Hi,
please be sure to have
"Uid Attribute" set to "cn"
in your LDAP configuration, as suggested by the blog post reported
below.
HTH
Regards.
On 2016-02-10 02:10 Li,Xiaodong wrote:
> Append:
>
> I found the problem, I search the log file on DEBUG information.
> I use 'uid' as users attribute, so I have to configure Uid Attribute = uid in
> Connector.
>
> Now, I have new problem which can not DELETE Role. I got the DEBUG log
> below, I think I know which the problem, the syncope search the group by
> 'uid', but My groups name identified by 'cn', that's why syncope can not find
> the group. Any one can tell me where to change the group search by 'cn'
> instead of 'uid'.
>
> Searching in [ou=users,dc=test,dc=com, ou=groups,dc=test,dc=com] with filter
> (&(&(objectClass=top)(objectClass=groupOfUniqueNames))(uid=ADMIN))
>
> 01:01:02.080 DEBUG Enter: getObject(ObjectClass: __GROUP__, Attribute:
> {Name=__UID__, Value=[ADMIN]}, OperationOptions:
> {ATTRS_TO_GET:[cn,__UID__,__NAME__,__ENABLE__]}) Method: getObject
>
> 01:01:02.083 DEBUG Enter: executeQuery(ObjectClass: __GROUP__,
> LdapFilter[nativeFilter: (uid=ADMIN); entryDN: null],
> org.identityconnectors.framework.impl.api.local.operations.SearchImpl$1@76616ae4,
> OperationOptions: {ATTRS_TO_GET:[cn,__UID__,__NAME__,__ENABLE__]}) Method:
> executeQuery
>
> 01:01:02.083 WARN Attribute __ENABLE__ of object class __GROUP__ is not
> mapped to an LDAP attribute Method: getLdapAttribute
>
> 01:01:02.084 DEBUG Searching in [ou=users,dc=test,dc=com,
> ou=groups,dc=test,dc=com] with filter
> (&(&(objectClass=top)(objectClass=groupOfUniqueNames))(uid=ADMIN)) and
> SearchControls: {returningAttributes=[cn, uid], scope=SUBTREE} Method:
> doSearch
>
> 01:01:02.088 DEBUG Return Method: executeQuery
>
> 01:01:02.088 DEBUG Return: null Method: getObject
>
> On Tue, Feb 9, 2016 at 3:46 PM, Li,Xiaodong <[email protected]> wrote:
>
>> I set up ApacheDS LDAP with Syncope according to this Article.
>> http://blog.tirasa.net/unlock-full-ldap-features-in.html
>>
>> The Apache DS version is 2.0.0-16M and built Syncope as my own project with
>> version 1.2.7.
>> I changed the core project persistence.properties to use MYSQL as internal
>> storage.
>>
>> I can create new users and roles in syncope and they were propagated into
>> LDAP correctly. I think the connector and resources configurations are
>> right.
>>
>> But when I change the user info and delete user, it won't propagate into
>> LDAP.
>>
>> I can see the delete user operation in task tab -> propagation task, but it
>> was not executed even if I click the Execute button, nothing happened.
>>
>> I checked the user profile,
>>
>> The internal resource accountlink is right, but why LDAP accountLink has red
>> exclamation.
>>
>> Anyone has this problem?
>>
>> Resource
>> AccountLink
>> Status
>>
>> syncope testuser
>>
>> LDAP
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF Committer
http://home.apache.org/~ilgrosso/
