Thanks Francessco. In my scenario I am trying to synchronizing user information from central user repository (openLdap) to application database (MySQL) and vice-versa using Syncope. But my applications (web application) databases can be on different datacenters and are behind firewall and thus cannot establish direct DB connections, so instead I need to sync it over http/REST based APIs.
We need external cloud Identity Management connector that can connect to application's public REST or http based API's to update application's linked DB. I found a similar project <https://wiki.evolveum.com/display/midPoint/Google+summer+of+code+2016#Googlesummerofcode2016-Project:CloudIdentitymanagement> in Midpoint IdM's project list, so this hints that I need to write a connector for connecting to my external web service (behind which application DB is present). To create a connector for our web service I read this connId documentation https://connid.atlassian.net/wiki/display/BASE/Create+new+connector. I get the following error on running maven command: Failed to execute goal org.apache.maven.plugins:maven-archetype-plugin:2.4:generate (default-cli) on project standalone-pom: The desired archetype does not exist (net.tirasa.connid:connector-archetype:1.4.3.0). On Mon, May 9, 2016 at 7:00 PM, Francesco Chicchiriccò <[email protected]> wrote: > On 09/05/2016 14:58, Shagun Akarsh wrote: > > Hello, > > I am using ldap-connector (1.4.0) with syncope (1.2.7) and openLdap > (2.4.40) to synchronize user repository but it shows a "?" (undefined > status) symbol when external resource (ldap) is added to a user. > > > LDAP as protocol does not provide a standardized way to determine user > status, so the LDAP connector allows to specify a statusManagementClass for > the purpose. > > If you set it to > > net.tirasa.connid.bundles.ldap.commons.AttributeStatusManagement > > then Syncope will transparently handle it by using the "description" > attribute. > > More information on > > https://connid.atlassian.net/wiki/display/BASE/LDAP#Configuration > > (one of last properties there). > > Although it is able to create new entries in ldap & syncope mysql db, but > it fails to update on openLdap when we update an existing entry using GUI. > > > This is probably due to some misconfiguration in the connector; please > take a look at this - for Syncope 1.1 but easily adaptable to 1.2 - old > post of mine for some recipes: > > http://blog.tirasa.net/unlock-full-ldap-features-in.html > > Moreover reading > <https://connid.atlassian.net/wiki/display/BASE/LDAP#LDAP-Installation> > about ldap-connector I found this "Sync (only with Sun Directory Server > Enterprise Edition)", so is this the reason for the issue of sync with > openLdap ? Do we need to write custom connector for full ldap > synchronization ? > > > From the "Changelog" chapter in the post above: > > During synchronization, Apache Syncope can query the LDAP directory server > in two distinct ways: either the full list of entries (that will need to be > parsed in order to catch the actual modifications performed since last run) > or just such actual modifications. > > As anyone can see, the latter is much more better than the former but its > usage is limited due to the fact that the ConnId LDAP connector currently > supports actual synchronization operation only from some servers (as Sun > Directory Server or OpenDJ). > > > Unfortunately, no one has yet provided the necessary contribution to > enhance the LDAP connector with support for actual synchronization in > OpenLDAP, as you can also read from > > https://connid.atlassian.net/browse/LDAP-1 > > At the moment, then, you can definitely pull users (and groups) from > OpenLDAP, but there is no yet support for SyncRepl (RFC 4533). > AFAICT the ConnId project would be glad to receive such contribution ;-) > > HTH > Regards. > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellencehttp://www.tirasa.net/ > > Involved at The Apache Software Foundation: > member, Syncope PMC chair, Cocoon PMC, > Olingo PMC, CXF Committer, OpenJPA Committer http://home.apache.org/~ilgrosso/ > > -- Shagun Akarsh Ph: +91-9902095371 Research Engineer Wooqer Labs, Bangalore.
