RE: Propagating Users/Roles/Memberships to an external resource (LDAP)

Wed, 15 Jun 2016 05:48:00 -0700 

Hi Colm, Francesco,

thanks a lot!

I did set the "Actions classes" in "Resources" / "Resource details":
                - 
org.apache.syncope.core.propagation.impl.LDAPMembershipPropagationActions and
                - 
org.apache.syncope.core.propagation.impl.LDAPPasswordPropagationActions

But I did not click the “Maintain LDAP Group Membership” checkbox. After I did 
this it worked!

Cheers,
Hermann

From: Colm O hEigeartaigh [mailto:[email protected]]
Sent: Dienstag, 14. Juni 2016 18:05
To: [email protected]
Subject: Re: Propagating Users/Roles/Memberships to an external resource (LDAP)

Hi Hermann,
Answers inline.

On Tue, Jun 14, 2016 at 2:28 PM, Hermann Angstl 
<[email protected]<mailto:[email protected]>> wrote:
- propagating membership information is not working.

For example, I created “user2” and “role2” and assigned “role2” to “user2”. 
When I look into my LDAP I can see:
- cn=user2,ou=users,dc=example,dc=com
- cn=role2,ou=roles,dc=example,dc=com

When looking into the details of cn=role2,ou=roles,dc=example,dc=com I expected 
to see
member: cn=user2,ou=users,dc=example,dc=com

But that was not the case. Somehow Syncope does not propagate the group 
memberships information.
(1) Any suggestions what I have to do to make it work?

I did a quick check there with the same Syncope version you are using and it 
worked succcessfully. Have you enabled the LDAPMembershipPropagationActions in 
the Resource configuration?



(2) Another thing that I don’t understand: When Syncope creates a new Role in 
LDAP, it always looks like this
objectClass: groupOfNames (structural)
objectClass: top (abstract)
cn: role2
member: cn=Directory Manager,dc=example,dc=com

It always sets the Principal that I configured under Resources / Connectors 
(cn=Directory Manager,dc=example,dc=com is) as a member of the group. Why is 
that?

Not sure, I can reproduce this as well. I will play around with it unless 
someone else chimes in to see if I can reproduce it in different environments 
and with later versions of Syncope.
Colm.



cheers,
Hermann



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply via email to