Hello Everyone,
This is my first ever post on any forum so please excuse any mistakes or
faux pas.
Currently, I am able to create an account in AD when a password is set for
that user in Syncope, but I am unable to create an account in AD if a
password is not set. I figured using the 'Generate Random passwords when
missing' feature for an Active Directory resource would resolve this issue
but so far I am unable to create an account. Below is the error I am
receiving when attempting to create an account in AD without a password and
with the 'Generate Random Password when missing feature' enabled:
"Users failed to create: CREATE FAILURE (key/name):
aa44b786-9089-43ab-84b7-86908913aba2/testaccount with message:
javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
0000052D: SvcErr: DSID-031A1236, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'CN=testaccount,CN=Users,DC=Hyrule,DC=int'
Cause: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A1236, problem 5003
(WILL_NOT_PERFORM), data 0"
Here are the configs for my AD Connector and Resource.
Connector:
{
"key" : "79e9e401-214c-4647-a9e4-01214c56475c",
"adminRealm" : "/",
"location" : "file:/opt/syncope/bundles/",
"connectorName" : "net.tirasa.connid.bundles.ad.ADConnector",
"bundleName" : "net.tirasa.connid.bundles.ad",
"version" : "1.3.6",
"displayName" : "Hyrule AD",
"connRequestTimeout" : 10,
"poolConf" : null,
"conf" : [ {
"schema" : {
"name" : "host",
"displayName" : "Server hostname",
"helpMessage" : "Insert hostname",
"type" : "java.lang.String",
"required" : true,
"order" : 1,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ "DEV2019.Hyrule.int" ]
}, {
"schema" : {
"name" : "ssl",
"displayName" : "SSL",
"helpMessage" : "User SSL to perform password provisioning",
"type" : "boolean",
"required" : false,
"order" : 1,
"confidential" : false,
"defaultValues" : [ true ]
},
"overridable" : false,
"values" : [ true ]
}, {
"schema" : {
"name" : "memberships",
"displayName" : "Memberships",
"helpMessage" : "Specify memberships",
"type" : "[Ljava.lang.String;",
"required" : false,
"order" : 1,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ ]
}, {
"schema" : {
"name" : "retrieveDeletedUser",
"displayName" : "Retrieve deleted users",
"helpMessage" : "Specify TRUE to retrieve deleted users also. The
default is \"true\".",
"type" : "boolean",
"required" : false,
"order" : 2,
"confidential" : false,
"defaultValues" : [ true ]
},
"overridable" : false,
"values" : [ true ]
}, {
"schema" : {
"name" : "port",
"displayName" : "Server port",
"helpMessage" : "Insert port. The default is 636.",
"type" : "int",
"required" : false,
"order" : 2,
"confidential" : false,
"defaultValues" : [ 636 ]
},
"overridable" : false,
"values" : [ "636" ]
}, {
"schema" : {
"name" : "retrieveDeletedGroup",
"displayName" : "Retrieve deleted groups",
"helpMessage" : "Specify TRUE to retrieve deleted groups also",
"type" : "boolean",
"required" : false,
"order" : 3,
"confidential" : false,
"defaultValues" : [ true ]
},
"overridable" : false,
"values" : [ true ]
}, {
"schema" : {
"name" : "trustAllCerts",
"displayName" : "Trust all certs",
"helpMessage" : "Specify TRUE to trust all certs. The default is
\"false\".",
"type" : "boolean",
"required" : false,
"order" : 4,
"confidential" : false,
"defaultValues" : [ false ]
},
"overridable" : false,
"values" : [ "true" ]
}, {
"schema" : {
"name" : "failover",
"displayName" : "Failover",
"helpMessage" : "Failover host:port",
"type" : "[Ljava.lang.String;",
"required" : false,
"order" : 4,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ ]
}, {
"schema" : {
"name" : "principal",
"displayName" : "Principal",
"helpMessage" : "Insert DN of a user with administration
capabilities",
"type" : "java.lang.String",
"required" : false,
"order" : 5,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ "CN=Administrator,CN=Users,DC=Hyrule,DC=int" ]
}, {
"schema" : {
"name" : "membershipsInOr",
"displayName" : "Verify memberships in OR",
"helpMessage" : "Specify TRUE if you want to verify memberships using
OR logical operator. The default is \"false\".",
"type" : "boolean",
"required" : false,
