Hi Juhani
Il 15/03/2016 14:07, Kettunen, Juhani ha scritto:
Hello Francesco,
Thank you for the reply.
I created my active directory connector, resource and the
synchronization task from scratch and I did not check the full
reconciliation so now it should be doing the SYNC.
But now I’m getting below error, what could be wrong?
org.identityconnectors.framework.common.exceptions.ConnectorException:
Could not set DirSync request controls
at
net.tirasa.connid.bundles.ad.sync.ADSyncStrategy.sync(ADSyncStrategy.java:168)
~[?:?]
at net.tirasa.connid.bundles.ad.ADConnector.sync(ADConnector.java:143)
~[?:?]
at
org.identityconnectors.framework.impl.api.local.operations.SyncImpl.sync(SyncImpl.java:139)
~[connector-framework-internal-1.4.1.0.jar:?]
I think there is a problem with the Active Directory connector. Please,
write to ConnId Mailing List [1][2]
Regards
M
[1] [email protected]
[2] https://groups.google.com/forum/?fromgroups#!forum/connid-users
Best Regards,
Juhani
Full stack trace:
12:28:44.521 DEBUG Enter: getLatestSyncToken(ObjectClass: __ACCOUNT__)
Method: getLatestSyncToken
12:29:02.602 DEBUG Latest sync token set to SyncToken: [B@2baedc04
Method: getLatestSyncToken
12:29:02.602 DEBUG Return: SyncToken: [B@2baedc04 Method:
getLatestSyncToken
12:29:02.603 DEBUG Enter: sync(ObjectClass: __ACCOUNT__, SyncToken:
[B@64eea103,
org.apache.syncope.core.sync.impl.UserSyncResultHandler@6e8cffb9,
OperationOptions:
{ATTRS_TO_GET:[mail,sn,title,department,sAMAccountName,__UID__,__NAME__,l,givenName,__ENABLE__...]})
Method: sync
12:29:02.663 DEBUG Enter: sync(ObjectClass: __ACCOUNT__, SyncToken:
[B@64eea103,
org.identityconnectors.framework.impl.api.local.operations.SyncImpl$1@299fe21d,
OperationOptions:
{ATTRS_TO_GET:[mail,sn,title,department,sAMAccountName,__UID__,__NAME__,l,givenName,__ENABLE__...]})
Method: sync
12:29:02.663 DEBUG Synchronization with token. Method: sync
12:29:02.663 DEBUG Exception: Method: sync
org.identityconnectors.framework.common.exceptions.ConnectorException:
Could not set DirSync request controls
at
net.tirasa.connid.bundles.ad.sync.ADSyncStrategy.sync(ADSyncStrategy.java:168)
~[?:?]
at net.tirasa.connid.bundles.ad.ADConnector.sync(ADConnector.java:143)
~[?:?]
at
org.identityconnectors.framework.impl.api.local.operations.SyncImpl.sync(SyncImpl.java:139)
~[connector-framework-internal-1.4.1.0.jar:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.7.0_95]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[?:1.7.0_95]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.7.0_95]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_95]
at
org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:98)
~[connector-framework-internal-1.4.1.0.jar:?]
at com.sun.proxy.$Proxy215.sync(Unknown Source) ~[?:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.7.0_95]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[?:1.7.0_95]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.7.0_95]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_95]
at
org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:98)
~[connector-framework-internal-1.4.1.0.jar:?]
at com.sun.proxy.$Proxy215.sync(Unknown Source) ~[?:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.7.0_95]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[?:1.7.0_95]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.7.0_95]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_95]
at
org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:159)
~[connector-framework-internal-1.4.1.0.jar:?]
Caused by: java.nio.BufferOverflowException
at java.nio.HeapByteBuffer.put(HeapByteBuffer.java:183) ~[?:1.7.0_95]
at java.nio.ByteBuffer.put(ByteBuffer.java:832) ~[?:1.7.0_95]
at
net.tirasa.adsddl.ntsd.controls.DirSyncControl.berEncodedValue(DirSyncControl.java:100)
~[?:?]
at
net.tirasa.adsddl.ntsd.controls.DirSyncControl.<init>(DirSyncControl.java:75)
~[?:?]
at
net.tirasa.connid.bundles.ad.sync.ADSyncStrategy.sync(ADSyncStrategy.java:165)
~[?:?]
