java.lang.IllegalArgumentException: Changelog column name
>>> configuration property is empty.]
>>>
>>>
>>> Some additional info to my setup:
>>> The connector I have configured connects against a postgresql database.
>>> The resource has been tried out with the action Classes
>>> DefaultPropagationAction and LDAPMembershipPropagationActions.
>>> I tried Setting and unsetting the account link to a custom OU.
>>> None of the above configuration changes got me near to populating the LDAP
>>> with the users from the database.
>>> I should point out that, besides adding the Connector and the Resource, no
>>> changes where made to the default setup of the Standalone package.
>>>
>>> I'm wondering if I'm missing some vital detail of the Syncope concept. When
>>> adding an external resource can I really expect it to be populated to the
>>> LDAP shipped within the default package?
>>>
>>> I'm totally lost here some hints would be nice
>>>
>>> Thank you
>>>
>>>
>>> Carlo :)
>>>
>>>
>>> Am 07.06.2013 um 14:09 schrieb Giancarlo Dessena
>>> <[email protected]>:
>>>
>>>> Hello everybody,
>>>>
>>>> I have to anticipate that I'm pretty new to LDAP and Syncope,
>>>> so please forgive me if I'm not using the right wording and/or have
>>>> misunderstood some of the concepts.
>>>>
>>>> Now to my problem:
>>>> I have an external database, which contains users that have to be
>>>> integrated into LDAP.
>>>> To do achieve this i have downloaded the the Syncope standalone package.
>>>> I have already setup a DB Connector which seems to work fine.
>>>> In the next step I have setup a resource that uses the previously defined
>>>> connector.
>>>> In User mapping i have set the Account link to 'uid=' + username +
>>>> ',ou=people,o=bk'
>>>> but when reloading the ldap tree the resource does not appear.
>>>>
>>>> Any suggestions what is going wrong here?
>>>>
>>>>
>>>> Greetings Carlo
>>>
>>
>