"order" : 5,
"confidential" : false,
"defaultValues" : [ false ]
},
"overridable" : false,
"values" : [ false ]
}, {
"schema" : {
"name" : "credentials",
"displayName" : "Principal password",
"helpMessage" : "Insert password for administrator",
"type" : "org.identityconnectors.common.security.GuardedString",
"required" : false,
"order" : 6,
"confidential" : true,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ "GenPW123!" ]
}, {
"schema" : {
"name" : "baseContextsToSynchronize",
"displayName" : "Root suffixes",
"helpMessage" : "Insert root suffixes",
"type" : "[Ljava.lang.String;",
"required" : true,
"order" : 6,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ "DC=Hyrule,DC=int" ]
}, {
"schema" : {
"name" : "defaultPeopleContainer",
"displayName" : "Default people container",
"helpMessage" : "Default people container to be used in case of entry
DN is not provided",
"type" : "java.lang.String",
"required" : false,
"order" : 7,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ "CN=Users,DC=Hyrule,DC=int" ]
}, {
"schema" : {
"name" : "defaultGroupContainer",
"displayName" : "Default group container",
"helpMessage" : "Default group container to be used in case of entry
DN is not provided",
"type" : "java.lang.String",
"required" : false,
"order" : 8,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ "CN=Goups,DC=Hyrule,DC=int" ]
}, {
"schema" : {
"name" : "accountObjectClasses",
"displayName" : "Entry object classes",
"helpMessage" : "Insert object classes to assign to managed entries",
"type" : "[Ljava.lang.String;",
"required" : false,
"order" : 9,
"confidential" : false,
"defaultValues" : [ "top", "person", "organizationalPerson",
"inetOrgPerson" ]
},
"overridable" : false,
"values" : [ "top", "person", "organizationalPerson", "inetOrgPerson",
"OrganizationalUnit" ]
}, {
"schema" : {
"name" : "userSearchScope",
"displayName" : "User search scope",
"helpMessage" : "Choose object, onlevel or subtree",
"type" : "java.lang.String",
"required" : false,
"order" : 9,
"confidential" : false,
"defaultValues" : [ "subtree" ]
},
"overridable" : false,
"values" : [ "subtree" ]
}, {
"schema" : {
"name" : "groupSearchScope",
"displayName" : "Group search scope",
"helpMessage" : "Choose object, onlevel or subtree",
"type" : "java.lang.String",
"required" : false,
"order" : 10,
"confidential" : false,
"defaultValues" : [ "subtree" ]
},
"overridable" : false,
"values" : [ "subtree" ]
}, {
"schema" : {
"name" : "accountSearchFilter",
"displayName" : "Custom user search filter",
"helpMessage" : "Custom user search filter",
"type" : "java.lang.String",
"required" : false,
"order" : 11,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ ]
}, {
"schema" : {
"name" : "groupSearchFilter",
"displayName" : "Custom group search filter",
"helpMessage" : "Custom group search filter",
"type" : "java.lang.String",
"required" : false,
"order" : 11,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ ]
}, {
"schema" : {
"name" : "groupBaseContexts",
"displayName" : "Base contexts for group entry searches",
"helpMessage" : "DN of context to be used as starting point for group
entry searches",
"type" : "[Ljava.lang.String;",
"required" : false,
"order" : 12,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ "CN=Groups,DC=Hyrule,DC=int" ]
}, {
"schema" : {
"name" : "userBaseContexts",
"displayName" : "Base contexts for user entry searches",
"helpMessage" : "DN of context to be used as starting point for user
entry searches",
"type" : "[Ljava.lang.String;",
"required" : false,
"order" : 13,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ "CN=Users,DC=Hyrule,DC=int" ]
}, {
"schema" : {
"name" : "groupMemberReferenceAttribute",
"displayName" : "Group members reference attribute ",
"helpMessage" : "Group attribute referencing (by DN) the users members
of a group",
"type" : "java.lang.String",
"required" : false,
"order" : 14,
"confidential" : false,
"defaultValues" : [ "member" ]
},
"overridable" : false,
"values" : [ "member" ]
}, {
"schema" : {
"name" : "groupOwnerReferenceAttribute",
"displayName" : "Group owner reference attribute",
