Re: Active Directory Connector - Delete User Not Working

[Andrea Patricelli]

Hi Sudeesh,

Your configuration seems good.
Please read inline.

Best regards,
Andrea


Il 21/06/2018 16:49, Sudeesh Kumar P ha scritto:

Hi Andrea ,

I have attached the logs below: I have tried in Active directory 2012 
& 2016. In both Iam facing the same issue.

AD Connector:

{"key":"0d35158b-4747-400b-b515-8b4747100bd3","adminRealm":"/","location":"file:/C:/javasoftwares/syncopeWithActiveDirectory-master/core/target/bundles/","connectorName":"net.tirasa.connid.bundles.ad.ADConnector","bundleName":"net.tirasa.connid.bundles.ad","version":"1.3.4","displayName":"AD_teak","connRequestTimeout":10,"poolConf":null,"conf":[{"schema":{"name":"host","displayName":"Server 
hostname","helpMessage":"Insert 
hostname","type":"java.lang.String","required":true,"order":1,"confidential":false,"defaultValues":[]},"overridable":false,"values":["TESTAD"]},{"schema":{"name":"ssl","displayName":"SSL","helpMessage":"User 
SSL to perform password 
provisioning","type":"boolean","required":false,"order":1,"confidential":false,"defaultValues":[true]},"overridable":false,"values":["false"]},{"schema":{"name":"memberships","displayName":"Memberships","helpMessage":"Specify 
memberships","type":"[Ljava.lang.String;","required":false,"order":1,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"retrieveDeletedUser","displayName":"Retrieve 
deleted users","helpMessage":"Specify TRUE to retrieve deleted users 
also. The default is 
\"true\".","type":"boolean","required":false,"order":2,"confidential":false,"defaultValues":[true]},"overridable":false,"values":["false"]},{"schema":{"name":"port","displayName":"Server 
port","helpMessage":"Insert port. The default is 
636.","type":"int","required":false,"order":2,"confidential":false,"defaultValues":[636]},"overridable":false,"values":["389"]},{"schema":{"name":"retrieveDeletedGroup","displayName":"Retrieve 
deleted groups","helpMessage":"Specify TRUE to retrieve deleted groups 
also","type":"boolean","required":false,"order":3,"confidential":false,"defaultValues":[true]},"overridable":false,"values":["false"]},{"schema":{"name":"trustAllCerts","displayName":"Trust 
all certs","helpMessage":"Specify TRUE to trust all certs. The default 
is 
\"false\".","type":"boolean","required":false,"order":4,"confidential":false,"defaultValues":[false]},"overridable":false,"values":["true"]},{"schema":{"name":"failover","displayName":"Failover","helpMessage":"Failover 
host:port","type":"[Ljava.lang.String;","required":false,"order":4,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"principal","displayName":"Principal","helpMessage":"Insert 
DN of a user with administration 
capabilities","type":"java.lang.String","required":false,"order":5,"confidential":false,"defaultValues":[]},"overridable":false,"values":["CN=Administrator,CN=Users,DC=DELL,DC=COM"]},{"schema":{"name":"membershipsInOr","displayName":"Verify 
memberships in OR","helpMessage":"Specify TRUE if you want to verify 
memberships using OR logical operator. The default is 
\"false\".","type":"boolean","required":false,"order":5,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"credentials","displayName":"Principal 
password","helpMessage":"Insert password for 
administrator","type":"org.identityconnectors.common.security.GuardedString","required":false,"order":6,"confidential":true,"defaultValues":[]},"overridable":false,"values":["star@123"]},{"schema":{"name":"baseContextsToSynchronize","displayName":"Root 
suffixes","helpMessage":"Insert root 
suffixes","type":"[Ljava.lang.String;","required":true,"order":6,"confidential":false,"defaultValues":[]},"overridable":true,"values":["DC=DELL,DC=COM"]},{"schema":{"name":"defaultPeopleContainer","displayName":"Default 
people container","helpMessage":"Default people container to be used 
in case of entry DN is not 
provided","type":"java.lang.String","required":false,"order":7,"confidential":false,"defaultValues":[]},"overridable":false,"values":["OU=SYNCOPE,DC=DELL,DC=COM"]},{"schema":{"name":"defaultGroupContainer","displayName":"Default 
group container","helpMessage":"Default group container to be used in 
case of entry DN is not 
provided","type":"java.lang.String","required":false,"order":8,"confidential":false,"defaultValues":[]},"overridable":false,"values":["CN=Administrators,CN=Builtin,DC=DELL,DC=COM"]},{"schema":{"name":"accountObjectClasses","displayName":"Entry 
object classes","helpMessage":"Insert object classes to assign to 
managed 
entries","type":"[Ljava.lang.String;","required":false,"order":9,"confidential":false,"defaultValues":["top","person","organizationalPerson","inetOrgPerson"]},"overridable":false,"values":["top","person","organizationalPerson","inetOrgPerson","organizationalUnit"]},{"schema":{"name":"userSearchScope","displayName":"User 
