Hello Ilgrosso, > > Hi, > if you are interested in ConnId LDAP connector internals, I'd suggest > to > subscribe [hidden email] and move this discussion there.
Ok I will consider that. Thanks > > From the log below I see that the search is being performed with > filter > (besides object classes): > > (&&(cn=guus)(uid=*)) > > which looks correct, e.g. searching for any user with any value for > uid > and 'guus' as cn. > > AFAIK there is no need to have LDAP cn == Syncope username - I'd > recommend it, though. I was using cn as stated in RFC2256 which is 'gn + sn'. Therefore i had a manual usermapping for cn. This was a derived attribute from Syncope 'givenName + " " + surName' to cn (cn=Guus Geluk) The Syncope configuration then still tries to search with cn == Syncope username (cn=guus) In that case it won't find any users when searching for cn == 'Syncope username' (unless I use 'Guus Geluk' as username ofcourse) After removing the usermapping for cn and started using the cn attribute as stated in your documentation the configurations works as expected ofcourse > > As recently remembered in this mailing list [1], the 'membership' > concept is not handled by ConnId, so you need some additional setup > in > Syncope to keep memberships when propagating and / or synchronizing. > > In case of LDAP you need to: > > 1. choose > org.apache.syncope.core.propagation.impl.LDAPMembershipPropagationActions > as > Actions Class in the External Resource configuration > > 2. choose org.apache.syncope.core.sync.impl.LDAPMembershipSyncActions > as Actions Class in the Synchronization Task configuration > > These steps are illustrated in the suggested LDAP configuration of my > post [2] where, however, I'm using a single resource for either users > and roles. > The configuration suggested in that post has been checked and proven > working, so it should be a good starting base. Thanks for explaining everything in detail. Point 1 and 2 were already correctly configured, it was purely the "cn" problem. My LDAP connection works like a charm now. Kind regards, Jeffrey Everling ----- Kind Regards, Jeffrey Everling Your friendly neighborhood IT guy -- View this message in context: http://syncope-user.1051894.n5.nabble.com/ConnId-LDAP-searches-for-uid-in-groupOfUniqueNames-tp5707398p5707447.html Sent from the syncope-user mailing list archive at Nabble.com.
