Il 12/05/2017 10:17, sasha gesta ha scritto:
I didn't find anything related to Key Size.
Here is the full log :
11:14:21.686 DEBUG Exception: Method: test
org.identityconnectors.framework.common.exceptions.ConnectorSecurityException:
javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
UNWILLING_TO_PERFORM: Bind failed: Cannot Bind for Dn uid=admin,ou=system]
at
net.tirasa.connid.bundles.ldap.LdapConnection$AuthenticationResultType$3.propagate(LdapConnection.java:369)
~[net.tirasa.connid.bundles.ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.LdapConnection$AuthenticationResult.propagate(LdapConnection.java:393)
~[net.tirasa.connid.bundles.ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.LdapConnection.connect(LdapConnection.java:137)
~[net.tirasa.connid.bundles.ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.LdapConnection.getInitialContext(LdapConnection.java:128)
~[net.tirasa.connid.bundles.ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.LdapConnection.checkAlive(LdapConnection.java:288)
~[net.tirasa.connid.bundles.ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.LdapConnector.checkAlive(LdapConnector.java:96)
~[?:?]
at
org.identityconnectors.framework.impl.api.local.ConnectorPoolManager$ConnectorPoolHandler.testObject(ConnectorPoolManager.java:149)
~[connector-framework-internal-1.4.2.0.jar:?]
at
org.identityconnectors.framework.impl.api.local.ConnectorPoolManager$ConnectorPoolHandler.testObject(ConnectorPoolManager.java:83)
~[connector-framework-internal-1.4.2.0.jar:?]
at
org.identityconnectors.framework.impl.api.local.ObjectPool.borrowObject(ObjectPool.java:250)
~[connector-framework-internal-1.4.2.0.jar:?]
at
org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:87)
~[connector-framework-internal-1.4.2.0.jar:?]
at com.sun.proxy.$Proxy277.test(Unknown Source) ~[?:?]
at sun.reflect.GeneratedMethodAccessor153.invoke(Unknown
Source) ~[?:?]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_131]
at
org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
~[connector-framework-internal-1.4.2.0.jar:?]
at com.sun.proxy.$Proxy277.test(Unknown Source) ~[?:?]
at sun.reflect.GeneratedMethodAccessor153.invoke(Unknown
Source) ~[?:?]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_131]
at
org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99)
~[connector-framework-internal-1.4.2.0.jar:?]
at com.sun.proxy.$Proxy277.test(Unknown Source) ~[?:?]
at sun.reflect.GeneratedMethodAccessor153.invoke(Unknown
Source) ~[?:?]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_131]
at
org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83)
~[connector-framework-internal-1.4.2.0.jar:?]
at com.sun.proxy.$Proxy277.test(Unknown Source) ~[?:?]
at
org.identityconnectors.framework.impl.api.AbstractConnectorFacade.test(AbstractConnectorFacade.java:269)
~[connector-framework-internal-1.4.2.0.jar:?]
at
org.apache.syncope.core.provisioning.java.AsyncConnectorFacade.test(AsyncConnectorFacade.java:129)
~[syncope-core-provisioning-java-2.0.3.jar:2.0.3]
at
org.apache.syncope.core.provisioning.java.AsyncConnectorFacade$$FastClassBySpringCGLIB$$886ae36a.invoke(<generated>)
~[syncope-core-provisioning-java-2.0.3.jar:2.0.3]
at
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
~[spring-core-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:721)
~[spring-aop-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
~[spring-aop-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at
org.springframework.aop.interceptor.AsyncExecutionInterceptor$1.call(AsyncExecutionInterceptor.java:115)
~[spring-aop-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
~[?:1.8.0_131]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[?:1.8.0_131]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[?:1.8.0_131]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_131]
Caused by: javax.naming.OperationNotSupportedException: [LDAP: error
code 53 - UNWILLING_TO_PERFORM: Bind failed: Cannot Bind for Dn
uid=admin,ou=system]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3209)
~[?:1.8.0_131]
at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
~[?:1.8.0_131]
at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883)
~[?:1.8.0_131]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797)
~[?:1.8.0_131]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
~[?:1.8.0_131]
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
~[?:1.8.0_131]
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
~[?:1.8.0_131]
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
~[?:1.8.0_131]
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
~[?:1.8.0_131]
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
~[?:1.8.0_131]
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
~[?:1.8.0_131]
at javax.naming.InitialContext.init(InitialContext.java:244)
~[?:1.8.0_131]
at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
~[?:1.8.0_131]
at
net.tirasa.connid.bundles.ldap.LdapConnection.createContext(LdapConnection.java:186)
~[net.tirasa.connid.bundles.ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.LdapConnection.createContext(LdapConnection.java:173)
~[net.tirasa.connid.bundles.ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.LdapConnection.connect(LdapConnection.java:133)
~[net.tirasa.connid.bundles.ldap-1.5.1.jar:?]
