On 2016-06-01 14:48 Hermann Angstl wrote:
To synchronize user and role data from an LDAP backend into Syncope I
set up connector, resource and synchronization task.
In my LDAP there are users with different object classes. For example
one entry looks like this:
objectClass: account (structural)
objectClass: posixAccount (auxiliary)
cn: USER1
… and one entry looks like this:
objectClass: person (structural)
objectClass: inetOrgPerson (structural)
cn: USER2
In my connector (under Resources/Connectors/Configuration) I can set
"Account Object Classes". When I set it to "account" I get only
"user1", when I set it to "person" I get only "user2". So far, so good.
BUT WHEN I SET IT TO BOTH (“ACCOUNT”, “PERSON”) – I GET NOTHING!
Of course. "Account Object Classes"'s description from [1] says "Object
classes to which the ACCOUNT object class is mapped": when you put both,
the connector will query for entries having both object classes.
Enabling the option "Filter with Or Instead of And" didn't help.
If you read from [1], such option's description says "Use an and filter
instead of an or filter when searching for change log entries", e.g. is
useful only when performing actual synchronization, not full
reconciliation - see my other e-mail.
Is there a way to get user1 AND user2?
The simplest option for you is to flag the "Account Object Classes"
property for resource override, then to define two different resources A
and B using the same connector; in A, under "Configuration" you will
have a single property "Account Object Classes" - where you can put
"account"; in B you will put "person".
HTH
Regards.
[1] https://connid.atlassian.net/wiki/display/BASE/LDAP
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC,
CXF Committer, OpenJPA Committer, PonyMail PPMC
http://home.apache.org/~ilgrosso/
