Hello Francesco,
Thank you for the reply.
I created my active directory connector, resource and the synchronization task
from scratch and I did not check the full reconciliation so now it should be
doing the SYNC.
But now I'm getting below error, what could be wrong?
org.identityconnectors.framework.common.exceptions.ConnectorException: Could
not set DirSync request controls
at
net.tirasa.connid.bundles.ad.sync.ADSyncStrategy.sync(ADSyncStrategy.java:168)
~[?:?]
at net.tirasa.connid.bundles.ad.ADConnector.sync(ADConnector.java:143)
~[?:?]
at
org.identityconnectors.framework.impl.api.local.operations.SyncImpl.sync(SyncImpl.java:139)
~[connector-framework-internal-1.4.1.0.jar:?]
Best Regards,
Juhani
Full stack trace:
12:28:44.521 DEBUG Enter: getLatestSyncToken(ObjectClass: __ACCOUNT__) Method:
getLatestSyncToken
12:29:02.602 DEBUG Latest sync token set to SyncToken: [B@2baedc04 Method:
getLatestSyncToken
12:29:02.602 DEBUG Return: SyncToken: [B@2baedc04 Method:
getLatestSyncToken
12:29:02.603 DEBUG Enter: sync(ObjectClass: __ACCOUNT__, SyncToken:
[B@64eea103, org.apache.syncope.core.sync.impl.UserSyncResultHandler@6e8cffb9,
OperationOptions:
{ATTRS_TO_GET:[mail,sn,title,department,sAMAccountName,__UID__,__NAME__,l,givenName,__ENABLE__...]})
Method: sync
12:29:02.663 DEBUG Enter: sync(ObjectClass: __ACCOUNT__, SyncToken:
[B@64eea103,
org.identityconnectors.framework.impl.api.local.operations.SyncImpl$1@299fe21d,
OperationOptions:
{ATTRS_TO_GET:[mail,sn,title,department,sAMAccountName,__UID__,__NAME__,l,givenName,__ENABLE__...]})
Method: sync
12:29:02.663 DEBUG Synchronization with token. Method: sync
12:29:02.663 DEBUG Exception: Method: sync
org.identityconnectors.framework.common.exceptions.ConnectorException: Could
not set DirSync request controls
at
net.tirasa.connid.bundles.ad.sync.ADSyncStrategy.sync(ADSyncStrategy.java:168)
~[?:?]
at net.tirasa.connid.bundles.ad.ADConnector.sync(ADConnector.java:143)
~[?:?]
at
org.identityconnectors.framework.impl.api.local.operations.SyncImpl.sync(SyncImpl.java:139)
~[connector-framework-internal-1.4.1.0.jar:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.7.0_95]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[?:1.7.0_95]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.7.0_95]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_95]
at
org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:98)
~[connector-framework-internal-1.4.1.0.jar:?]
at com.sun.proxy.$Proxy215.sync(Unknown Source) ~[?:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.7.0_95]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[?:1.7.0_95]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.7.0_95]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_95]
at
org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:98)
~[connector-framework-internal-1.4.1.0.jar:?]
at com.sun.proxy.$Proxy215.sync(Unknown Source) ~[?:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.7.0_95]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[?:1.7.0_95]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.7.0_95]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_95]
at
org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:159)
~[connector-framework-internal-1.4.1.0.jar:?]
Caused by: java.nio.BufferOverflowException
at java.nio.HeapByteBuffer.put(HeapByteBuffer.java:183) ~[?:1.7.0_95]
at java.nio.ByteBuffer.put(ByteBuffer.java:832) ~[?:1.7.0_95]
at
net.tirasa.adsddl.ntsd.controls.DirSyncControl.berEncodedValue(DirSyncControl.java:100)
~[?:?]
at
net.tirasa.adsddl.ntsd.controls.DirSyncControl.<init>(DirSyncControl.java:75)
~[?:?]
at
net.tirasa.connid.bundles.ad.sync.ADSyncStrategy.sync(ADSyncStrategy.java:165)
~[?:?]