... 34 more
11:14:21.700 DEBUG Exception: Method: test
org.identityconnectors.framework.common.exceptions.ConnectorSecurityException:
javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
UNWILLING_TO_PERFORM: Bind failed: Cannot Bind for Dn uid=admin,ou=system]
at
net.tirasa.connid.bundles.ldap.LdapConnection$AuthenticationResultType$3.propagate(LdapConnection.java:369)
~[net.tirasa.connid.bundles.ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.LdapConnection$AuthenticationResult.propagate(LdapConnection.java:393)
~[net.tirasa.connid.bundles.ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.LdapConnection.connect(LdapConnection.java:137)
~[net.tirasa.connid.bundles.ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.LdapConnection.getInitialContext(LdapConnection.java:128)
~[net.tirasa.connid.bundles.ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.LdapConnection.checkAlive(LdapConnection.java:288)
~[net.tirasa.connid.bundles.ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.LdapConnector.checkAlive(LdapConnector.java:96)
~[?:?]
at
org.identityconnectors.framework.impl.api.local.ConnectorPoolManager$ConnectorPoolHandler.testObject(ConnectorPoolManager.java:149)
~[connector-framework-internal-1.4.2.0.jar:?]
at
org.identityconnectors.framework.impl.api.local.ConnectorPoolManager$ConnectorPoolHandler.testObject(ConnectorPoolManager.java:83)
~[connector-framework-internal-1.4.2.0.jar:?]
at
org.identityconnectors.framework.impl.api.local.ObjectPool.borrowObject(ObjectPool.java:250)
~[connector-framework-internal-1.4.2.0.jar:?]
at
org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:87)
~[connector-framework-internal-1.4.2.0.jar:?]
at com.sun.proxy.$Proxy277.test(Unknown Source) ~[?:?]
at sun.reflect.GeneratedMethodAccessor153.invoke(Unknown
Source) ~[?:?]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_131]
at
org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
~[connector-framework-internal-1.4.2.0.jar:?]
at com.sun.proxy.$Proxy277.test(Unknown Source) ~[?:?]
at sun.reflect.GeneratedMethodAccessor153.invoke(Unknown
Source) ~[?:?]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_131]
at
org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99)
~[connector-framework-internal-1.4.2.0.jar:?]
at com.sun.proxy.$Proxy277.test(Unknown Source) ~[?:?]
at sun.reflect.GeneratedMethodAccessor153.invoke(Unknown
Source) ~[?:?]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_131]
at
org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83)
~[connector-framework-internal-1.4.2.0.jar:?]
at com.sun.proxy.$Proxy277.test(Unknown Source) ~[?:?]
at
org.identityconnectors.framework.impl.api.AbstractConnectorFacade.test(AbstractConnectorFacade.java:269)
~[connector-framework-internal-1.4.2.0.jar:?]
