On 11/02/2016 01:58, Li,Xiaodong wrote:
I changed the Uid Attribute to 'cn', Still can not work on sync with
Roles
My Role groups based dn is cn={0},ou=groups,dc=test,dc=com
My users based dn is uid={0},ou=users,dc=test,dc=com
Should I create two connector to sync both of them?
This is not necessary, see below.
I find the same issue on the discuss here
http://syncope-user.1051894.n5.nabble.com/ConnId-LDAP-searches-for-uid-in-groupOfUniqueNames-td5707398.html
This very old thread refers to Syncope 1.1.X, things have quite changed now.
any solution ?
Since, as said below, you're using Apache DS and since Syncope is using
exactly that for integration tests where users and roles synchronization
is working fine, I would suggest to separately download and start the
standalone distribution for 1.2.7 as reported in
https://cwiki.apache.org/confluence/display/SYNCOPE/Run+Syncope+standalone+distribution
then start comparing your current LDAP connector and resource
configurations with the ones available in that, which you can take as
reference.
HTH
Regards.
On Tue, Feb 9, 2016 at 10:43 PM, Francesco Chicchiriccò
<[email protected] <mailto:[email protected]>> wrote:
Hi,
please be sure to have
"Uid Attribute" set to "cn"
in your LDAP configuration, as suggested by the blog post reported
below.
HTH
Regards.
On 2016-02-10 02:10 Li,Xiaodong wrote:
Append:
I found the problem, I search the log file on DEBUG information.
I use 'uid' as users attribute, so I have to configure Uid
Attribute = uid in Connector.
Now, I have new problem which can not DELETE Role. I got the
DEBUG log below, I think I know which the problem, the syncope
search the group by 'uid', but My groups name identified by 'cn',
that's why syncope can not find the group. Any one can tell me
where to change the group search by 'cn' instead of 'uid'.
Searching in [ou=users,dc=test,dc=com, ou=groups,dc=test,dc=com]
with filter
(&(&(objectClass=top)(objectClass=groupOfUniqueNames))(uid=ADMIN))
01:01:02.080 DEBUG Enter: getObject(ObjectClass: __GROUP__,
Attribute: {Name=__UID__, Value=[ADMIN]}, OperationOptions:
{ATTRS_TO_GET:[cn,__UID__,__NAME__,__ENABLE__]})Method: getObject
01:01:02.083 DEBUG Enter: executeQuery(ObjectClass: __GROUP__,
LdapFilter[nativeFilter: (uid=ADMIN); entryDN: null],
org.identityconnectors.framework.impl.api.local.operations.SearchImpl$1@76616ae4,
OperationOptions:
{ATTRS_TO_GET:[cn,__UID__,__NAME__,__ENABLE__]})Method: executeQuery
01:01:02.083 WARN Attribute __ENABLE__ of object class __GROUP__
is not mapped to an LDAP attributeMethod: getLdapAttribute
01:01:02.084 DEBUG Searching in [ou=users,dc=test,dc=com,
ou=groups,dc=test,dc=com] with filter
(&(&(objectClass=top)(objectClass=groupOfUniqueNames))(uid=ADMIN)) and
SearchControls: {returningAttributes=[cn, uid],
scope=SUBTREE}Method: doSearch
01:01:02.088 DEBUG ReturnMethod: executeQuery
01:01:02.088 DEBUG Return: nullMethod: getObject
On Tue, Feb 9, 2016 at 3:46 PM, Li,Xiaodong <[email protected]
<mailto:[email protected]>> wrote:
I set up ApacheDS LDAP with Syncope according to this Article.
http://blog.tirasa.net/unlock-full-ldap-features-in.html
The Apache DS version is 2.0.0-16M and built Syncope as my
own project with version 1.2.7.
I changed the core project persistence.properties to use
MYSQL as internal storage.
I can create new users and roles in syncope and they were
propagated into LDAP correctly. I think the connector and
resources configurations are right.
But when I change the user info and delete user, it won't
propagate into LDAP.
I can see the delete user operation in task tab ->
propagation task, but it was not executed even if I click the
Execute button, nothing happened.
I checked the user profile,
The internal resource accountlink is right, but why LDAP
accountLink has red exclamation.
Anyone has this problem?
Resource
AccountLink
Status
syncope testuser active icon
LDAP
notfound icon
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF committer
http://home.apache.org/~ilgrosso/
