Re: Issues connecting apache syncope with apache DS.

Mon, 27 Jul 2015 00:35:07 -0700 

Il 27/07/2015 09:21, Siyanat ha scritto:

Fabio Martelli wrote

Il 23/07/2015 08:20, Siyanat ha scritto:

Hi Fabio
Fabio Martelli wrote

Il 22/07/2015 12:25, Siyanatullah Khan ha scritto:

Hi All ,

I am trying to connect the apache syncope with apache DS but my
synchronizations have failed so far.
I have posted a detailed query here
Cannot Connect Syncope with Apache DS
<http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
        
image
<http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
        
        
        
        
        
Cannot Connect Syncope with Apache DS
<http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>

I am facing an error while trying to add an apache DS backend to
apache syncope. Environment Apache DS v 2.00-M20 Apache syncope v
1.2.4 OS Windows 7 64 bit I ...

View on stackoverflow.com
<http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
        
Preview by Yahoo


I will be extremely obliged if anyone can point me to the right
   direction.

Thanks
Siyanat



Hi Siyanat,

   1. set ONE-PHASE propagation mode
   2. specify JEXL expression for the accountLink into user mapping page
   3. take  [1] as reference guide

Best regards,
F.

[1] http://blog.tirasa.net/unlock-full-ldap-features-in


Hi Fabio,
Thanks for your reply.
This is what I have tried.

<http://syncope-user.1051894.n5.nabble.com/file/n5708097/link-map.png>

I have not done in any role mapping as I am not sure about the values to
put
here.

Here is my user schema

<http://syncope-user.1051894.n5.nabble.com/file/n5708097/schema.png>


One Phase changes

<http://syncope-user.1051894.n5.nabble.com/file/n5708097/JEXL.png>

<http://syncope-user.1051894.n5.nabble.com/file/n5708097/connector-details.png>

Still I am getting this error

JobExecutionException: While syncing on connector
org.quartz.JobExecutionException: While syncing on connector [See nested
exception:
org.identityconnectors.framework.common.exceptions.ConnectorException:
javax.naming.NamingException: [LDAP: error code 36 -
ALIAS_DEREFERENCING_PROBLEM: failed for MessageType : SEARCH_REQUEST
Message ID : 25
      SearchRequest
          baseDn : 'o=sevenseas'
          filter :
'(&(&(objectClass=inetorgperson:[11])(objectClass=top))(cn=*:[∞]))'
          scope : whole subtree
          typesOnly : false
          Size Limit : no limit
          Time Limit : no limit
          Deref Aliases : deref Always
          attributes : 'cn', 'sn', 'uid', 'userPassword'
org.apache.directory.api.ldap.model.message.SearchRequestImpl@28149cc3
Virtual List View Request Control
          oid : 2.16.840.1.113730.3.4.9
          critical : true
          beforeCount   : '0'
          afterCount   : '99'
          target :
              offset   : '1'
              contentCount   : '0'
SortRequestControlImpl [sortKeys=[SortKey : [uid]]]: java.io.IOException:
The system cannot find the path specified]; remaining name 'o=sevenseas']
        at
org.apache.syncope.core.sync.impl.SyncJob.executeWithSecurityContext(SyncJob.java:184)
        at
org.apache.syncope.core.sync.impl.SyncJob.executeWithSecurityContext(SyncJob.java:55)
        at
org.apache.syncope.core.sync.impl.AbstractSyncJob.doExecute(AbstractSyncJob.java:382)
        at
org.apache.syncope.core.quartz.AbstractTaskJob.execute(AbstractTaskJob.java:125)
        at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
        at
org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)

Thanks
Siyanat

--
View this message in context:
http://syncope-user.1051894.n5.nabble.com/Issues-connecting-apache-syncope-with-apache-DS-tp5708095p5708097.html
Sent from the syncope-user mailing list archive at Nabble.com.

Hi Sijanat,
looking at [1] it seems that you can have some trouble with acces rigth
read permission.

36      LDAP_ALIAS_DEREF_PROBLEM        Indicates that during a search 
operation,
either the client does not have access rights to read the aliased
object's name or dereferencing is not allowed.


Please, try out an ldapsearch by using credentials specified in your
configuration.
Probably your flag is something like as "-a always".

Kind regards,
F.

[1] http://wiki.servicenow.com/index.php?title=LDAP_Error_Codes#gsc.tab=0

--
Fabio Martelli

Tirasa - Open Source Excellence
http://www.tirasa.net/

Apache Syncope PMC
http://people.apache.org/~fmartelli/

Hi Fabio,

Thanks for your input. I have tried an ldap search from command line with
the defined credentials , it is working fine.


C:\Users\esiykha\Projects\SFTP\Software\unboundid-ldapsdk-2.3.8-se\tools>ldapsea
rch --hostname "localhost" --port 10389 --bindDN "uid=admin,ou=system"
--bindPas
sword "secret" --baseDN "o=sevenseas" --scope "sub" "(uid=cbuckley)"


# Connected to localhost:10389
dn: cn=Cornelius Buckley,ou=people,o=sevenseas
uid: cbuckley
description: LM Cornelius Buckley
userPassword: {SHA}nU4eI71bcnBGqeO0t9tXvY1u5oQ=
givenname: Cornelius
objectclass: organizationalPerson
objectclass: person
objectclass: inetOrgPerson
objectclass: top
cn: Cornelius Buckley
sn: Buckley
mail: [email protected]
manager: cn=Horatio Nelson,ou=people,o=sevenSeas

# The search operation was processed successfully.
# Entries returned:  1
# References returned:  0

# Disconnected from the server

Hi, thank you for your feedback.
BTW, please, try to dereference aliases.

Probably your flag is something like as "-a always".

Regards,
F.

--
Fabio Martelli

Tirasa - Open Source Excellence
http://www.tirasa.net/

Apache Syncope PMC
http://people.apache.org/~fmartelli/

Reply via email to