Re: Active Directory Connector - Delete User Not Working

Fri, 22 Jun 2018 01:47:50 -0700 

Moreover, please flag "Retrieve deleted users" in connector configuration.

Best regards,
Andrea

Il 22/06/2018 10:21, Andrea Patricelli ha scritto:


Hi Sudeesh,

Your configuration seems good.

Please read inline.

Best regards,
Andrea


Il 21/06/2018 16:49, Sudeesh Kumar P ha scritto:


Hi Andrea ,
I have attached the logs below: I have tried in Active directory 2012 & 2016. In both Iam facing the same issue. 

AD Connector:
{"key":"0d35158b-4747-400b-b515-8b4747100bd3","adminRealm":"/","location":"file:/C:/javasoftwares/syncopeWithActiveDirectory-master/core/target/bundles/","connectorName":"net.tirasa.connid.bundles.ad.ADConnector","bundleName":"net.tirasa.connid.bundles.ad","version":"1.3.4","displayName":"AD_teak","connRequestTimeout":10,"poolConf":null,"conf":[{"schema":{"name":"host","displayName":"Server hostname","helpMessage":"Insert hostname","type":"java.lang.String","required":true,"order":1,"confidential":false,"defaultValues":[]},"overridable":false,"values":["TESTAD"]},{"schema":{"name":"ssl","displayName":"SSL","helpMessage":"User SSL to perform password provisioning","type":"boolean","required":false,"order":1,"confidential":false,"defaultValues":[true]},"overridable":false,"values":["false"]},{"schema":{"name":"memberships","displayName":"Memberships","helpMessage":"Specify memberships","type":"[Ljava.lang.String;","required":false,"order":1,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"retrieveDeletedUser","displayName":"Retrieve deleted users","helpMessage":"Specify TRUE to retrieve deleted users also. The default is \"true\".","type":"boolean","required":false,"order":2,"confidential":false,"defaultValues":[true]},"overridable":false,"values":["false"]},{"schema":{"name":"port","displayName":"Server port","helpMessage":"Insert port. The default is 636.","type":"int","required":false,"order":2,"confidential":false,"defaultValues":[636]},"overridable":false,"values":["389"]},{"schema":{"name":"retrieveDeletedGroup","displayName":"Retrieve deleted groups","helpMessage":"Specify TRUE to retrieve deleted groups also","type":"boolean","required":false,"order":3,"confidential":false,"defaultValues":[true]},"overridable":false,"values":["false"]},{"schema":{"name":"trustAllCerts","displayName":"Trust all certs","helpMessage":"Specify TRUE to trust all certs. The default is \"false\".","type":"boolean","required":false,"order":4,"confidential":false,"defaultValues":[false]},"overridable":false,"values":["true"]},{"schema":{"name":"failover","displayName":"Failover","helpMessage":"Failover host:port","type":"[Ljava.lang.String;","required":false,"order":4,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"principal","displayName":"Principal","helpMessage":"Insert DN of a user with administration capabilities","type":"java.lang.String","required":false,"order":5,"confidential":false,"defaultValues":[]},"overridable":false,"values":["CN=Administrator,CN=Users,DC=DELL,DC=COM"]},{"schema":{"name":"membershipsInOr","displayName":"Verify memberships in OR","helpMessage":"Specify TRUE if you want to verify memberships using OR logical operator. The default is \"false\".","type":"boolean","required":false,"order":5,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"credentials","displayName":"Principal password","helpMessage":"Insert password for administrator","type":"org.identityconnectors.common.security.GuardedString","required":false,"order":6,"confidential":true,"defaultValues":[]},"overridable":false,"values":["star@123"]},{"schema":{"name":"baseContextsToSynchronize","displayName":"Root suffixes","helpMessage":"Insert root suffixes","type":"[Ljava.lang.String;","required":true,"order":6,"confidential":false,"defaultValues":[]},"overridable":true,"values":["DC=DELL,DC=COM"]},{"schema":{"name":"defaultPeopleContainer","displayName":"Default people container","helpMessage":"Default people container to be used in case of entry DN is not provided","type":"java.lang.String","required":false,"order":7,"confidential":false,"defaultValues":[]},"overridable":false,"values":["OU=SYNCOPE,DC=DELL,DC=COM"]},{"schema":{"name":"defaultGroupContainer","displayName":"Default group container","helpMessage":"Default group container to be used in case of entry DN is not provided","type":"java.lang.String","required":false,"order":8,"confidential":false,"defaultValues":[]},"overridable":false,"values":["CN=Administrators,CN=Builtin,DC=DELL,DC=COM"]},{"schema":{"name":"accountObjectClasses","displayName":"Entry object classes","helpMessage":"Insert object classes to assign to managed entries","type":"[Ljava.lang.String;","required":false,"order":9,"confidential":false,"defaultValues":["top","person","organizationalPerson","inetOrgPerson"]},"overridable":false,"values":["top","person","organizationalPerson","inetOrgPerson","organizationalUnit"]},{"schema":{"name":"userSearchScope","displayName":"User search scope","helpMessage":"Choose object, onlevel or subtree","type":"java.lang.String","required":false,"order":9,"confidential":false,"defaultValues":["subtree"]},"overridable":false,"values":["subtree"]},{"schema":{"name":"groupSearchScope","displayName":"Group search scope","helpMessage":"Choose object, onlevel or subtree","type":"java.lang.String","required":false,"order":10,"confidential":false,"defaultValues":["subtree"]},"overridable":false,"values":["subtree"]},{"schema":{"name":"groupSearchFilter","displayName":"Custom group search filter","helpMessage":"Custom group search filter","type":"java.lang.String","required":false,"order":11,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"accountSearchFilter","displayName":"Custom user search filter","helpMessage":"Custom user search filter","type":"java.lang.String","required":false,"order":11,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"groupBaseContexts","displayName":"Base contexts for group entry searches","helpMessage":"DN of context to be used as starting point for group entry searches","type":"[Ljava.lang.String;","required":false,"order":12,"confidential":false,"defaultValues":[]},"overridable":false,"values":["CN=Administrators,CN=Builtin,DC=DELL,DC=COM"]},{"schema":{"name":"userBaseContexts","displayName":"Base contexts for user entry searches","helpMessage":"DN of context to be used as starting point for user entry searches","type":"[Ljava.lang.String;","required":false,"order":13,"confidential":false,"defaultValues":[]},"overridable":false,"values":["OU=SYNCOPE,DC=DELL,DC=COM"]},{"schema":{"name":"groupMemberReferenceAttribute","displayName":"Group members reference attribute ","helpMessage":"Group attribute referencing (by DN) the users members of a group","type":"java.lang.String","required":false,"order":14,"confidential":false,"defaultValues":["member"]},"overridable":false,"values":["member"]},{"schema":{"name":"groupOwnerReferenceAttribute","displayName":"Group owner reference attribute","helpMessage":"Group attribute name referencing (by DN) the owner","type":"java.lang.String","required":false,"order":15,"confidential":false,"defaultValues":["managedBy"]},"overridable":false,"values":["managedBy"]},{"schema":{"name":"startSyncFromToday","displayName":"Null token is the latest","helpMessage":"Reset null token value to the latest (sync with null token will not return any result). The default is \"true\".","type":"boolean","required":false,"order":16,"confidential":false,"defaultValues":[true]},"overridable":false,"values":[true]},{"schema":{"name":"pwdUpdateOnly","displayName":"Permit password update only","helpMessage":"Specify TRUE if you want to permit password update only: create/delete operation will be denied while other attributes update requests will be ignored.","type":"boolean","required":true,"order":17,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"membershipConservativePolicy","displayName":"Conservative membership policy","helpMessage":"Conservative managing and assignment of groups to user. The groups already assigned will not be removed.","type":"boolean","required":false,"order":18,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"defaultIdAttribute","displayName":"Default Uid","helpMessage":"The name of the attribute which is mapped to the id attribute in case of object different from account and group. Default is \"cn\".","type":"java.lang.String","required":false,"order":19,"confidential":false,"defaultValues":["cn"]},"overridable":true,"values":["cn"]},{"schema":{"name":"uidAttribute","displayName":"Uid Attribute","helpMessage":"The name of the attribute which is mapped to the Uid attribute. Default is \"sAMAccountName\".","type":"java.lang.String","required":false,"order":21,"confidential":false,"defaultValues":["sAMAccountName"]},"overridable":true,"values":["cn"]},{"schema":{"name":"gidAttribute","displayName":"Uid Attribute for groups","helpMessage":"The name of the attribute which is mapped to the Uid attribute for groups. Default is \"sAMAccountName\".","type":"java.lang.String","required":false,"order":22,"confidential":false,"defaultValues":["sAMAccountName"]},"overridable":false,"values":["sAMAccountName"]},{"schema":{"name":"objectClassesToSynchronize","displayName":"Object classes to synchronize","helpMessage":"Specify object classes to identify entry to synchronize","type":"[Ljava.lang.String;","required":false,"order":25,"confidential":false,"defaultValues":["user"]},"overridable":false,"values":["user","organizationalUnit"]}],"capabilities":["CREATE","UPDATE","DELETE","SEARCH","SYNC"]} 