search scope","helpMessage":"Choose object, onlevel or 
subtree","type":"java.lang.String","required":false,"order":9,"confidential":false,"defaultValues":["subtree"]},"overridable":false,"values":["subtree"]},{"schema":{"name":"groupSearchScope","displayName":"Group 
search scope","helpMessage":"Choose object, onlevel or 
subtree","type":"java.lang.String","required":false,"order":10,"confidential":false,"defaultValues":["subtree"]},"overridable":false,"values":["subtree"]},{"schema":{"name":"groupSearchFilter","displayName":"Custom 
group search filter","helpMessage":"Custom group search 
filter","type":"java.lang.String","required":false,"order":11,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"accountSearchFilter","displayName":"Custom 
user search filter","helpMessage":"Custom user search 
filter","type":"java.lang.String","required":false,"order":11,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"groupBaseContexts","displayName":"Base 
contexts for group entry searches","helpMessage":"DN of context to be 
used as starting point for group entry 
searches","type":"[Ljava.lang.String;","required":false,"order":12,"confidential":false,"defaultValues":[]},"overridable":false,"values":["CN=Administrators,CN=Builtin,DC=DELL,DC=COM"]},{"schema":{"name":"userBaseContexts","displayName":"Base 
contexts for user entry searches","helpMessage":"DN of context to be 
used as starting point for user entry 
searches","type":"[Ljava.lang.String;","required":false,"order":13,"confidential":false,"defaultValues":[]},"overridable":false,"values":["OU=SYNCOPE,DC=DELL,DC=COM"]},{"schema":{"name":"groupMemberReferenceAttribute","displayName":"Group 
members reference attribute ","helpMessage":"Group attribute 
referencing (by DN) the users members of a 
group","type":"java.lang.String","required":false,"order":14,"confidential":false,"defaultValues":["member"]},"overridable":false,"values":["member"]},{"schema":{"name":"groupOwnerReferenceAttribute","displayName":"Group 
owner reference attribute","helpMessage":"Group attribute name 
referencing (by DN) the 
owner","type":"java.lang.String","required":false,"order":15,"confidential":false,"defaultValues":["managedBy"]},"overridable":false,"values":["managedBy"]},{"schema":{"name":"startSyncFromToday","displayName":"Null 
token is the latest","helpMessage":"Reset null token value to the 
latest (sync with null token will not return any result). The default 
is 
\"true\".","type":"boolean","required":false,"order":16,"confidential":false,"defaultValues":[true]},"overridable":false,"values":[true]},{"schema":{"name":"pwdUpdateOnly","displayName":"Permit 
password update only","helpMessage":"Specify TRUE if you want to 
permit password update only: create/delete operation will be denied 
while other attributes update requests will be 
ignored.","type":"boolean","required":true,"order":17,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"membershipConservativePolicy","displayName":"Conservative 
membership policy","helpMessage":"Conservative managing and assignment 
of groups to user. The groups already assigned will not be 
removed.","type":"boolean","required":false,"order":18,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"defaultIdAttribute","displayName":"Default 
Uid","helpMessage":"The name of the attribute which is mapped to the 
id attribute in case of object different from account and group. 
Default is 
\"cn\".","type":"java.lang.String","required":false,"order":19,"confidential":false,"defaultValues":["cn"]},"overridable":true,"values":["cn"]},{"schema":{"name":"uidAttribute","displayName":"Uid 
Attribute","helpMessage":"The name of the attribute which is mapped to 
the Uid attribute. Default is 
\"sAMAccountName\".","type":"java.lang.String","required":false,"order":21,"confidential":false,"defaultValues":["sAMAccountName"]},"overridable":true,"values":["cn"]},{"schema":{"name":"gidAttribute","displayName":"Uid 
Attribute for groups","helpMessage":"The name of the attribute which 
is mapped to the Uid attribute for groups. Default is 
\"sAMAccountName\".","type":"java.lang.String","required":false,"order":22,"confidential":false,"defaultValues":["sAMAccountName"]},"overridable":false,"values":["sAMAccountName"]},{"schema":{"name":"objectClassesToSynchronize","displayName":"Object 
classes to synchronize","helpMessage":"Specify object classes to 
identify entry to 
synchronize","type":"[Ljava.lang.String;","required":false,"order":25,"confidential":false,"defaultValues":["user"]},"overridable":false,"values":["user","organizationalUnit"]}],"capabilities":["CREATE","UPDATE","DELETE","SEARCH","SYNC"]}

