On 14-jun-16, at 18:05, Colm O hEigeartaigh <[email protected]> wrote:
> Hi Hermann, > Answers inline. > On Tue, Jun 14, 2016 at 2:28 PM, Hermann Angstl < [email protected] > wrote: >> - propagating membership information is not working. >> For example, I created “user2” and “role2” and assigned “role2” to “user2”. >> When >> I look into my LDAP I can see: >> - cn=user2,ou=users,dc=example,dc=com >> - cn=role2,ou=roles,dc=example,dc=com >> When looking into the details of cn=role2,ou=roles,dc=example,dc=com I >> expected >> to see >> member: cn=user2,ou=users,dc=example,dc=com >> But that was not the case. Somehow Syncope does not propagate the group >> memberships information. >> (1) Any suggestions what I have to do to make it work? > I did a quick check there with the same Syncope version you are using and it > worked successfully. Have you enabled the LDAPMembershipPropagationActions in > the Resource configuration? Also "Maintain LDAP Group Membership" must be set to true under LDAP connector configuration. >> (2) Another thing that I don’t understand: When Syncope creates a new Role in >> LDAP, it always looks like this >> objectClass: groupOfNames (structural) >> objectClass: top (abstract) >> cn: role2 >> member: cn=Directory Manager,dc=example,dc=com >> It always sets the Principal that I configured under Resources / Connectors >> (cn=Directory Manager,dc=example,dc=com is) as a member of the group. Why is >> that? > Not sure, I can reproduce this as well. I will play around with it unless > someone else chimes in to see if I can reproduce it in different environments > and with later versions of Syncope. The LDAP object classes "groupOfNames" and "groupOfUniqueNames" (e.g. the ones supported by the LDAP connector for groups) require at least a member when creating. The behavior reported above is triggered here: https://github.com/Tirasa/ConnIdLDAPBundle/blob/master/src/main/java/net/tirasa/connid/bundles/ldap/commons/GroupHelper.java#L200-L202 HTH Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Involved at The Apache Software Foundation: member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF Committer, OpenJPA Committer, PonyMail PPMC http://home.apache.org/~ilgrosso/
