Fabio Martelli wrote > Il 27/07/2015 09:21, Siyanat ha scritto: >> Fabio Martelli wrote >>> Il 23/07/2015 08:20, Siyanat ha scritto: >>>> Hi Fabio >>>> Fabio Martelli wrote >>>>> Il 22/07/2015 12:25, Siyanatullah Khan ha scritto: >>>>>> Hi All , >>>>>> >>>>>> I am trying to connect the apache syncope with apache DS but my >>>>>> synchronizations have failed so far. >>>>>> I have posted a detailed query here >>>>>> Cannot Connect Syncope with Apache DS >>>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds> >>>>>> >>>>>> image >>>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Cannot Connect Syncope with Apache DS >>>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds> >>>>>> >>>>>> I am facing an error while trying to add an apache DS backend to >>>>>> apache syncope. Environment Apache DS v 2.00-M20 Apache syncope v >>>>>> 1.2.4 OS Windows 7 64 bit I ... >>>>>> >>>>>> View on stackoverflow.com >>>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds> >>>>>> >>>>>> Preview by Yahoo >>>>>> >>>>>> >>>>>> I will be extremely obliged if anyone can point me to the right >>>>>> direction. >>>>>> >>>>>> Thanks >>>>>> Siyanat >>>>>> >>>>>> >>>>> Hi Siyanat, >>>>> >>>>> 1. set ONE-PHASE propagation mode >>>>> 2. specify JEXL expression for the accountLink into user mapping >>>>> page >>>>> 3. take [1] as reference guide >>>>> >>>>> Best regards, >>>>> F. >>>>> >>>>> [1] http://blog.tirasa.net/unlock-full-ldap-features-in >>>>> >>>> Hi Fabio, >>>> Thanks for your reply. >>>> This is what I have tried. >>>> >>>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/link-map.png> >>>> >>>> I have not done in any role mapping as I am not sure about the values >>>> to >>>> put >>>> here. >>>> >>>> Here is my user schema >>>> >>>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/schema.png> >>>> >>>> >>>> One Phase changes >>>> >>>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/JEXL.png> >>>> >>>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/connector-details.png> >>>> >>>> Still I am getting this error >>>> >>>> JobExecutionException: While syncing on connector >>>> org.quartz.JobExecutionException: While syncing on connector [See >>>> nested >>>> exception: >>>> org.identityconnectors.framework.common.exceptions.ConnectorException: >>>> javax.naming.NamingException: [LDAP: error code 36 - >>>> ALIAS_DEREFERENCING_PROBLEM: failed for MessageType : SEARCH_REQUEST >>>> Message ID : 25 >>>> SearchRequest >>>> baseDn : 'o=sevenseas' >>>> filter : >>>> '(&(&(objectClass=inetorgperson:[11])(objectClass=top))(cn=*:[∞]))' >>>> scope : whole subtree >>>> typesOnly : false >>>> Size Limit : no limit >>>> Time Limit : no limit >>>> Deref Aliases : deref Always >>>> attributes : 'cn', 'sn', 'uid', 'userPassword' >>>> org.apache.directory.api.ldap.model.message.SearchRequestImpl@28149cc3 >>>> Virtual List View Request Control >>>> oid : 2.16.840.1.113730.3.4.9 >>>> critical : true >>>> beforeCount : '0' >>>> afterCount : '99' >>>> target : >>>> offset : '1' >>>> contentCount : '0' >>>> SortRequestControlImpl [sortKeys=[SortKey : [uid]]]: >>>> java.io.IOException: >>>> The system cannot find the path specified]; remaining name >>>> 'o=sevenseas'] >>>> at >>>> org.apache.syncope.core.sync.impl.SyncJob.executeWithSecurityContext(SyncJob.java:184) >>>> at >>>> org.apache.syncope.core.sync.impl.SyncJob.executeWithSecurityContext(SyncJob.java:55) >>>> at >>>> org.apache.syncope.core.sync.impl.AbstractSyncJob.doExecute(AbstractSyncJob.java:382) >>>> at >>>> org.apache.syncope.core.quartz.AbstractTaskJob.execute(AbstractTaskJob.java:125) >>>> at org.quartz.core.JobRunShell.run(JobRunShell.java:202) >>>> at >>>> org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) >>>> >>>> Thanks >>>> Siyanat >>>> >>>> -- >>>> View this message in context: >>>> http://syncope-user.1051894.n5.nabble.com/Issues-connecting-apache-syncope-with-apache-DS-tp5708095p5708097.html >>>> Sent from the syncope-user mailing list archive at Nabble.com. >>> Hi Sijanat, >>> looking at [1] it seems that you can have some trouble with acces rigth >>> read permission. >>> >>> 36 LDAP_ALIAS_DEREF_PROBLEM Indicates that during a search >>> operation, >>> either the client does not have access rights to read the aliased >>> object's name or dereferencing is not allowed. >>> >>> >>> Please, try out an ldapsearch by using credentials specified in your >>> configuration. >>> Probably your flag is something like as "-a always". >>> >>> Kind regards, >>> F. >>> >>> [1] >>> http://wiki.servicenow.com/index.php?title=LDAP_Error_Codes#gsc.tab=0 >>> >>> -- >>> Fabio Martelli >>> >>> Tirasa - Open Source Excellence >>> http://www.tirasa.net/ >>> >>> Apache Syncope PMC >>> http://people.apache.org/~fmartelli/ >> Hi Fabio, >> >> Thanks for your input. I have tried an ldap search from command line with >> the defined credentials , it is working fine. >> >> >> C:\Users\esiykha\Projects\SFTP\Software\unboundid-ldapsdk-2.3.8-se\tools>ldapsea >> rch --hostname "localhost" --port 10389 --bindDN "uid=admin,ou=system" >> --bindPas >> sword "secret" --baseDN "o=sevenseas" --scope "sub" "(uid=cbuckley)" >> >> >> # Connected to localhost:10389 >> dn: cn=Cornelius Buckley,ou=people,o=sevenseas >> uid: cbuckley >> description: LM Cornelius Buckley >> userPassword: {SHA}nU4eI71bcnBGqeO0t9tXvY1u5oQ= >> givenname: Cornelius >> objectclass: organizationalPerson >> objectclass: person >> objectclass: inetOrgPerson >> objectclass: top >> cn: Cornelius Buckley >> sn: Buckley >> mail:
> [email protected] >> manager: cn=Horatio Nelson,ou=people,o=sevenSeas >> >> # The search operation was processed successfully. >> # Entries returned: 1 >> # References returned: 0 >> >> # Disconnected from the server > Hi, thank you for your feedback. > BTW, please, try to dereference aliases. >> Probably your flag is something like as "-a always". > Regards, > F. > > -- > Fabio Martelli > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Apache Syncope PMC > http://people.apache.org/~fmartelli/ Hi Fabio , Thank you for the update. There was no de-referencing option in unbound SDK so i downloaded openLDAP for windows and tried the de referencing option from there , this is working as expected C:\Users\esiykha>ldapsearch -h localhost -p 10389 -b o=sevenseas -D uid=admin,ou =system -w secret -a always "(uid=hnelson)" # extended LDIF # # LDAPv3 # base <o=sevenseas> with scope subtree # filter: (uid=hnelson) # requesting: ALL # # Horatio Nelson, people, sevenseas dn: cn=Horatio Nelson,ou=people,o=sevenseas description: Lord Horatio Nelson uid: hnelson userPassword:: e1NIQX1uVTRlSTcxYmNuQkdxZU8wdDl0WHZZMXU1b1E9 givenname: Horatio objectclass: organizationalPerson objectclass: person objectclass: inetOrgPerson objectclass: top cn: Horatio Nelson sn: Nelson mail: [email protected] # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 -- View this message in context: http://syncope-user.1051894.n5.nabble.com/Issues-connecting-apache-syncope-with-apache-DS-tp5708095p5708103.html Sent from the syncope-user mailing list archive at Nabble.com.