AD_Resource:
{"key":"AD_users_groups","connector":"0d35158b-4747-400b-b515-8b4747100bd3","connectorDisplayName":"AD_teak","orgUnit":null,"propagationPriority":null,"randomPwdIfNotProvided":false,"enforceMandatoryCondition":false,"createTraceLevel":"ALL","updateTraceLevel":"ALL","deleteTraceLevel":"ALL","provisioningTraceLevel":"ALL","passwordPolicy":null,"accountPolicy":null,"pullPolicy":null,"overrideCapabilities":true,"provisions":[{"key":"d5949dcd-ea19-49f9-949d-cdea19c9f978","anyType":"USER","objectClass":"__ACCOUNT__","syncToken":null,"mapping":{"connObjectLink":"","connObjectKeyItem":{"key":"1e6d7ed3-aa84-4bf2-ad7e-d3aa84abf2d2","intAttrName":"username","extAttrName":"sAMAccountName","connObjectKey":true,"password":false,"mandatoryCondition":"true","purpose":"BOTH","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformerClassNames":[]},"items":[{"key":"1e6d7ed3-aa84-4bf2-ad7e-d3aa84abf2d2","intAttrName":"username","extAttrName":"sAMAccountName","connObjectKey":true,"password":false,"mandatoryCondition":"true","purpose":"BOTH","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformerClassNames":[]},{"key":"857d7744-855c-4221-bd77-44855c52218c","intAttrName":"email","extAttrName":"UserPrincipalName","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"BOTH","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformerClassNames":[]}],"linkingItems":[]},"auxClasses":[],"virSchemas":[]}],"confOverride":[{"schema":{"name":"baseContextsToSynchronize","displayName":"Root suffixes","helpMessage":"Insert root suffixes","type":"[Ljava.lang.String;","required":true,"order":6,"confidential":false,"defaultValues":[]},"overridable":false,"values":["DC=DELL,DC=COM"]},{"schema":{"name":"defaultIdAttribute","displayName":"Default Uid","helpMessage":"The name of the attribute which is mapped to the id attribute in case of object different from account and group. Default is \"cn\".","type":"java.lang.String","required":false,"order":19,"confidential":false,"defaultValues":["cn"]},"overridable":false,"values":["cn"]},{"schema":{"name":"uidAttribute","displayName":"Uid Attribute","helpMessage":"The name of the attribute which is mapped to the Uid attribute. Default is \"sAMAccountName\".","type":"java.lang.String","required":false,"order":21,"confidential":false,"defaultValues":["sAMAccountName"]},"overridable":false,"values":["cn"]}],"capabilitiesOverride":["CREATE","UPDATE","DELETE","SEARCH","SYNC"],"propagationActionsClassNames":["org.apache.syncope.core.provisioning.java.propagation.LDAPMembershipPropagationActions"]} 

