Hi Andrea,
I have also done that but still it is not working.
Regards
Sudeesh Kumar
From: Andrea Patricelli [mailto:[email protected]]
Sent: Friday, June 22, 2018 2:17 PM
To: [email protected]
Subject: Re: Active Directory Connector - Delete User Not Working
Moreover, please flag "Retrieve deleted users" in connector configuration.
Best regards,
Andrea
Il 22/06/2018 10:21, Andrea Patricelli ha scritto:
Hi Sudeesh,
Your configuration seems good.
Please read inline.
Best regards,
Andrea
Il 21/06/2018 16:49, Sudeesh Kumar P ha scritto:
Hi Andrea ,
I have attached the logs below: I have tried in Active
directory 2012 & 2016. In both Iam facing the same issue.
AD Connector:
{"key":"0d35158b-4747-400b-b515-8b4747100bd3","adminRealm":"/","location":"file:/C:/javasoftwares/syncopeWithActiveDirectory-master/core/target/bundles/"<file:///C:/javasoftwares/syncopeWithActiveDirectory-master/core/target/bundles/>,"connectorName":"net.tirasa.connid.bundles.ad.ADConnector","bundleName":"net.tirasa.connid.bundles.ad","version":"1.3.4","displayName":"AD_teak","connRequestTimeout":10,"poolConf":null,"conf":[{"schema":{"name":"host","displayName":"Server
hostname","helpMessage":"Insert
hostname","type":"java.lang.String","required":true,"order":1,"confidential":false,"defaultValues":[]},"overridable":false,"values":["TESTAD"]},{"schema":{"name":"ssl","displayName":"SSL","helpMessage":"User
SSL to perform password
provisioning","type":"boolean","required":false,"order":1,"confidential":false,"defaultValues":[true]},"overridable":false,"values":["false"]},{"schema":{"name":"memberships","displayName":"Memberships","helpMessage":"Specify
memberships","type":"[Ljava.lang.String;","required":false,"order":1,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"retrieveDeletedUser","displayName":"Retrieve
deleted users","helpMessage":"Specify TRUE to retrieve deleted users also. The
default is
\"true\".","type":"boolean","required":false,"order":2,"confidential":false,"defaultValues":[true]},"overridable":false,"values":["false"]},{"schema":{"name":"port","displayName":"Server
port","helpMessage":"Insert port. The default is
636.","type":"int","required":false,"order":2,"confidential":false,"defaultValues":[636]},"overridable":false,"values":["389"]},{"schema":{"name":"retrieveDeletedGroup","displayName":"Retrieve
deleted groups","helpMessage":"Specify TRUE to retrieve deleted groups
also","type":"boolean","required":false,"order":3,"confidential":false,"defaultValues":[true]},"overridable":false,"values":["false"]},{"schema":{"name":"trustAllCerts","displayName":"Trust
all certs","helpMessage":"Specify TRUE to trust all certs. The default is
\"false\".","type":"boolean","required":false,"order":4,"confidential":false,"defaultValues":[false]},"overridable":false,"values":["true"]},{"schema":{"name":"failover","displayName":"Failover","helpMessage":"Failover
host:port","type":"[Ljava.lang.String;","required":false,"order":4,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"principal","displayName":"Principal","helpMessage":"Insert
DN of a user with administration
capabilities","type":"java.lang.String","required":false,"order":5,"confidential":false,"defaultValues":[]},"overridable":false,"values":["CN=Administrator,CN=Users,DC=DELL,DC=COM"]},{"schema":{"name":"membershipsInOr","displayName":"Verify
memberships in OR","helpMessage":"Specify TRUE if you want to verify
memberships using OR logical operator. The default is
\"false\".","type":"boolean","required":false,"order":5,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"credentials","displayName":"Principal
password","helpMessage":"Insert password for
administrator","type":"org.identityconnectors.common.security.GuardedString","required":false,"order":6,"confidential":true,"defaultValues":[]},"overridable":false,"values":["star@123"]},{"schema":{"name":"baseContextsToSynchronize","displayName":"Root
suffixes","helpMessage":"Insert root
suffixes","type":"[Ljava.lang.String;","required":true,"order":6,"confidential":false,"defaultValues":[]},"overridable":true,"values":["DC=DELL,DC=COM"]},{"schema":{"name":"defaultPeopleContainer","displayName":"Default
people container","helpMessage":"Default people container to be used in case
of entry DN is not
provided","type":"java.lang.String","required":false,"order":7,"confidential":false,"defaultValues":[]},"overridable":false,"values":["OU=SYNCOPE,DC=DELL,DC=COM"]},{"schema":{"name":"defaultGroupContainer","displayName":"Default
group container","helpMessage":"Default group container to be used in case of
entry DN is not
provided","type":"java.lang.String","required":false,"order":8,"confidential":false,"defaultValues":[]},"overridable":false,"values":["CN=Administrators,CN=Builtin,DC=DELL,DC=COM"]},{"schema":{"name":"accountObjectClasses","displayName":"Entry
object classes","helpMessage":"Insert object classes to assign to managed
entries","type":"[Ljava.lang.String;","required":false,"order":9,"confidential":false,"defaultValues":["top","person","organizationalPerson","inetOrgPerson"]},"overridable":false,"values":["top","person","organizationalPerson","inetOrgPerson","organizationalUnit"]},{"schema":{"name":"userSearchScope","displayName":"User