at
org.apache.syncope.core.provisioning.java.AsyncConnectorFacade.test(AsyncConnectorFacade.java:129)
~[syncope-core-provisioning-java-2.0.3.jar:2.0.3]
at
org.apache.syncope.core.provisioning.java.AsyncConnectorFacade$$FastClassBySpringCGLIB$$886ae36a.invoke(<generated>)
~[syncope-core-provisioning-java-2.0.3.jar:2.0.3]
at
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
~[spring-core-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:721)
~[spring-aop-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
~[spring-aop-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at
org.springframework.aop.interceptor.AsyncExecutionInterceptor$1.call(AsyncExecutionInterceptor.java:115)
~[spring-aop-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
~[?:1.8.0_131]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[?:1.8.0_131]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[?:1.8.0_131]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_131]
Caused by: javax.naming.OperationNotSupportedException: [LDAP: error
code 53 - UNWILLING_TO_PERFORM: Bind failed: Cannot Bind for Dn
uid=admin,ou=system]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3209)
~[?:1.8.0_131]
at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
~[?:1.8.0_131]
at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883)
~[?:1.8.0_131]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797)
~[?:1.8.0_131]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
~[?:1.8.0_131]
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
~[?:1.8.0_131]
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
~[?:1.8.0_131]
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
~[?:1.8.0_131]
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
~[?:1.8.0_131]
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
~[?:1.8.0_131]
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
~[?:1.8.0_131]
at javax.naming.InitialContext.init(InitialContext.java:244)
~[?:1.8.0_131]
at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
~[?:1.8.0_131]
at
net.tirasa.connid.bundles.ldap.LdapConnection.createContext(LdapConnection.java:186)
~[net.tirasa.connid.bundles.ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.LdapConnection.createContext(LdapConnection.java:173)
~[net.tirasa.connid.bundles.ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.LdapConnection.connect(LdapConnection.java:133)
~[net.tirasa.connid.bundles.ldap-1.5.1.jar:?]
... 34 more
I suggest you to check the password and if the problem persists try to
look the configurations in the tests data for Apache DS connector.
I exported the ApacheDS configuration:
{
"key": "74141a3b-0762-4720-a4aa-fc3e374ef3ef",
"location":
"file:/ApacheSyncope/master/fit/core-reference/target/bundles/",
"connectorName": "net.tirasa.connid.bundles.ldap.LdapConnector",
"bundleName": "net.tirasa.connid.bundles.ldap",
"version": "1.5.1",
"displayName": "ApacheDS",
"connRequestTimeout": 10,
"poolConf": {
"maxObjects": null,
"minIdle": null,
"maxIdle": null,
"maxWait": null,
"minEvictableIdleTimeMillis": null
},
"conf": [
{
"schema": {
"name": "uidAttribute",
"displayName": "Uid Attribute",
"helpMessage": "The name of the LDAP attribute which is mapped
to the Uid attribute. Default is \"entryUUID\".",
"type": "java.lang.String",
"required": false,
"order": 21,
"confidential": false,
"defaultValues": [
"entryUUID"
]
},
"overridable": true,
"values": [
"cn"
]
},
{
"schema": {
"name": "synchronizePasswords",
"displayName": "Enable Password Synchronization",
"helpMessage": "If true, the connector will synchronize
passwords. The Password Capture Plugin needs to be installed for
password synchronization to work. Default is \"false\".",
"type": "boolean",
"required": false,
"order": 32,
"confidential": false,
"defaultValues": [
false
]
},
"overridable": false,
"values": [
"false"
]
},
{
"schema": {
"name": "maintainLdapGroupMembership",
"displayName": "Maintain LDAP Group Membership",
"helpMessage": "When enabled and a user is renamed or deleted,
update any LDAP groups to which the user belongs to reflect the new
name. Otherwise, the LDAP resource must maintain referential integrity
with respect to group membership. Default is \"false\".",
"type": "boolean",
"required": false,
"order": 15,
"confidential": false,
"defaultValues": [
false
]
},
"overridable": false,
"values": [
"true"
]
},
{
"schema": {
"name": "host",
"displayName": "Host",
"helpMessage": "The name or IP address of the host where the
LDAP server is running.",
"type": "java.lang.String",
"required": true,
"order": 1,
"confidential": false,
"defaultValues": []
},
"overridable": false,
"values": [
"localhost"
]
},
{
"schema": {
