Hi,
I have just replicated your configuration below to ensure I was
providing adequate answers: see my replies below.
Regards.
On 17/12/2016 20:19, PSYND wrote:
Dear Experts,
we are trying to configure the OLDAP connector with Syncope 2.0.1.
We are using bundle 1.5.1.
We create a connector, we don't configure anything else but admin
username, password, rootcontext, server and port.
We save and we create a resource connected to the connector:
- In the first page we don't modify anything
- in the second page we select all the Capabilities
- No policies (Account, pwd and pull)
We finish.
After we edit the provisioning rules:
- We select USER (__ACCOUNT__)
- No auxiliary classes
- Mapping:
--- username -> cn (key)
--- email -> mail
--- lastName -> sn
--- username -> uid
- No Object Link
This is the problem: an "Object Link" for ConnId is something that is
generally not used unless a hierarchical resource (e.g. LDAP or Active
Directory) is to be linked.
Object Link is a JEXL expression that is used as model for generating
the target DN on the external resource which corresponds to an internal
entity.
Hence, given your mapping above, a value for object link could be
'cn=' + username + ',ou=People,dc=tirasa,dc=net'
Once the mapping is defined, the easiest way to check that everything is
working is to click on the "Explore resource" link from the given
resource's contextual menu in the Topology.
We save, we try to provision but there is a failure:
How are you trying to provision? The stacktrace below is definitely an
error that must be handled, but I wasn't able to reproduce.
Which language were you using? English / Italian / Brazilian Portuguese
/ Russian?
Please be sure to read
https://syncope.apache.org/docs/reference-guide.html#provisioning
to understand how the provisioning process is managed.
In particular, consider the difference between Propagation
https://syncope.apache.org/docs/reference-guide.html#propagation
and Push
https://syncope.apache.org/docs/reference-guide.html#provisioning-push
Root cause:
java.util.MissingResourceException: Unable to find property: 'start'
for component:
body:toggle:outerObjectsRepeater:1:outer:form:content:tasks:secondLevelContainer:second:executions:secondLevelContainer:second:container:selectedObjects:topToolbars:toolbars:2:headers:2:header:orderByLink:header_body:label
[class=org.apache.wicket.markup.html.basic.Label]. Locale: null,
style: null
at org.apache.wicket.Localizer.getString(Localizer.java:268)
at
org.apache.wicket.model.ResourceModel$AssignmentWrapper.load(ResourceModel.java:129)
at
org.apache.wicket.model.ResourceModel$AssignmentWrapper.load(ResourceModel.java:99)
at
org.apache.wicket.model.LoadableDetachableModel.getObject(LoadableDetachableModel.java:134)
at
org.apache.wicket.Component.getDefaultModelObject(Component.java:1626)
at
org.apache.wicket.Component.getDefaultModelObjectAsString(Component.java:1654)
at
org.apache.wicket.markup.html.basic.Label.onComponentTagBody(Label.java:115)
at
org.apache.wicket.markup.html.panel.DefaultMarkupSourcingStrategy.onComponentTagBody(DefaultMarkupSourcingStrategy.java:70)
at
org.apache.wicket.Component.internalRenderComponent(Component.java:2565)
at
org.apache.wicket.markup.html.WebComponent.onRender(WebComponent.java:60)
at org.apache.wicket.Component.internalRender(Component.java:2380)
at org.apache.wicket.Component.render(Component.java:2308)
at
org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1521)
We tried to clone the resource with the same information but using
pull instead of push.
We launch the scheduler and we have this:
JobExecutionException: While pulling from connector
org.quartz.JobExecutionException: While pulling from connector [See
nested exception:
org.identityconnectors.framework.common.exceptions.ConnectorException:
No attribute named entryUUID found in the search result]
at
org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
at
org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
at
org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
at
org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
apparently is missing the entryUUID, that it's missing in our OLDAP.
We removed this reference from the Connector and we changed entryUUID
with UID
As specified by the configuration reference for the ConnId bundle that
you are using:
https://connid.atlassian.net/wiki/display/BASE/LDAP
entryUUID is the default value for 'uidAttribute'; since you are setting
'cn' to be the remote key (as stated above), here's why you need to
change the LDAP connector configuration accordingly,
we launch again the scheduler :
JobExecutionException: While pulling from connector
org.quartz.JobExecutionException: While pulling from connector [See
nested exception: java.lang.IllegalArgumentException: Must be a single
value.]
at
org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
at
org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
at
org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
This error means that, giving the mapping defined above, there are
multiple matching for something that is instead supposed to uniquely
identify the object.
You can naturally find much details in the logs, in particular
core-connid.log
Please also consider that, for OpenLDAP, the ConnId LDAP connector does
not implement yet the SYNC operation, hence the INCREMENTAL pull mode is
not working; more at
https://syncope.apache.org/docs/reference-guide.html#pull-mode
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