Regards

Sudeesh Kumar

*From:*Andrea Patricelli [mailto:[email protected]]
*Sent:* Wednesday, June 20, 2018 7:50 PM
*To:* [email protected]
*Subject:* Re: Active Directory Connector - Delete User Not Working

Hi Sudeesh,

Il 20/06/2018 14:37, Sudeesh Kumar P ha scritto:

    Hi,

              I have setup the Apache Syncope project 2.0.5 which was obtained 
from (https://github.com/Tirasa/syncopeWithActiveDirectory.git
    <http://github.com/Tirasa/syncopeWithActiveDirectory.git>). I have 
connected my Active directory server through AD connector. I can import user to 
Apache Syncope through the connector. If I delete a user in Active directory it is 
not getting removed from Apache Syncope. I can also see that the user is removed from 
the AD_resource. I used Full_Reconciliation pull task and also enabled delete option 
in both connector side and resource side.
While pulling with full reconciliation if you delete the user on AD and then launch the pull it is normal that you still see the user on Syncope. Syncope is not able to "know" anything about deleted users unless using changelog. In order to enable deletion AD -> Syncope you should use incremental reconciliation that uses AD changelog and also is "aware" of all changes on AD, deletions included. 


    If I use Incremental option for Pull Task, I can see the user getting 
imported to the AD connector resource but the user is not getting created in 
Apache Syncope.
What do you mean precisely with "I can see the user getting imported to the AD connector resource"? Are you pulling users AD -> Syncope right? Do you see any errors in core.log and core-connid.log? 


    Versions tried – 2.0.5,2.0.8,2.0.9


    If there is any working project with the above scenario please share it.
This one should work, but sometimes configuration should be tuned in order to let Syncope work as expected. 

Which version of Active Directory are you using?
Do you see any errors in core.log and core-connid.log files?

Please share your connector and resource configuration.
You can get them by running:
curl -X GET "http://syncope-vm.apache.org:9080/syncope/rest/connectors/*my-conn-key*"; -H "accept: application/json" -H "X-Syncope-Domain: Master" 
and
curl -X GET "http://syncope-vm.apache.org:9080/syncope/rest/resources/*my-resource-key*"; -H "accept: application/json" -H "X-Syncope-Domain: Master" 

or using swagger extension [1]

Best regards,
Andrea

[1] https://syncope.apache.org/docs/reference-guide.html#swagger



Best regards,
Andrea


    Regards

    Sudeesh Kumar

--
Dott. Andrea Patricelli
Tel. +39 3204524292
Developer @ Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member

--
Dott. Andrea Patricelli
Tel. +39 3204524292

Developer @ Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net

Apache Syncope PMC Member


--
Dott. Andrea Patricelli
Tel. +39 3204524292

Developer @ Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net

Apache Syncope PMC Member

Reply via email to