"name": "passwordHashAlgorithm",
"displayName": "Password Hash Algorithm",
"helpMessage": "Indicates the algorithm that the Identity
system should use to hash the password. Currently supported values are
SSHA, SHA, SMD5, and MD5. A blank value indicates that the system will
not hash passwords. This will cause cleartext passwords to be stored in
LDAP unless the LDAP server performs the hash (Netscape Directory Server
and iPlanet Directory Server do).",
"type": "java.lang.String",
"required": false,
"order": 17,
"confidential": false,
"defaultValues": []
},
"overridable": false,
"values": [
"SHA"
]
},
{
"schema": {
"name": "accountUserNameAttributes",
"displayName": "Account User Name Attributes",
"helpMessage": "Attribute or attributes which holds the
account's user name. They will be used when authenticating to find the
LDAP entry for the user name to authenticate.",
"type": "[Ljava.lang.String;",
"required": false,
"order": 10,
"confidential": false,
"defaultValues": [
"uid",
"cn"
]
},
"overridable": false,
"values": [
"uid"
]
},
{
"schema": {
"name": "port",
"displayName": "TCP Port",
"helpMessage": "TCP/IP port number used to communicate with the
LDAP server. The default is 389.",
"type": "int",
"required": false,
"order": 2,
"confidential": false,
"defaultValues": [
389
]
},
"overridable": false,
"values": [
1389
]
},
{
"schema": {
"name": "vlvSortAttribute",
"displayName": "VLV Sort Attribute",
"helpMessage": "Specify the sort attribute to use for VLV
indexes on the resource. Default is \"uid\".",
"type": "java.lang.String",
"required": false,
"order": 20,
"confidential": false,
"defaultValues": [
"uid"
]
},
"overridable": false,
"values": []
},
{
"schema": {
"name": "accountObjectClasses",
"displayName": "Account Object Classes",
"helpMessage": "The object class or classes that will be used
when creating new user objects in the LDAP tree. When entering more than
one object class, each entry should be on its own line; do not use
commas or semi-colons to separate multiple object classes. Some object
classes may require that you specify all object classes in the class
hierarchy.",
"type": "[Ljava.lang.String;",
"required": false,
"order": 9,
"confidential": false,
"defaultValues": [
"top",
"person",
"organizationalPerson",
"inetOrgPerson"
]
},
"overridable": false,
"values": [
"inetOrgPerson"
]
},
{
"schema": {
"name": "baseContextsToSynchronize",
"displayName": "Base Contexts to Synchronize",
"helpMessage": "One or more starting points in the LDAP tree
that will be used to determine if a change should be synchronized. The
base contexts attribute will be used to synchronize a change if this
property is not set.",
"type": "[Ljava.lang.String;",
"required": false,
"order": 23,
"confidential": false,
"defaultValues": []
},
"overridable": false,
"values": [
"ou=people,o=isp",
"ou=groups,o=isp"
]
},
{
"schema": {
"name": "accountSynchronizationFilter",
"displayName": "LDAP Filter for Accounts to Synchronize",
"helpMessage": "An optional LDAP filter for the objects to
synchronize. Because the change log is for all objects, this filter
updates only objects that match the specified filter. If you specify a
filter, an object will be synchronized only if it matches the filter and
includes a synchronized object class.",
"type": "java.lang.String",
"required": false,
"order": 27,
"confidential": false,
"defaultValues": []
},
"overridable": false,
"values": []
},
{
"schema": {
"name": "removeLogEntryObjectClassFromFilter",
"displayName": "Remove Log Entry Object Class from Filter",
"helpMessage": "If this property is set (the default), the
filter used to fetch change log entries does not contain the
\"changeLogEntry\" object class, expecting that there are no entries of
other object types in the change log. Default is \"true\".",
"type": "boolean",
"required": false,
"order": 31,
"confidential": false,
"defaultValues": [
true
]
},
"overridable": false,
"values": [
"false"
]
},
{
"schema": {
"name": "passwordDecryptionKey",
"displayName": "Password Decryption Key",
"helpMessage": "The key to decrypt passwords with when
performing password synchronization.",
"type": "org.identityconnectors.common.security.GuardedByteArray",
"required": false,
"order": 34,
"confidential": true,
"defaultValues": []
},
"overridable": false,
"values": []
},
{
"schema": {
"name": "respectResourcePasswordPolicyChangeAfterReset",
"displayName": "Respect Resource Password Policy
Change-After-Reset",
"helpMessage": "When this resource is specified in a Login
Module (i.e., this resource is a pass-through authentication target) and
the resource's password policy is configured for change-after-reset, a
user whose resource account password has been administratively reset