AD_Resource:

{"key":"AD_users_groups","connector":"0d35158b-4747-400b-b515-8b4747100bd3","connectorDisplayName":"AD_teak","orgUnit":null,"propagationPriority":null,"randomPwdIfNotProvided":false,"enforceMandatoryCondition":false,"createTraceLevel":"ALL","updateTraceLevel":"ALL","deleteTraceLevel":"ALL","provisioningTraceLevel":"ALL","passwordPolicy":null,"accountPolicy":null,"pullPolicy":null,"overrideCapabilities":true,"provisions":[{"key":"d5949dcd-ea19-49f9-949d-cdea19c9f978","anyType":"USER","objectClass":"__ACCOUNT__","syncToken":null,"mapping":{"connObjectLink":"","connObjectKeyItem":{"key":"1e6d7ed3-aa84-4bf2-ad7e-d3aa84abf2d2","intAttrName":"username","extAttrName":"sAMAccountName","connObjectKey":true,"password":false,"mandatoryCondition":"true","purpose":"BOTH","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformerClassNames":[]},"items":[{"key":"1e6d7ed3-aa84-4bf2-ad7e-d3aa84abf2d2","intAttrName":"username","extAttrName":"sAMAccountName","connObjectKey":true,"password":false,"mandatoryCondition":"true","purpose":"BOTH","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformerClassNames":[]},{"key":"857d7744-855c-4221-bd77-44855c52218c","intAttrName":"email","extAttrName":"UserPrincipalName","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"BOTH","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformerClassNames":[]}],"linkingItems":[]},"auxClasses":[],"virSchemas":[]}],"confOverride":[{"schema":{"name":"baseContextsToSynchronize","displayName":"Root 
suffixes","helpMessage":"Insert root 
suffixes","type":"[Ljava.lang.String;","required":true,"order":6,"confidential":false,"defaultValues":[]},"overridable":false,"values":["DC=DELL,DC=COM"]},{"schema":{"name":"defaultIdAttribute","displayName":"Default 
Uid","helpMessage":"The name of the attribute which is mapped to the 
id attribute in case of object different from account and group. 
Default is 
\"cn\".","type":"java.lang.String","required":false,"order":19,"confidential":false,"defaultValues":["cn"]},"overridable":false,"values":["cn"]},{"schema":{"name":"uidAttribute","displayName":"Uid 
Attribute","helpMessage":"The name of the attribute which is mapped to 
the Uid attribute. Default is 
\"sAMAccountName\".","type":"java.lang.String","required":false,"order":21,"confidential":false,"defaultValues":["sAMAccountName"]},"overridable":false,"values":["cn"]}],"capabilitiesOverride":["CREATE","UPDATE","DELETE","SEARCH","SYNC"],"propagationActionsClassNames":["org.apache.syncope.core.provisioning.java.propagation.LDAPMembershipPropagationActions"]}

Regards

Sudeesh Kumar

*From:*Andrea Patricelli [mailto:andreapatrice...@apache.org]
*Sent:* Wednesday, June 20, 2018 7:50 PM
*To:* user@syncope.apache.org
*Subject:* Re: Active Directory Connector - Delete User Not Working

Hi Sudeesh,

Il 20/06/2018 14:37, Sudeesh Kumar P ha scritto:

    Hi,

              I have setup the Apache Syncope project 2.0.5 which was obtained 
from (https://github.com/Tirasa/syncopeWithActiveDirectory.git
    <http://github.com/Tirasa/syncopeWithActiveDirectory.git>). I have 
connected my Active directory server through AD connector. I can import user to 
Apache Syncope through the connector. If I delete a user in Active directory it is 
not getting removed from Apache Syncope. I can also see that the user is removed from 
the AD_resource. I used Full_Reconciliation pull task and also enabled delete option 
in both connector side and resource side.


While pulling with full reconciliation if you delete the user on AD and 
then launch the pull it is normal that you still see the user on 
Syncope. Syncope is not able to "know" anything about deleted users 
unless using changelog. In order to enable deletion AD -> Syncope you 
should use incremental reconciliation that uses AD changelog and also is 
"aware" of all changes on AD, deletions included.

      

    If I use Incremental option for Pull Task, I can see the user getting 
imported to the AD connector resource but the user is not getting created in 
Apache Syncope.

What do you mean precisely with "I can see the user getting imported to 
the AD connector resource"?
Are you pulling users AD -> Syncope right? Do you see any errors in 
core.log and core-connid.log?

      

    Versions tried – 2.0.5,2.0.8,2.0.9

      

    If there is any working project with the above scenario please share it.

This one should work, but sometimes configuration should be tuned in 
order to let Syncope work as expected.

Which version of Active Directory are you using?
Do you see any errors in core.log and core-connid.log files?

Please share your connector and resource configuration.
You can get them by running:
curl -X GET 
"http://syncope-vm.apache.org:9080/syncope/rest/connectors/*my-conn-key*"; 
-H "accept: application/json" -H "X-Syncope-Domain: Master"
and
curl -X GET 
"http://syncope-vm.apache.org:9080/syncope/rest/resources/*my-resource-key*"; 
-H "accept: application/json" -H "X-Syncope-Domain: Master"

or using swagger extension [1]

Best regards,
Andrea

[1] https://syncope.apache.org/docs/reference-guide.html#swagger


Best regards,
Andrea

      

    Regards

    Sudeesh Kumar

--
Dott. Andrea Patricelli
Tel. +39 3204524292
Developer @ Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member

--
Dott. Andrea Patricelli
Tel. +39 3204524292

Developer @ Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net

Apache Syncope PMC Member