Re: User propagation with LDAP

Fri, 31 Oct 2014 07:54:06 -0700 

Hi Oliver,
don't know if you eventually made it.
I see from screenshots that you are using Syncope 1.1.X - have you checked this (quite old but still valid) post of mine [1]? 


FYI I tried to perform the steps you report below in embedded mode both 
with 1_1_X and 1_2_X and everything went out smoothly.


HTH
Regards.

[1] http://blog.tirasa.net/unlock-full-ldap-features-in.html

On 23/10/2014 13:33, Oliver Wulff wrote:

Hi Fabio


If the user mapping is incorrect it shouldn't work as well if I do the 
following:

1) Create User
2) Enter username/password
3) Set attributes
4) Set virtual attributes
5) Assign LDAP Resource
6) Save


If I follow these steps it works ginr. If I don't do step 5 and try to 
assign the LDAP Resource after the user has been saved, it fails.


Thanks
Oli

------

Oliver Wulff

Blog: http://owulff.blogspot.com <http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com

Talend Application Integration Division http://www.talend.com

------------------------------------------------------------------------
*From:* Fabio Martelli [[email protected]]
*Sent:* 22 October 2014 20:46
*To:* [email protected]
*Subject:* Re: User propagation with LDAP

Il 22/10/2014 20:40, Oliver Wulff ha scritto:

Hi Fabio


I've changed it to ONE_PHASE and run the same test again. First 
create and save the user without adding the resource. Later, I add 
the resource. Propagation is successful. When I then click "Edit", I 
get the same red exclamation mark and I can't make any changes to the 
user anymore:


[LDAP: error code 68 - ENTRY_ALREADY_EXISTS: failed for MessageType : 
ADD_REQUEST
Message ID : 292
     Add Request :
Entry
     dn[n]: uid=test4,ou=users,dc=fediz,dc=org
     objectClass: inetOrgPerson
     objectClass: organizationalPerson
     objectClass: person
     objectClass: top
     uid: test4
     mail:[email protected]
     sn: asfasdf
     cn: asdfasd4 asfasdf
     description: Active
     givenName: asdfasd4
: ERR_250_ENTRY_ALREADY_EXISTS uid=test4,ou=users,dc=fediz,dc=org already 
exists!]

Hi Oliver, bad mapping probably.

Could you provide screenshot or details about user mapping in resource 
configuration?


Regards,
F.

Thanks
Oli


------

Oliver Wulff

Blog: http://owulff.blogspot.com <http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com

Talend Application Integration Division http://www.talend.com

------------------------------------------------------------------------
*From:* Fabio Martelli [[email protected]]
*Sent:* 22 October 2014 15:50
*To:* [email protected]
*Subject:* Re: User propagation with LDAP

Il 22/10/2014 15:25, Oliver Wulff ha scritto:

Hi Fabio


Thanks for the feedback. It's indeed a two phase resource but it's 
not  clear to me what two phase really means and what the relation 
is with the behaviour I discovered.

Hi Oliver, a two_phase resource implement asynchronous provisioning.

Steps:
1. resource accept the provisioning request and return
2. resource process provisioning request

3. resource call back (on a specific rest service) syncope to notify 
completion and result


Regards,
F.


The documentation says:

*Propagation mode*
Type of propagation that are supported by the resource.

ONE_PHASE: propagation towards the external resource is closed at 
request time.
TWO_PHASE: propagation towards the external resource is closed in 
two steps.
step 1 - Syncope submit the propagation request to the external 
resource.
step 2 - external resource send a notification about the propagation 
execution's result to Syncope



The propagation happened to the LDAP directory (by checking with 
LDAP client) but I can't do any changes for the user in Syncope. Is 
this due to the missing notification (what kind of notification is 
that for LDAP)?



Why does it work with a TWO_PHASE resource if you add the Resource 
at the time when you create the user but before hitting save.


Thanks a lot for clarification
Oli

------------------------------------------------------------------------
*From:* Fabio Martelli [[email protected]]
*Sent:* 22 October 2014 11:10
*To:* [email protected]
*Subject:* Re: User propagation with LDAP

Il 22/10/2014 10:53, Oliver Wulff ha scritto:

Hi there


I came across the following issue which I don't know whether it's 
intended or not. When I create a user in syncope but don't add the 
LDAP resource initially (before clicking save) the user is created 
internally. When I add the resource later, the status for the LDAP 
resource is "Submitted". When I then check the status of the user 
again (By editing the user), there is a red exclamation mark.



In the Propagation Tasks list the status is SUBMITTED and the user 
is propagated to the LDAP directory. But every update I do for this 
user fails.


[LDAP: error code 68 - ENTRY_ALREADY_EXISTS: failed for MessageType : 
ADD_REQUEST
Message ID : 216
     Add Request :
Entry
     dn[n]: uid=test3,ou=users,dc=fediz,dc=org
     objectClass: inetOrgPerson
     objectClass: organizationalPerson
     objectClass: person
     objectClass: top
     uid: test3
     mail:[email protected]
     sn: test2
     cn: test1 test2
     description: Active
     givenName: test1
: ERR_250_ENTRY_ALREADY_EXISTS uid=test3,ou=users,dc=fediz,dc=org already 
exists!]


I'm wondering why initially the status is SUBMITTED in the 
propagations tasks list but when I check the status when editing 
the user, I got the red exclamation mark.




Hi Oliver, probably you have configured a "two_phase" resource.
Please, check again resource configuration.

Best regards,
F


--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/























					Reply via email to