will be required to change that password after successfully
authenticating. Default is \"false\".",
"type": "boolean",
"required": false,
"order": 18,
"confidential": false,
"defaultValues": [
false
]
},
"overridable": false,
"values": [
"false"
]
},
{
"schema": {
"name": "maintainPosixGroupMembership",
"displayName": "Maintain POSIX Group Membership",
"helpMessage": "When enabled and a user is renamed or deleted,
update any POSIX groups to which the user belongs to reflect the new
name. Otherwise, the LDAP resource must maintain referential integrity
with respect to group membership. Default is \"false\".",
"type": "boolean",
"required": false,
"order": 16,
"confidential": false,
"defaultValues": [
false
]
},
"overridable": false,
"values": [
"false"
]
},
{
"schema": {
"name": "readSchema",
"displayName": "Read Schema",
"helpMessage": "If true, the connector will read the schema
from the server. If false, the connector will provide a default schema
based on the object classes in the configuration. This property must be
true in order to use extended object classes. Default is \"true\".",
"type": "boolean",
"required": false,
"order": 22,
"confidential": false,
"defaultValues": [
true
]
},
"overridable": false,
"values": [
"false"
]
},
{
"schema": {
"name": "ssl",
"displayName": "SSL",
"helpMessage": "Select the check box to connect to the LDAP
server using SSL. The default is \"false\".",
"type": "boolean",
"required": false,
"order": 3,
"confidential": false,
"defaultValues": [
false
]
},
"overridable": false,
"values": [
"false"
]
},
{
"schema": {
"name": "passwordAttributeToSynchronize",
"displayName": "Password Attribute to Synchronize",
"helpMessage": "The name of the password attribute to
synchronize when performing password synchronization.",
"type": "java.lang.String",
"required": false,
"order": 33,
"confidential": false,
"defaultValues": []
},
"overridable": false,
"values": []
},
{
"schema": {
"name": "accountSearchFilter",
"displayName": "LDAP Filter for Retrieving Accounts",
"helpMessage": "An optional LDAP filter to control which
accounts are returned from the LDAP resource. If no filter is specified,
only accounts that include all specified object classes are returned.",
"type": "java.lang.String",
"required": false,
"order": 11,
"confidential": false,
"defaultValues": []
},
"overridable": false,
"values": [
"uid=*"
]
},
{
"schema": {
"name": "passwordDecryptionInitializationVector",
"displayName": "Password Decryption Initialization Vector",
"helpMessage": "The initialization vector to decrypt passwords
with when performing password synchronization.",
"type": "org.identityconnectors.common.security.GuardedByteArray",
"required": false,
"order": 35,
"confidential": true,
"defaultValues": []
},
"overridable": false,
"values": []
},
{
"schema": {
"name": "groupMemberAttribute",
"displayName": "Group Member Attribute",
"helpMessage": "The name of the group attribute that will be
updated with the distinguished name of the user when the user is added
to the group. Default is \"uniqueMember\".",
"type": "java.lang.String",
"required": false,
"order": 14,
"confidential": false,
"defaultValues": [
"uniqueMember"
]
},
"overridable": false,
"values": []
},
{
"schema": {
"name": "failover",
"displayName": "Failover Servers",
"helpMessage": "List all servers that should be used for
failover in case the preferred server fails. If the preferred server
fails, JNDI will connect to the next available server in the list. List
all servers in the form of \"ldap://ldap.example.com:389/\";, which
follows the standard LDAP v3 URLs described in RFC 2255. Only the host
and port parts of the URL are relevant in this setting.",
"type": "[Ljava.lang.String;",
"required": false,
"order": 4,
"confidential": false,
"defaultValues": []
},
"overridable": false,
"values": []
},
{
"schema": {
"name": "statusManagementClass",
"displayName": "Status management class ",
"helpMessage": "Class to be used to manage enabled/disabled
status. If no class is specified then identity status management wont be
possible.",
"type": "java.lang.String",
"required": false,
"order": 36,
"confidential": false,
"defaultValues": []
},
"overridable": false,
"values": [
"net.tirasa.connid.bundles.ldap.commons.AttributeStatusManagement"
]
},
{
"schema": {
"name": "modifiersNamesToFilterOut",
"displayName": "Filter Out Changes By",
"helpMessage": "The names (DNs) of directory administrators to
filter from the changes. Changes with the attribute \"modifiersName\"
that match entries in this list will be filtered out. The standard value
is the administrator name used by this adapter, to prevent loops.
