Il 27/03/2014 18:55, Mirko Signoretto ha scritto:
Hello,
I have a problem managing the AD primary group. I have mapped for the
AD resource connector the "ldapgroups" attribute and I'm able to
provision group memberships correctly in AD.
The default AD primary group is "Domain Users".
But if I change the user primary group directly in AD, setting as
primary group a Syncope provisioned group, I obtain a propagation error.
18:42:15.717 DEBUG
org.identityconnectors.framework.api.operations.UpdateApiOp.update
Exception:
org.identityconnectors.framework.common.exceptions.ConnectorException:
javax.naming.NameAlreadyBoundException: [LDAP: error code 68 -
00000528: UpdErr: DSID-031A0F4F, problem 6005 (ENTRY_EXISTS), data 0
]; remaining name 'CN=SyncopeUsers,OU=Syncope,OU=Groups,dc=wip,dc=lab'
How Syncope AD connector treat the primary group? It seems that I
cannot overwrite the primary group.
Hi Mirko, it seems that currently AD (JNDI) Connector doesn't take care
of user primary groups.
I do think that this is an AD connector bug to be fixed asap: just
opened issue AD-29 [1].
Thank you for your contribution.
Best regards,
F.
[1] https://connid.atlassian.net/browse/AD-29
--
Fabio Martelli
Tirasa - Open Source Excellence
http://www.tirasa.net/
Apache Syncope PMC
http://people.apache.org/~fmartelli/
