Il 04/06/2015 08:07, Suresh ha scritto:
1. Is the base context of the users created offline
"OU=IT_TEST,OU=CBD_TEST,DC=IDMTEST,DC=COM"? Is it the same
provided into the accountLink?
Yes it is the same provided in account link.
1. What is the value for userPrincpalName?
username+'@IDMTEST.COM <mailto:username%[email protected]>' (a derived
attribute). sample user name is "nilesh.patil"
1. What is the value for cn? Is it the same of the user previously
created offline?
firstname + " "+ lastname (a derived attribute). User created offline
in AD and in syncope were just for checking if they are getting
created. Only users created in syncope are in question now for
propagation.
1. Is the username of users created offline the same of the
propagated ones?
Not applicable as all the users created in step1 and step 2 are with
different usernames
OK, let's try to summarize with an example.
1. you create a new user via syncope console without assigning it any
resource
firstname: nilesh
surname: patil
username: nilesh.patil
cn: nilesh patil
userPrincipalName: [email protected]
2. than, you create the following user on AD (offline)
CN=nilesh patil,OU=IT_TEST,OU=CBD_TEST,DC=IDMTEST,DC=COM
objectClass: User
userPrincialName: [email protected]
sAMAccountName: nilesh.patil
....
3. you assign AD resource to the new user via syncope console
At this point an ENTRY_EXISTS exception is raised.
Is it correct? If so the behaviour is really weird.
Maybe your issue is into the connector configuration. Have you given
read capability to AD connector instance?
Best regards,
F.
Regards,
Suresh A
On Wed, Jun 3, 2015 at 1:22 PM, Fabio Martelli
<[email protected] <mailto:[email protected]>> wrote:
Il 03/06/2015 08:14, Suresh ha scritto:
Hi ,
Syncope ver: 1.2.3
AD Conn ver: 1.2.1
Please find attached screenshot for user mapping.
More clarification: for the above statements:
1. Two users with same first name and last name *but different
usernames *created in Syncope successfully.
2. Two users with same first name and last name *but different
usernames*created in AD offline successfully.
3. Try to propagate users created in step 1 into AD - fails.
Fails with error shown in my earlier mail.
Let me know if you need any more information for analysis.
Hi Suresh, just some questions:
1. Is the base context of the users created offline
"OU=IT_TEST,OU=CBD_TEST,DC=IDMTEST,DC=COM"? Is it the same
provided into the accountLink?
2. What is the value for userPrincpalName?
3. What is the value for cn? Is it the same of the user
previously created offline?
4. Is the username of users created offline the same of the
propagated ones?
Please, consider that userPrincipalName has to be unique among the
entire tree.
Best regards,
F.
Regards,
Suresh
On Tue, Jun 2, 2015 at 10:29 PM, Francesco Chicchiriccò
<[email protected] <mailto:[email protected]>> wrote:
On 02/06/2015 09:30, Suresh wrote:
hi,
1. Two users with same first name and last name created in
Syncope successfully.
2. Two users with same first name and last name created in
AD offline successfully.
3. Try to propagate users created in step 1 into AD - fails.
It fails with below error:
javax.naming.NameAlreadyBoundException: [LDAP: error code 68
- 00002071: UpdErr: DSID-03050328, problem 6005
(ENTRY_EXISTS), data 0
�]; remaining name 'cn=user
sha,OU=IT_TEST,OU=CBD_TEST,DC=IDMTEST,DC=COM'
Cause: [LDAP: error code 68 - 00002071: UpdErr:
DSID-03050328, problem 6005 (ENTRY_EXISTS), data 0
Without providing the (user?) mapping, the information above
is quite pointless...
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
<http://people.apache.org/%7Eilgrosso/>
--
Fabio Martelli
Tirasa - Open Source Excellence
http://www.tirasa.net/
Apache Syncope PMC
http://people.apache.org/~fmartelli/
<http://people.apache.org/%7Efmartelli/>
--
Fabio Martelli
Tirasa - Open Source Excellence
http://www.tirasa.net/
Apache Syncope PMC
http://people.apache.org/~fmartelli/