Entries should be of the format \"cn=Directory Manager\".",
"type": "[Ljava.lang.String;",
"required": false,
"order": 26,
"confidential": false,
"defaultValues": []
},
"overridable": false,
"values": []
},
{
"schema": {
"name": "groupObjectClasses",
"displayName": "Group Object Classes",
"helpMessage": "The group class or classes that will be used
when creating new group objects in the LDAP tree. When entering more
than one object class, each entry should be on its own line; do not use
commas or semi-colons to separate multiple group classes. Some group
classes may require that you specify all group classes in the class
hierarchy.",
"type": "[Ljava.lang.String;",
"required": false,
"order": 12,
"confidential": false,
"defaultValues": [
"top",
"groupOfUniqueNames"
]
},
"overridable": false,
"values": []
},
{
"schema": {
"name": "useVlvControls",
"displayName": "Use VLV Controls",
"helpMessage": "Wheter to enforce usage of VLV controls over
standard LDAP controls. Default is \"false\".",
"type": "boolean",
"required": false,
"order": 19,
"confidential": false,
"defaultValues": [
false
]
},
"overridable": false,
"values": []
},
{
"schema": {
"name": "retrievePasswordsWithSearch",
"displayName": "Retrieve passwords with search",
"helpMessage": "Whether to retrieve user passwords when
searching. The default is \"false\".",
"type": "boolean",
"required": false,
"order": 37,
"confidential": false,
"defaultValues": [
false
]
},
"overridable": false,
"values": []
},
{
"schema": {
"name": "dnAttribute",
"displayName": "Entry DN attribute name",
"helpMessage": "Entry DN attribute name (default: entryDN)",
"type": "java.lang.String",
"required": false,
"order": 38,
"confidential": false,
"defaultValues": [
"entryDN"
]
},
"overridable": false,
"values": []
},
{
"schema": {
"name": "groupSearchFilter",
"displayName": "LDAP Filter for Retrieving Groups",
"helpMessage": "An optional LDAP filter to control which groups
are returned from the LDAP resource. If no filter is specified, only
groups that include all specified object classes are returned.",
"type": "java.lang.String",
"required": false,
"order": 39,
"confidential": false,
"defaultValues": []
},
"overridable": false,
"values": []
},
{
"schema": {
"name": "readTimeout",
"displayName": "Read Timeout (Milliseconds)",
"helpMessage": "Time to wait for a response to be received. If
there is no response within the specified time period, the read attempt
will be aborted. Value 0 or less than 0 means there is no limit.",
"type": "long",
"required": false,
"order": 40,
"confidential": false,
"defaultValues": [
0
]
},
"overridable": false,
"values": []
},
{
"schema": {
"name": "connectTimeout",
"displayName": "Connection Timeout (Milliseconds)",
"helpMessage": "Time to wait when opening new server
connections. Value of 0 means the TCP network timeout will be used,
which may be several minutes. Value less than 0 means there is no limit.",
"type": "long",
"required": false,
"order": 41,
"confidential": false,
"defaultValues": [
0
]
},
"overridable": false,
"values": []
},
{
"schema": {
"name": "filterWithOrInsteadOfAnd",
"displayName": "Filter with Or Instead of And",
"helpMessage": "Normally the the filter used to fetch change
log entries is an and-based filter retrieving an interval of change
entries. If this property is set, the filter will or together the
required change numbers instead. Default is \"false\".",
"type": "boolean",
"required": false,
"order": 30,
"confidential": false,
"defaultValues": [
false
]
},
"overridable": false,
"values": [
"false"
]
},
{
"schema": {
"name": "passwordAttribute",
"displayName": "Password Attribute",
"helpMessage": "The name of the LDAP attribute which holds the
password. When changing an user's password, the new password is set to
this attribute. Default is \"userPassword\".",
"type": "java.lang.String",
"required": false,
"order": 8,
"confidential": false,
"defaultValues": [
"userPassword"
]
},
"overridable": false,
"values": [
"userpassword"
]
},
{
"schema": {
"name": "principal",
"displayName": "Principal",
"helpMessage": "The distinguished name with which to
authenticate to the LDAP server.",
"type": "java.lang.String",
"required": false,
"order": 5,
"confidential": false,
"defaultValues": []
},
"overridable": false,
"values": [
"uid=admin,ou=system"
]
},
{
"schema": {
"name": "changeLogBlockSize",
"displayName": "Change Log Block Size",
"helpMessage": "The number of change log entries to fetch per
