Fabio Martelli wrote
> Il 23/07/2015 08:20, Siyanat ha scritto:
>> Hi Fabio
>> Fabio Martelli wrote
>>> Il 22/07/2015 12:25, Siyanatullah Khan ha scritto:
>>>>
>>>> Hi All ,
>>>>
>>>> I am trying to connect the apache syncope with apache DS but my
>>>> synchronizations have failed so far.
>>>> I have posted a detailed query here
>>>> Cannot Connect Syncope with Apache DS
>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>>
>>>> image
>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Cannot Connect Syncope with Apache DS
>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>>
>>>> I am facing an error while trying to add an apache DS backend to
>>>> apache syncope. Environment Apache DS v 2.00-M20 Apache syncope v
>>>> 1.2.4 OS Windows 7 64 bit I ...
>>>>
>>>> View on stackoverflow.com
>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>>
>>>> Preview by Yahoo
>>>>
>>>>
>>>> I will be extremely obliged if anyone can point me to the right
>>>> direction.
>>>>
>>>> Thanks
>>>> Siyanat
>>>>
>>>>
>>> Hi Siyanat,
>>>
>>> 1. set ONE-PHASE propagation mode
>>> 2. specify JEXL expression for the accountLink into user mapping page
>>> 3. take [1] as reference guide
>>>
>>> Best regards,
>>> F.
>>>
>>> [1] http://blog.tirasa.net/unlock-full-ldap-features-in
>>>
>> Hi Fabio,
>> Thanks for your reply.
>> This is what I have tried.
>>
>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/link-map.png>
>>
>> I have not done in any role mapping as I am not sure about the values to
>> put
>> here.
>>
>> Here is my user schema
>>
>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/schema.png>
>>
>>
>> One Phase changes
>>
>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/JEXL.png>
>>
>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/connector-details.png>
>>
>> Still I am getting this error
>>
>> JobExecutionException: While syncing on connector
>> org.quartz.JobExecutionException: While syncing on connector [See nested
>> exception:
>> org.identityconnectors.framework.common.exceptions.ConnectorException:
>> javax.naming.NamingException: [LDAP: error code 36 -
>> ALIAS_DEREFERENCING_PROBLEM: failed for MessageType : SEARCH_REQUEST
>> Message ID : 25
>> SearchRequest
>> baseDn : 'o=sevenseas'
>> filter :
>> '(&(&(objectClass=inetorgperson:[11])(objectClass=top))(cn=*:[∞]))'
>> scope : whole subtree
>> typesOnly : false
>> Size Limit : no limit
>> Time Limit : no limit
>> Deref Aliases : deref Always
>> attributes : 'cn', 'sn', 'uid', 'userPassword'
>> org.apache.directory.api.ldap.model.message.SearchRequestImpl@28149cc3
>> Virtual List View Request Control
>> oid : 2.16.840.1.113730.3.4.9
>> critical : true
>> beforeCount : '0'
>> afterCount : '99'
>> target :
>> offset : '1'
>> contentCount : '0'
>> SortRequestControlImpl [sortKeys=[SortKey : [uid]]]: java.io.IOException:
>> The system cannot find the path specified]; remaining name 'o=sevenseas']
>> at
>> org.apache.syncope.core.sync.impl.SyncJob.executeWithSecurityContext(SyncJob.java:184)
>> at
>> org.apache.syncope.core.sync.impl.SyncJob.executeWithSecurityContext(SyncJob.java:55)
>> at
>> org.apache.syncope.core.sync.impl.AbstractSyncJob.doExecute(AbstractSyncJob.java:382)
>> at
>> org.apache.syncope.core.quartz.AbstractTaskJob.execute(AbstractTaskJob.java:125)
>> at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
>> at
>> org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
>>
>> Thanks
>> Siyanat
>>
>> --
>> View this message in context:
>> http://syncope-user.1051894.n5.nabble.com/Issues-connecting-apache-syncope-with-apache-DS-tp5708095p5708097.html
>> Sent from the syncope-user mailing list archive at Nabble.com.
>
> Hi Sijanat,
> looking at [1] it seems that you can have some trouble with acces rigth
> read permission.
>
> 36 LDAP_ALIAS_DEREF_PROBLEM Indicates that during a search
> operation,
> either the client does not have access rights to read the aliased
> object's name or dereferencing is not allowed.
>
>
> Please, try out an ldapsearch by using credentials specified in your
> configuration.
> Probably your flag is something like as "-a always".
>
> Kind regards,
> F.
>
> [1] http://wiki.servicenow.com/index.php?title=LDAP_Error_Codes#gsc.tab=0
>
> --
> Fabio Martelli
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Apache Syncope PMC
> http://people.apache.org/~fmartelli/
Hi Fabio,
Thanks for your input. I have tried an ldap search from command line with
the defined credentials , it is working fine.
C:\Users\esiykha\Projects\SFTP\Software\unboundid-ldapsdk-2.3.8-se\tools>ldapsea
rch --hostname "localhost" --port 10389 --bindDN "uid=admin,ou=system"
--bindPas
sword "secret" --baseDN "o=sevenseas" --scope "sub" "(uid=cbuckley)"
# Connected to localhost:10389
dn: cn=Cornelius Buckley,ou=people,o=sevenseas
uid: cbuckley
description: LM Cornelius Buckley
userPassword: {SHA}nU4eI71bcnBGqeO0t9tXvY1u5oQ=
givenname: Cornelius
objectclass: organizationalPerson
objectclass: person
objectclass: inetOrgPerson
objectclass: top
cn: Cornelius Buckley
sn: Buckley
mail: [email protected]
manager: cn=Horatio Nelson,ou=people,o=sevenSeas
# The search operation was processed successfully.
# Entries returned: 1
# References returned: 0
# Disconnected from the server
C:\Users\esiykha\Projects\SFTP\Software\unboundid-ldapsdk-2.3.8-se\tools>
--
View this message in context:
http://syncope-user.1051894.n5.nabble.com/Issues-connecting-apache-syncope-with-apache-DS-tp5708095p5708100.html
Sent from the syncope-user mailing list archive at Nabble.com.
