Hello Thomas,
In order to contribute a little to the community, hero goes what i did
(maybe some steps i forgot) to connect to AD, from the fresh install of
CentOS...
Install java 8 (from tar.gz, not from package manager)
install maven (from tar.gz, not from package manager)
install tomcat8.5 (from tar.gz, not from package manager)
Somehow followed this links:
https://github.com/Tirasa/syncopeOnJBoss/blob/master/README.md
https://cwiki.apache.org/confluence/display/SYNCOPE/Run+Syncope+in+real+environments
https://cwiki.apache.org/confluence/display/SYNCOPE/Configure+an+Active+Directory+resource
Basically,
~# mkdir -p /opt/syncope/bundles
~# mkdir -p /opt/syncope/log
~# mkdir -p /opt/syncope/conf
~#mkdir build
~#cd build
build# mvn archetype:generate
-DarchetypeGroupId=org.apache.syncope
-DarchetypeArtifactId=syncope-archetype
-DarchetypeRepository=http://repo1.maven.org/maven2
-DarchetypeVersion=2.0.3
(here follow the prompts)
build#cd syncope
syncope# mvn -Dconf.directory=/opt/syncope/conf
-Dbundles.directory=/opt/syncope/bundles
-Dlog.directory=/opt/syncope/log -P all clean package
syncope# cp core/target/classes/*properties /opt/syncope/conf/
syncope# cp console/target/classes/*properties /opt/syncope/conf/
syncope# cp enduser/target/classes/*properties /opt/syncope/conf/
syncope# cp core/target/syncope.war /opt/tomcat8.5/webapps/
syncope# cp console/target/syncope-console.war /opt/tomcat8.5/webapps/
syncope# cp enduser/target/syncope-enduser.war /opt/tomcat8.5/webapps/
syncope# cp console/target/syncope-console.war /opt/tomcat8.5/webapps/
Probably you will find some problems with permissions or something,
remember to check that.
And before mvn package confirm the configs in
core/src/main/resources/domains/Master.properties
core/src/main/resources/persistence.properties
core/src/main/resources/provisioning.properties
core/src/main/resources/persistence.properties
Here you'll find some more help with the configs
https://github.com/apache/syncope/tree/master/fit/core-reference/src/main/resources
With the syncope up and running...
Connector definitions:
SSL
true
hostname
your hostname
retrieve deleted users
true
server port
636
retrieve deleted groups
true
trust all certs
true
principal
your windows server admin, probably like
CN=Administrator,CN=Users,DC=example,DC=com
root suffixes
DC=example,DC=com
default people container
CN=Users,DC=example,DC=com (or where you want the users)
default group container
CN=Users,DC=example,DC=com (or where you want the groups)
user search scope
subtree
entry object classes
top; person; organizationalPerson; user; group; inetOrgPerson
group search scope
subtree
custom user/group search filter
leave empty
base context for user/group entry searches
CN=Users,DC=example,DC=com
group members reference attribute
member
Group owner reference attibute
managedBy
uidAttribute
sAMAccountName
object classes to synchronize
user
Then add the provision rule like:
Best,
João Graça
On 18/05/2017 16:43, Francesco Chicchiriccò wrote:
On 18/05/2017 17:32, Thomas Maerz wrote:
Question though,
In order to use the AD ConnID, should I deploy using Maven or will
.deb work fine?
If you are using .deb, just check the content of the directory
/var/lib/apache-syncope/bundles
to see if the AD connector bundle is already there.
Regards.
On May 18, 2017, at 10:30 AM, Thomas Maerz <[email protected]>
wrote:
Yes, sorry about that. I started on this in preparation for a
migration project and we proceeded without it. For now we have been
manually synchronizing the directories but it appears it will go on
longer than anticipated so I’d like to get something set up to
eliminate human error.
Thank you for the response.
Thomas
On May 18, 2017, at 10:28 AM, Francesco Chicchiriccò
<[email protected]> wrote:
Wow, a timebomb from 6 months ago :-)
There is no (yet) step-by-step tutorial for Syncope and AD
available, but:
1. several other people seemed to succeed at it - see the recent
[1] for example - so I guess it shouldn't be hard for them to
support you here
2. there is absolutely no point in starting a project with Syncope
1.2 today
Regards
[1]
https://lists.apache.org/thread.html/bc0a61c40790a4f7e13076b8b9d2a6073a76fffc29d9773bac7e265e@%3Cuser.syncope.apache.org%3E
On 18/05/2017 17:24, Thomas Maerz wrote:
So there is no documentation still for Syncope 2.0 working with AD?
If this is the case, would it be better for me to just use Syncope
1.x?
Thomas
On Nov 4, 2016, at 9:48 AM, Francesco Chicchiriccò
<[email protected]> wrote:
On 04/11/2016 15:44, Thomas Maerz wrote:
Hi,
I’ve just installed Syncope on Ubuntu Server 16.04 using the
.deb packages. I am looking to create an Active Directory
Connector. The connector bundle is in the bundles directory out
of the box, but my installation does not have a resources tab in
the syncope-console. I’ve read the documentation and I don’t
know what I am doing wrong. Can the .deb installation not
utilize resource connectors or am I doing something wrong?
Hi Thomas,
which version are you running? It looks like you are looking at
the wiki pages, which are working for Syncope prior to 2.0 (e.g.
1.2, 1.1, ...), not for 2.0 and above.
I would suggest to take a look at the official docs:
https://syncope.apache.org/docs/getting-started.html
https://syncope.apache.org/docs/reference-guide.html
This tutorial might also be useful for your use case:
http://coheigea.blogspot.it/2016/08/pulling-users-and-groups-from-ldap-into.html
HTH
Regards.