query. Default is \"100\".",
"type": "int",
"required": false,
"order": 28,
"confidential": false,
"defaultValues": [
100
]
},
"overridable": false,
"values": [
100
]
},
{
"schema": {
"name": "groupNameAttributes",
"displayName": "Group Name Attributes",
"helpMessage": "Attribute or attributes which holds the group's
name. Default is \"cn\".",
"type": "[Ljava.lang.String;",
"required": false,
"order": 13,
"confidential": false,
"defaultValues": [
"cn"
]
},
"overridable": false,
"values": [
"cn"
]
},
{
"schema": {
"name": "changeNumberAttribute",
"displayName": "Change Number Attribute",
"helpMessage": "The name of the change number attribute in the
change log entry. Default is \"changeNumber\".",
"type": "java.lang.String",
"required": false,
"order": 29,
"confidential": false,
"defaultValues": [
"changeNumber"
]
},
"overridable": false,
"values": [
"changeNumber"
]
},
{
"schema": {
"name": "objectClassesToSynchronize",
"displayName": "Object Classes to Synchronize",
"helpMessage": "The object classes to synchronize. The change
log is for all objects; this filters updates to just the listed object
classes. You should not list the superclasses of an object class unless
you intend to synchronize objects with any of the superclass values. For
example, if only \"inetOrgPerson\" objects should be synchronized, but
the superclasses of \"inetOrgPerson\" (\"person\",
\"organizationalperson\" and \"top\") should be filtered out, then list
only \"inetOrgPerson\" here. All objects in LDAP are subclassed from
\"top\". For this reason, you should never list \"top\", otherwise no
object would be filtered. Default is \"inetOrgPerson\".",
"type": "[Ljava.lang.String;",
"required": false,
"order": 24,
"confidential": false,
"defaultValues": [
"inetOrgPerson"
]
},
"overridable": false,
"values": [
"inetOrgPerson",
"groupOfUniqueNames"
]
},
{
"schema": {
"name": "credentials",
"displayName": "Password",
"helpMessage": "Password for the principal.",
"type": "org.identityconnectors.common.security.GuardedString",
"required": false,
"order": 6,
"confidential": true,
"defaultValues": []
},
"overridable": false,
"values": [
"secret"
]
},
{
"schema": {
"name": "baseContexts",
"displayName": "Base Contexts",
"helpMessage": "One or more starting points in the LDAP tree
that will be used when searching the tree. Searches are performed when
discovering users from the LDAP server or when looking for the groups of
which a user is a member.",
"type": "[Ljava.lang.String;",
"required": true,
"order": 7,
"confidential": false,
"defaultValues": []
},
"overridable": true,
"values": [
"ou=people,o=isp",
"ou=groups,o=isp"
]
},
{
"schema": {
"name": "attributesToSynchronize",
"displayName": "Attributes to Synchronize",
"helpMessage": "The names of the attributes to synchronize.
This ignores updates from the change log if they do not update any of
the named attributes. For example, if only \"department\" is listed,
then only changes that affect \"department\" will be processed. All
other updates are ignored. If blank (the default), then all changes are
processed.",
"type": "[Ljava.lang.String;",
"required": false,
"order": 25,
"confidential": false,
"defaultValues": []
},
"overridable": false,
"values": []
}
],
"capabilities": [
"CREATE",
"UPDATE",
"DELETE",
"SEARCH"
]
}
Regards
M
On Fri, May 12, 2017 at 11:03 AM, Marco Di Sabatino Di Diodoro
<[email protected] <mailto:[email protected]>> wrote:
Hi Sasha,
Il 12/05/2017 09:29, sasha gesta ha scritto:
Hello,
I tried to connect Syncope 2.0.3 to ApacheDS 2.0.0-M23, but it
ended with unsuccessful bind to ldap server :
Connection failure: ConnectorException
[OperationNotSupportedException: [LDAP: error code 53 -
UNWILLING_TO_PERFORM: Bind failed: Cannot Bind for Dn
uid=admin,ou=system]]
Connecting to ldap using JXplorer and the same settings was
successful.
With syncope version 2.0.2 it worked as it should. Binding was
successful.
Check in your logs if there are other errors, for example
java.security.InvalidKeyException: Illegal key size
M
Sasha
--
Dott. Marco Di Sabatino Di Diodoro
Tel.+39 3939065570 <tel:+39%20393%20906%205570>
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel+39 0859116307 <tel:+39%20085%20911%206307> / FAX+39 0859111173
<tel:+39%20085%20911%201173>
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
<http://people.apache.org/%7Emdisabatino/>
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
