I changed the Uid Attribute to 'cn', Still can not work on sync with Roles
My Role groups based dn is cn={0},ou=groups,dc=test,dc=com
My users based dn is uid={0},ou=users,dc=test,dc=com
Should I create two connector to sync both of them?
I find the same issue on the discuss here
http://syncope-user.1051894.n5.nabble.com/ConnId-LDAP-searches-for-uid-in-groupOfUniqueNames-td5707398.html
any solution ?
On Tue, Feb 9, 2016 at 10:43 PM, Francesco Chicchiriccò <[email protected]
> wrote:
> Hi,
>
> please be sure to have
>
> "Uid Attribute" set to "cn"
>
> in your LDAP configuration, as suggested by the blog post reported below.
>
>
> HTH
>
> Regards.
>
> On 2016-02-10 02:10 Li,Xiaodong wrote:
>
> Append:
>
> I found the problem, I search the log file on DEBUG information.
> I use 'uid' as users attribute, so I have to configure Uid Attribute = uid
> in Connector.
>
>
> Now, I have new problem which can not DELETE Role. I got the DEBUG log
> below, I think I know which the problem, the syncope search the group by
> 'uid', but My groups name identified by 'cn', that's why syncope can not
> find the group. Any one can tell me where to change the group search by
> 'cn' instead of 'uid'.
>
> Searching in [ou=users,dc=test,dc=com, ou=groups,dc=test,dc=com] with
> filter (&(&(objectClass=top)(objectClass=groupOfUniqueNames))(uid=ADMIN))
>
>
>
> 01:01:02.080 DEBUG Enter: getObject(ObjectClass: __GROUP__, Attribute:
> {Name=__UID__, Value=[ADMIN]}, OperationOptions:
> {ATTRS_TO_GET:[cn,__UID__,__NAME__,__ENABLE__]}) Method: getObject
>
> 01:01:02.083 DEBUG Enter: executeQuery(ObjectClass: __GROUP__,
> LdapFilter[nativeFilter: (uid=ADMIN); entryDN: null],
> org.identityconnectors.framework.impl.api.local.operations.SearchImpl$1@76616ae4,
> OperationOptions: {ATTRS_TO_GET:[cn,__UID__,__NAME__,__ENABLE__]}) Method:
> executeQuery
>
> 01:01:02.083 WARN Attribute __ENABLE__ of object class __GROUP__ is not
> mapped to an LDAP attribute Method: getLdapAttribute
>
> 01:01:02.084 DEBUG Searching in [ou=users,dc=test,dc=com,
> ou=groups,dc=test,dc=com] with filter
> (&(&(objectClass=top)(objectClass=groupOfUniqueNames))(uid=ADMIN)) and
> SearchControls: {returningAttributes=[cn, uid], scope=SUBTREE} Method:
> doSearch
>
> 01:01:02.088 DEBUG Return Method: executeQuery
>
> 01:01:02.088 DEBUG Return: null Method: getObject
>
> On Tue, Feb 9, 2016 at 3:46 PM, Li,Xiaodong <[email protected]> wrote:
>
>> I set up ApacheDS LDAP with Syncope according to this Article.
>> http://blog.tirasa.net/unlock-full-ldap-features-in.html
>>
>> The Apache DS version is 2.0.0-16M and built Syncope as my own project
>> with version 1.2.7.
>> I changed the core project persistence.properties to use MYSQL as
>> internal storage.
>>
>> I can create new users and roles in syncope and they were propagated into
>> LDAP correctly. I think the connector and resources configurations are
>> right.
>>
>> But when I change the user info and delete user, it won't propagate into
>> LDAP.
>>
>> I can see the delete user operation in task tab -> propagation task, but
>> it was not executed even if I click the Execute button, nothing happened.
>>
>> I checked the user profile,
>>
>> The internal resource accountlink is right, but why LDAP accountLink has
>> red exclamation.
>>
>> Anyone has this problem?
>>
>>
>> Resource
>> AccountLink
>> Status
>>
>> syncope testuser [image: active
>> icon]
>> LDAP
>>
>> [image: notfound icon]
>>
>>
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Involved at The Apache Software Foundation:
> member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF Committer
> http://home.apache.org/~ilgrosso/
>