... 19 more
12:29:02.671 DEBUG Exception: Method: sync
org.identityconnectors.framework.common.exceptions.ConnectorException: Could
not set DirSync request controls
at
net.tirasa.connid.bundles.ad.sync.ADSyncStrategy.sync(ADSyncStrategy.java:168)
~[?:?]
at net.tirasa.connid.bundles.ad.ADConnector.sync(ADConnector.java:143)
~[?:?]
at
org.identityconnectors.framework.impl.api.local.operations.SyncImpl.sync(SyncImpl.java:139)
~[connector-framework-internal-1.4.1.0.jar:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.7.0_95]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[?:1.7.0_95]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.7.0_95]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_95]
at
org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:98)
~[connector-framework-internal-1.4.1.0.jar:?]
at com.sun.proxy.$Proxy215.sync(Unknown Source) ~[?:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.7.0_95]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[?:1.7.0_95]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.7.0_95]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_95]
at
org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:98)
~[connector-framework-internal-1.4.1.0.jar:?]
at com.sun.proxy.$Proxy215.sync(Unknown Source) ~[?:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.7.0_95]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[?:1.7.0_95]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.7.0_95]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_95]
at
org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:159)
~[connector-framework-internal-1.4.1.0.jar:?]
Caused by: java.nio.BufferOverflowException
at java.nio.HeapByteBuffer.put(HeapByteBuffer.java:183) ~[?:1.7.0_95]
at java.nio.ByteBuffer.put(ByteBuffer.java:832) ~[?:1.7.0_95]
at
net.tirasa.adsddl.ntsd.controls.DirSyncControl.berEncodedValue(DirSyncControl.java:100)
~[?:?]
at
net.tirasa.adsddl.ntsd.controls.DirSyncControl.<init>(DirSyncControl.java:75)
~[?:?]
at
net.tirasa.connid.bundles.ad.sync.ADSyncStrategy.sync(ADSyncStrategy.java:165)
~[?:?]
... 19 more
From: Francesco Chicchiriccò [mailto:[email protected]]
Sent: 10. maaliskuuta 2016 18:56
To: [email protected]
Subject: Re: Synchronize task does not remove users from syncope?
On 10/03/2016 17:23, Kettunen, Juhani wrote:
Hello,
I have two external resources working fine (AD and PostgreSQL database) as well
as a synchronize task from the AD.
The sync task does create and update all users in syncope and in the database,
but it does not remove any users (deprovision). For example if I delete a user
in AD it doesn't get deleted from Syncope's internal users and therefore not
from the external resource either.
This same applies when I edit a previously synchronized user in Active
Directory so that it doesn't meet connectors membership or accountSearchFilter
rules anymore - it does not get removed from Syncope and other resources.
What am I missing?
The Synchronization Task has only Matching (update) and Unmatching (provision).
Should it have at least a third matching rule: Source Missing Rule - which
would most likely always be used for deprovisioning?
Hi,
synchronization from Syncope either relies on ConnId's SEARCH [1] or SYNC [2],
depending on whether you've set the the "Full reconciliation" flag on the
related SyncTask.
With that option flagged, Syncope will barely ask the external resource for all
users available at the moment; without such flag, Syncope will ask for all the
changes occurred since previous synchronization.
Only the latter is the capable of instructing Syncope about to delete users (or
roles).
More information on this topic is available at [3].
Please consider that not all ConnId connectors implement SYNC - but either
Active Directory [4], Database table [5] and Scripted SQL [6] do.
In any case, SYNC might required additional configuration options on the
related connector instance.
Hope this helps.
Regards.
[1]
http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/framework/api/operations/SearchApiOp.html
[2]
http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/framework/api/operations/SyncApiOp.html
[3] https://cwiki.apache.org/confluence/display/SYNCOPE/Synchronization
[4] https://connid.atlassian.net/wiki/pages/viewpage.action?pageId=360482
[5] https://connid.atlassian.net/wiki/display/BASE/Database+Table
[6] https://connid.atlassian.net/wiki/display/BASE/Scripted+SQL
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF committer
http://home.apache.org/~ilgrosso/
