Have you set a mapping for GROUP? Could you share it?
Pay attention to the object link for groups. It should be something like
this: 'cn=' + name + ',ou=groups,dc=sample,dc=com'
If it is correct (as I thisnk) try to use as uidAttribute an attribute
that both USER and GROUP have, and is mapped to any of Syncope
attributes. cn for example.
You have a working example at [1] (Apache DS, resource-ldap).
Best regards,
Andrea
[1] http://syncope-vm.apache.org:9080/syncope-console
Il 21/07/2017 13:15, Böhmer, Martin ha scritto:
Hi Andrea,
Thank you for the quick reply!
I changed the uidAttribute as you suggested and sync works for users.
However, now I have the very same problem with groups whose remote IDs
happen to be empty.
So, when I change the uidAttribute to „uid“, will the same connector
also work for groups? Or do I need to create a second connector for
synchronizing groups?
I am asking, because groups have the attribute “cn” in their dn
instead of “uid” (see below).
Regards,
Martin
*Von:*Andrea Patricelli [mailto:[email protected]]
*Gesendet:* Freitag, 21. Juli 2017 12:29
*An:* [email protected]
*Betreff:* Re: Configuration of LDAP Identity Store
Hi Martin,
try to change, in connector configuration, the uidAttribute value to
*uid* instead of "*entryUUID*".
BTW if this does not work could you attach core-connid.log file?
HTH,
Andrea
Il 21/07/2017 12:00, Böhmer, Martin ha scritto:
HI,
I cannot get the configuration of my LDAP Identity Store right.
What I want is a synchronization of user, groups and group
memberships, meaning that everything change in Syncope is
propagated to LDAP and vice-versa.
With my current configuration below, I am able to pull users from
LDAP (pull task) and propagate new users to LDAP when created in
Syncope. What is not working is the synchronization of users
existing in both systems. Syncope claims about a missing remote
key. This is particularly strange when creating a user in Syncope.
On the result screen of the user creation, the remote key is
correctly display. When I close that screen and open the “Manage
resources” dialog for that user, the remote key is gone and thus
propagation of updates to LDAP fails.
Any hints would be greatly appreciated!
Regards,
Martin
I’m using *_OpenLDAP_*. The tree looks like this
dc=example,dc=com
·ou=people
ouid=johndoe
o…
·ou=groups
ocn=testgroup
Here is the configuration of the *_LDAP connector_* (properties
not listed were not touched = default value)
Bundle
*net.tirasa.connid.bundles.ldap*
Host
*localhost*
TCP Port
389
Principal
*cn=syncope,dc=exmaple,dc=com*
Password
*/******/*
Base Contexts
*dc=exmaple,dc=com*
Password Attribute
userPassword
Account Object Classes
top, person, organizationalPerson, inetOrgPerson
Account User Name Attributes
uid, cn
Group Object Classes
top, groupOfuniqueNames
Group Name Attributes
cn
Group Member Attribute
uniqueMember
Maintain LDAP Group Membership
(Haken)
Password Hash Algorithm
*SSHA*
VLV Sort Attribute
*uid*
Uid Attribute
*entryUUID*
Read Schema
(Haken)
Base Contexts to Synchronize
(leer)
Object Classes to Synchronize
*inetOrgPerson, groupOfUniqueNames*
Attributes to Synchronize
(leer)
Remove Log Entry Object Class from Filter
(Haken)
Enable Password Synchronization
(Fehler)
Status management class
*net.tirasa.connid.bundles.ldap.commons.AttributeStatusManagement*
Capabilities
*/(all selected)/*
And this is the configuration of my *_LDAP resource_*:
Propagation Actions
*LDAPPAsswordPropagationAction*
*LDAPMembershipPropagationAction*
Override Capabilities?
(Fehler)
Account Policy
/(none)/
Password Policy
/(none)/
Pull Policy
/(none)/)
Finally, the *_mapping configuration_*
Type
/User/
Object Class
/__ACCOUNT__/
Mapping
username
/Int: username
ext: uid
Remote key: yes/
Mapping
email
/Int: email
Ext: mail/
Mapping
password
/Int: password
Ext: userPassword
Password: yes/
Object Link
/‘uid=’ + username + ‘,ou=people,dc=example,dc=com’/
--
Dott. Andrea Patricelli
Tel. +39 3204524292
Developer @ Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
--
Dott. Andrea Patricelli
Tel. +39 3204524292
Developer @ Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