... 19 more
12:29:02.671 DEBUG Exception: Method: sync
org.identityconnectors.framework.common.exceptions.ConnectorException:
Could not set DirSync request controls
at
net.tirasa.connid.bundles.ad.sync.ADSyncStrategy.sync(ADSyncStrategy.java:168)
~[?:?]
at net.tirasa.connid.bundles.ad.ADConnector.sync(ADConnector.java:143)
~[?:?]
at
org.identityconnectors.framework.impl.api.local.operations.SyncImpl.sync(SyncImpl.java:139)
~[connector-framework-internal-1.4.1.0.jar:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.7.0_95]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[?:1.7.0_95]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.7.0_95]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_95]
at
org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:98)
~[connector-framework-internal-1.4.1.0.jar:?]
at com.sun.proxy.$Proxy215.sync(Unknown Source) ~[?:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.7.0_95]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[?:1.7.0_95]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.7.0_95]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_95]
at
org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:98)
~[connector-framework-internal-1.4.1.0.jar:?]
at com.sun.proxy.$Proxy215.sync(Unknown Source) ~[?:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.7.0_95]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[?:1.7.0_95]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.7.0_95]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_95]
at
org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:159)
~[connector-framework-internal-1.4.1.0.jar:?]
Caused by: java.nio.BufferOverflowException
at java.nio.HeapByteBuffer.put(HeapByteBuffer.java:183) ~[?:1.7.0_95]
at java.nio.ByteBuffer.put(ByteBuffer.java:832) ~[?:1.7.0_95]
at
net.tirasa.adsddl.ntsd.controls.DirSyncControl.berEncodedValue(DirSyncControl.java:100)
~[?:?]
at
net.tirasa.adsddl.ntsd.controls.DirSyncControl.<init>(DirSyncControl.java:75)
~[?:?]
at
net.tirasa.connid.bundles.ad.sync.ADSyncStrategy.sync(ADSyncStrategy.java:165)
~[?:?]
... 19 more
*From:*Francesco Chicchiriccò [mailto:[email protected]]
*Sent:* 10. maaliskuuta 2016 18:56
*To:* [email protected]
*Subject:* Re: Synchronize task does not remove users from syncope?
On 10/03/2016 17:23, Kettunen, Juhani wrote:
Hello,
I have two external resources working fine (AD and PostgreSQL
database) as well as a synchronize task from the AD.
The sync task does create and update all users in syncope and in
the database, but it does not remove any users (deprovision). For
example if I delete a user in AD it doesn’t get deleted from
Syncope’s internal users and therefore not from the external
resource either.
This same applies when I edit a previously synchronized user in
Active Directory so that it doesn’t meet connectors membership or
accountSearchFilter rules anymore – it does not get removed from
Syncope and other resources.
What am I missing?
The Synchronization Task has only Matching (update) and Unmatching
(provision). Should it have at least a third matching rule: Source
Missing Rule – which would most likely always be used for
deprovisioning?
Hi,
synchronization from Syncope either relies on ConnId's SEARCH [1] or
SYNC [2], depending on whether you've set the the "Full
reconciliation" flag on the related SyncTask.
With that option flagged, Syncope will barely ask the external
resource for all users available at the moment; without such flag,
Syncope will ask for all the changes occurred since previous
synchronization.
Only the latter is the capable of instructing Syncope about to delete
users (or roles).
More information on this topic is available at [3].
Please consider that not all ConnId connectors implement SYNC - but
either Active Directory [4], Database table [5] and Scripted SQL [6] do.
In any case, SYNC might required additional configuration options on
the related connector instance.
Hope this helps.
Regards.
[1]
http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/framework/api/operations/SearchApiOp.html
[2]
http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/framework/api/operations/SyncApiOp.html
[3] https://cwiki.apache.org/confluence/display/SYNCOPE/Synchronization
[4] https://connid.atlassian.net/wiki/pages/viewpage.action?pageId=360482
[5] https://connid.atlassian.net/wiki/display/BASE/Database+Table
[6] https://connid.atlassian.net/wiki/display/BASE/Scripted+SQL
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF committer
http://home.apache.org/~ilgrosso/ <http://home.apache.org/%7Eilgrosso/>
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
