Hi!
Quoting Francesco Chicchiriccò <[email protected]>:
On 02/01/2014 12:18, Timo Hatakka wrote:
Hi!
two questions about .NET AD connectivity:
Hi Timo,
FYI, the ConnId project provides the .NET connector server and
bundles only for archiving purposes.
The whole development effort there is devoted to Java.
For this reason, for usage with Syncope I would strongly suggest to
move to Active Directory (JNDI) connector [1] and Java connector
server [2].
I have done the following things:
* installed connector server (MSI&ZIP files) to active directory
windows gateway host
* configured a connid location to syncope
* created a new connector and resource
* configured user mapping as follows
- USER / Username : accountId : BOTH
- USER / Username : cn : PROPAGATION
- USER / Username : sAMAccountName : PROPAGATION
- USER UserSchema / firstname : givenName : BOTH
- USER UserSchema / surname : givenName : BOTH
AccountLink: 'CN=' + username + ',OU=USR2,DC=TEST...
1) Something is missing in the configuration because:
If I create a user and add AD resource, AD account is created as
supposed, but when I open user AccountLink is missing and AD data
cannot be viewed.
core-connid.log shows:
12:40:34.571 DEBUG
org.identityconnectors.framework.api.operations.GetApiOp.getObject
Enter: getObject(ObjectClass: __ACCOUNT__, Attribute:
{Name=__UID__, Value=[late]}, OperationOptions:
{ATTRS_TO_GET:[userPrincipalName,sn,cn,sAMAccountName,__UID__,__NAME__,givenName,__ENABLE__]})
12:40:34.588 DEBUG
org.identityconnectors.framework.api.operations.GetApiOp.getObject
Return: null
But if I create a new user to AD and synchronize user from AD to
syncope a new user is created and named based on objectGUID. This
time core-connid.log has lines:
12:42:32.812 DEBUG
org.identityconnectors.framework.api.operations.GetApiOp.getObject
Enter: getObject(ObjectClass: __ACCOUNT__, Attribute:
{Name=__UID__, Value=[<GUID=c907f229aed3f1478a640f941c7ea3bd>]},
OperationOptions:
{ATTRS_TO_GET:[userPrincipalName,sn,cn,sAMAccountName,__UID__,__NAME__,givenName,__ENABLE__]})
12:42:32.837 DEBUG
org.identityconnectors.framework.api.operations.GetApiOp.getObject
Return: {Name=Attribute: {Name=__NAME__, Value=[CN=....
Can somebody help, what is wrong?
I still made some more investigations with .NET connector.
When an AD user account is created connid returns the objectGUID:
13:45:02.154 DEBUG
org.identityconnectors.framework.api.operations.CreateApiOp.create
Enter: create(ObjectClass: __ACCOUNT__, [Attribute: {Name=givenName,
Value=[Pirkko]}, Attribute: {Name=__NAME__, Value=[CN=pike,OU=...]},
Attribute: {Name=sn, Value=[Nallenen]}, Attribute: {Name=__ENABLE__,
Value=[true]}, Attribute: {Name=sAMAccountName, Value=[pike]}], null)
13:45:02.278 DEBUG
org.identityconnectors.framework.api.operations.CreateApiOp.create
Return: Attribute: {Name=__UID__,
Value=[<GUID=4a65c38374c34b4c8aee0eaed7696697>]}
This returned value should be saved to user data and it is not. Is it so?
Something to do with
http://blog.tirasa.net/blogs/index.php/wiseit/manage-external-resource-provisioning-directly ? Some kind of account link should be used in this
case.
Openicf support is mentioned in roadmap. Are they also moving to JNDI?
Unfortunately I don't have any grasp in the .NET connectors nor I
think there is any chance to fix any possible bug found there.
2) How one can add a new connid location
(https://cwiki.apache.org/confluence/display/SYNCOPE/Configure+ConnId+locations) to an already configured system? The only way I managed to add .NET connector server was to rebuild the system and delete old
repository.
The whole idea is to update the connid.properties file in the
deployed web application when such application is initialized.
Synce you have your own Syncope-based overlay project, making
modifications in such project, rebuilding and redeploying is the
expected way to work.
Syncope version is 1.1.4-snapshot
Any reason not to switch to latest 1.1.5 (stable) or 1.1.6-SNAPSHOT
(development)?
Not really.
Regards.
[1] https://connid.atlassian.net/wiki/pages/viewpage.action?pageId=360482
[2]
http://blog.tirasa.net/blogs/index.php/coffeetime/install-connid-connector-server-as-a-service
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/
