Append:
I found the problem, I search the log file on DEBUG information.
I use 'uid' as users attribute, so I have to configure Uid Attribute = uid
in Connector.
Now, I have new problem which can not DELETE Role. I got the DEBUG log
below, I think I know which the problem, the syncope search the group by
'uid', but My groups name identified by 'cn', that's why syncope can not
find the group. Any one can tell me where to change the group search by
'cn' instead of 'uid'.
Searching in [ou=users,dc=test,dc=com, ou=groups,dc=test,dc=com] with
filter (&(&(objectClass=top)(objectClass=groupOfUniqueNames))(uid=ADMIN))
01:01:02.080 DEBUG Enter: getObject(ObjectClass: __GROUP__, Attribute:
{Name=__UID__, Value=[ADMIN]}, OperationOptions:
{ATTRS_TO_GET:[cn,__UID__,__NAME__,__ENABLE__]}) Method: getObject
01:01:02.083 DEBUG Enter: executeQuery(ObjectClass: __GROUP__,
LdapFilter[nativeFilter: (uid=ADMIN); entryDN: null],
org.identityconnectors.framework.impl.api.local.operations.SearchImpl$1@76616ae4,
OperationOptions: {ATTRS_TO_GET:[cn,__UID__,__NAME__,__ENABLE__]}) Method:
executeQuery
01:01:02.083 WARN Attribute __ENABLE__ of object class __GROUP__ is not
mapped to an LDAP attribute Method: getLdapAttribute
01:01:02.084 DEBUG Searching in [ou=users,dc=test,dc=com,
ou=groups,dc=test,dc=com] with filter
(&(&(objectClass=top)(objectClass=groupOfUniqueNames))(uid=ADMIN)) and
SearchControls: {returningAttributes=[cn, uid], scope=SUBTREE} Method:
doSearch
01:01:02.088 DEBUG Return Method: executeQuery
01:01:02.088 DEBUG Return: null Method: getObject
On Tue, Feb 9, 2016 at 3:46 PM, Li,Xiaodong <[email protected]> wrote:
> I set up ApacheDS LDAP with Syncope according to this Article.
> http://blog.tirasa.net/unlock-full-ldap-features-in.html
>
> The Apache DS version is 2.0.0-16M and built Syncope as my own project
> with version 1.2.7.
> I changed the core project persistence.properties to use MYSQL as internal
> storage.
>
> I can create new users and roles in syncope and they were propagated into
> LDAP correctly. I think the connector and resources configurations are
> right.
>
> But when I change the user info and delete user, it won't propagate into
> LDAP.
>
> I can see the delete user operation in task tab -> propagation task, but
> it was not executed even if I click the Execute button, nothing happened.
>
> I checked the user profile,
>
> The internal resource accountlink is right, but why LDAP accountLink has
> red exclamation.
>
> Anyone has this problem?
>
>
> Resource
> AccountLink
> Status
> syncope testuser [image: active icon]
> LDAP
> [image: notfound icon]
>
>