search scope","helpMessage":"Choose object, onlevel or
subtree","type":"java.lang.String","required":false,"order":9,"confidential":false,"defaultValues":["subtree"]},"overridable":false,"values":["subtree"]},{"schema":{"name":"groupSearchScope","displayName":"Group
search scope","helpMessage":"Choose object, onlevel or
subtree","type":"java.lang.String","required":false,"order":10,"confidential":false,"defaultValues":["subtree"]},"overridable":false,"values":["subtree"]},{"schema":{"name":"groupSearchFilter","displayName":"Custom
group search filter","helpMessage":"Custom group search
filter","type":"java.lang.String","required":false,"order":11,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"accountSearchFilter","displayName":"Custom
user search filter","helpMessage":"Custom user search
filter","type":"java.lang.String","required":false,"order":11,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"groupBaseContexts","displayName":"Base
contexts for group entry searches","helpMessage":"DN of context to be used as
starting point for group entry
searches","type":"[Ljava.lang.String;","required":false,"order":12,"confidential":false,"defaultValues":[]},"overridable":false,"values":["CN=Administrators,CN=Builtin,DC=DELL,DC=COM"]},{"schema":{"name":"userBaseContexts","displayName":"Base
contexts for user entry searches","helpMessage":"DN of context to be used as
starting point for user entry
searches","type":"[Ljava.lang.String;","required":false,"order":13,"confidential":false,"defaultValues":[]},"overridable":false,"values":["OU=SYNCOPE,DC=DELL,DC=COM"]},{"schema":{"name":"groupMemberReferenceAttribute","displayName":"Group
members reference attribute ","helpMessage":"Group attribute referencing (by
DN) the users members of a
group","type":"java.lang.String","required":false,"order":14,"confidential":false,"defaultValues":["member"]},"overridable":false,"values":["member"]},{"schema":{"name":"groupOwnerReferenceAttribute","displayName":"Group
owner reference attribute","helpMessage":"Group attribute name referencing (by
DN) the
owner","type":"java.lang.String","required":false,"order":15,"confidential":false,"defaultValues":["managedBy"]},"overridable":false,"values":["managedBy"]},{"schema":{"name":"startSyncFromToday","displayName":"Null
token is the latest","helpMessage":"Reset null token value to the latest (sync
with null token will not return any result). The default is
\"true\".","type":"boolean","required":false,"order":16,"confidential":false,"defaultValues":[true]},"overridable":false,"values":[true]},{"schema":{"name":"pwdUpdateOnly","displayName":"Permit
password update only","helpMessage":"Specify TRUE if you want to permit
password update only: create/delete operation will be denied while other
attributes update requests will be
ignored.","type":"boolean","required":true,"order":17,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"membershipConservativePolicy","displayName":"Conservative
membership policy","helpMessage":"Conservative managing and assignment of
groups to user. The groups already assigned will not be
removed.","type":"boolean","required":false,"order":18,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"defaultIdAttribute","displayName":"Default
Uid","helpMessage":"The name of the attribute which is mapped to the id
attribute in case of object different from account and group. Default is
\"cn\".","type":"java.lang.String","required":false,"order":19,"confidential":false,"defaultValues":["cn"]},"overridable":true,"values":["cn"]},{"schema":{"name":"uidAttribute","displayName":"Uid
Attribute","helpMessage":"The name of the attribute which is mapped to the Uid
attribute. Default is
\"sAMAccountName\".","type":"java.lang.String","required":false,"order":21,"confidential":false,"defaultValues":["sAMAccountName"]},"overridable":true,"values":["cn"]},{"schema":{"name":"gidAttribute","displayName":"Uid
Attribute for groups","helpMessage":"The name of the attribute which is mapped
to the Uid attribute for groups. Default is
\"sAMAccountName\".","type":"java.lang.String","required":false,"order":22,"confidential":false,"defaultValues":["sAMAccountName"]},"overridable":false,"values":["sAMAccountName"]},{"schema":{"name":"objectClassesToSynchronize","displayName":"Object
classes to synchronize","helpMessage":"Specify object classes to identify
entry to
synchronize","type":"[Ljava.lang.String;","required":false,"order":25,"confidential":false,"defaultValues":["user"]},"overridable":false,"values":["user","organizationalUnit"]}],"capabilities":["CREATE","UPDATE","DELETE","SEARCH","SYNC"]}
AD_Resource:
{"key":"AD_users_groups","connector":"0d35158b-4747-400b-b515-8b4747100bd3","connectorDisplayName":"AD_teak","orgUnit":null,"propagationPriority":null,"randomPwdIfNotProvided":false,"enforceMandatoryCondition":false,"createTraceLevel":"ALL","updateTraceLevel":"ALL","deleteTraceLevel":"ALL","provisioningTraceLevel":"ALL","passwordPolicy":null,"accountPolicy":null,"pullPolicy":null,"overrideCapabilities":true,"provisions":[{"key":"d5949dcd-ea19-49f9-949d-cdea19c9f978","anyType":"USER","objectClass":"__ACCOUNT__","syncToken":null,"mapping":{"connObjectLink":"","connObjectKeyItem":{"key":"1e6d7ed3-aa84-4bf2-ad7e-d3aa84abf2d2","intAttrName":"username","extAttrName":"sAMAccountName","connObjectKey":true,"password":false,"mandatoryCondition":"true","purpose":"BOTH","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformerClassNames":[]},"items":[{"key":"1e6d7ed3-aa84-4bf2-ad7e-d3aa84abf2d2","intAttrName":"username","extAttrName":"sAMAccountName","connObjectKey":true,"password":false,"mandatoryCondition":"true","purpose":"BOTH","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformerClassNames":[]},{"key":"857d7744-855c-4221-bd77-44855c52218c","intAttrName":"email","extAttrName":"UserPrincipalName","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"BOTH","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformerClassNames":[]}],"linkingItems":[]},"auxClasses":[],"virSchemas":[]}],"confOverride":[{"schema":{"name":"baseContextsToSynchronize","displayName":"Root
suffixes","helpMessage":"Insert root
suffixes","type":"[Ljava.lang.String;","required":true,"order":6,"confidential":false,"defaultValues":[]},"overridable":false,"values":["DC=DELL,DC=COM"]},{"schema":{"name":"defaultIdAttribute","displayName":"Default
Uid","helpMessage":"The name of the attribute which is mapped to the id
attribute in case of object different from account and group. Default is
\"cn\".","type":"java.lang.String","required":false,"order":19,"confidential":false,"defaultValues":["cn"]},"overridable":false,"values":["cn"]},{"schema":{"name":"uidAttribute","displayName":"Uid
Attribute","helpMessage":"The name of the attribute which is mapped to the Uid
attribute. Default is
\"sAMAccountName\".","type":"java.lang.String","required":false,"order":21,"confidential":false,"defaultValues":["sAMAccountName"]},"overridable":false,"values":["cn"]}],"capabilitiesOverride":["CREATE","UPDATE","DELETE","SEARCH","SYNC"],"propagationActionsClassNames":["org.apache.syncope.core.provisioning.java.propagation.LDAPMembershipPropagationActions"]}
Regards
Sudeesh Kumar
From: Andrea Patricelli [mailto:[email protected]]
Sent: Wednesday, June 20, 2018 7:50 PM
To: [email protected]<mailto:[email protected]>
Subject: Re: Active Directory Connector - Delete User Not Working
Hi Sudeesh,
Il 20/06/2018 14:37, Sudeesh Kumar P ha scritto:
Hi,
I have setup the Apache Syncope project 2.0.5 which was obtained from
(https://github.com/Tirasa/syncopeWithActiveDirectory.git<http://github.com/Tirasa/syncopeWithActiveDirectory.git>).
I have connected my Active directory server through AD connector. I can import
user to Apache Syncope through the connector. If I delete a user in Active
directory it is not getting removed from Apache Syncope. I can also see that
the user is removed from the AD_resource. I used Full_Reconciliation pull task
and also enabled delete option in both connector side and resource side.
While pulling with full reconciliation if you delete the user on AD and then
launch the pull it is normal that you still see the user on Syncope. Syncope is
not able to "know" anything about deleted users unless using changelog. In
order to enable deletion AD -> Syncope you should use incremental
reconciliation that uses AD changelog and also is "aware" of all changes on AD,
deletions included.
If I use Incremental option for Pull Task, I can see the user getting imported
to the AD connector resource but the user is not getting created in Apache
Syncope.
What do you mean precisely with "I can see the user getting imported to the AD
connector resource"?
Are you pulling users AD -> Syncope right? Do you see any errors in core.log
and core-connid.log?
Versions tried - 2.0.5,2.0.8,2.0.9
If there is any working project with the above scenario please share it.
This one should work, but sometimes configuration should be tuned in order to
let Syncope work as expected.
Which version of Active Directory are you using?
Do you see any errors in core.log and core-connid.log files?
Please share your connector and resource configuration.
You can get them by running:
curl -X GET
"http://syncope-vm.apache.org:9080/syncope/rest/connectors/my-conn-key"; -H
"accept: application/json" -H "X-Syncope-Domain: Master"
and
curl -X GET
"http://syncope-vm.apache.org:9080/syncope/rest/resources/my-resource-key"; -H
"accept: application/json" -H "X-Syncope-Domain: Master"
or using swagger extension [1]
Best regards,
Andrea
[1] https://syncope.apache.org/docs/reference-guide.html#swagger
Best regards,
Andrea
Regards
Sudeesh Kumar
--
Dott. Andrea Patricelli
Tel. +39 3204524292
Developer @ Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
--
Dott. Andrea Patricelli
Tel. +39 3204524292
Developer @ Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
--
Dott. Andrea Patricelli
Tel. +39 3204524292
Developer @ Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