"helpMessage" : "Group attribute name referencing (by DN) the owner",
"type" : "java.lang.String",
"required" : false,
"order" : 15,
"confidential" : false,
"defaultValues" : [ "managedBy" ]
},
"overridable" : false,
"values" : [ "managedBy" ]
}, {
"schema" : {
"name" : "pwdUpdateOnly",
"displayName" : "Permit password update only",
"helpMessage" : "Specify TRUE if you want to permit password update
only: create/delete operation will be denied while other attributes update
requests will be ignored.",
"type" : "boolean",
"required" : true,
"order" : 17,
"confidential" : false,
"defaultValues" : [ false ]
},
"overridable" : false,
"values" : [ false ]
}, {
"schema" : {
"name" : "membershipConservativePolicy",
"displayName" : "Conservative membership policy",
"helpMessage" : "Conservative managing and assignment of groups to
user. The groups already assigned will not be removed.",
"type" : "boolean",
"required" : false,
"order" : 18,
"confidential" : false,
"defaultValues" : [ false ]
},
"overridable" : false,
"values" : [ false ]
}, {
"schema" : {
"name" : "defaultIdAttribute",
"displayName" : "Default Uid",
"helpMessage" : "The name of the attribute which is mapped to the id
attribute in case of object different from account and group. Default is
\"cn\".",
"type" : "java.lang.String",
"required" : false,
"order" : 19,
"confidential" : false,
"defaultValues" : [ "cn" ]
},
"overridable" : false,
"values" : [ "cn" ]
}, {
"schema" : {
"name" : "uidAttribute",
"displayName" : "Uid Attribute",
"helpMessage" : "The name of the attribute which is mapped to the Uid
attribute. Default is \"sAMAccountName\".",
"type" : "java.lang.String",
"required" : false,
"order" : 21,
"confidential" : false,
"defaultValues" : [ "sAMAccountName" ]
},
"overridable" : false,
"values" : [ "cn" ]
}, {
"schema" : {
"name" : "gidAttribute",
"displayName" : "Uid Attribute for groups",
"helpMessage" : "The name of the attribute which is mapped to the Uid
attribute for groups. Default is \"sAMAccountName\".",
"type" : "java.lang.String",
"required" : false,
"order" : 22,
"confidential" : false,
"defaultValues" : [ "sAMAccountName" ]
},
"overridable" : false,
"values" : [ "sAMAccountName" ]
}, {
"schema" : {
"name" : "objectClassesToSynchronize",
"displayName" : "Object classes to synchronize",
"helpMessage" : "Specify object classes to identify entry to
synchronize",
"type" : "[Ljava.lang.String;",
"required" : false,
"order" : 25,
"confidential" : false,
"defaultValues" : [ "user" ]
},
"overridable" : false,
"values" : [ "user", "OrganizationalUnit" ]
} ],
"capabilities" : [ "SEARCH", "AUTHENTICATE", "UPDATE", "CREATE", "DELETE",
"SYNC" ]
}
Resource:
{
"key" : "AD Resource",
"connector" : "79e9e401-214c-4647-a9e4-01214c56475c",
"connectorDisplayName" : "Hyrule AD",
"orgUnit" : null,
"propagationPriority" : 1,
"randomPwdIfNotProvided" : true,
"enforceMandatoryCondition" : true,
"createTraceLevel" : "ALL",
"updateTraceLevel" : "ALL",
"deleteTraceLevel" : "ALL",
"provisioningTraceLevel" : "ALL",
"passwordPolicy" : null,
"accountPolicy" : null,
"pullPolicy" : null,
"pushPolicy" : null,
"overrideCapabilities" : false,
"provisions" : [ {
"key" : "5a2f4235-2fc1-4b10-af42-352fc12b1097",
"anyType" : "GROUP",
"objectClass" : "__GROUP__",
"syncToken" : null,
"ignoreCaseMatch" : true,
"uidOnCreate" : null,
"mapping" : {
"connObjectLink" : "\"cn=\"+name+\",OU=Groups,DC=Hyrule,DC=int\"",
"connObjectKeyItem" : {
"key" : "3cebbf86-5482-4127-abbf-86548261270c",
"intAttrName" : "name",
"extAttrName" : "sAMAccountName",
"connObjectKey" : true,
"password" : false,
"mandatoryCondition" : "true",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
},
"items" : [ {
"key" : "25808e6c-edb6-475b-808e-6cedb6c75b89",
"intAttrName" : "name",
"extAttrName" : "description",
"connObjectKey" : false,
"password" : false,
"mandatoryCondition" : "false",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
}, {
"key" : "3cebbf86-5482-4127-abbf-86548261270c",
"intAttrName" : "name",
"extAttrName" : "sAMAccountName",
"connObjectKey" : true,
"password" : false,
"mandatoryCondition" : "true",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
}, {
"key" : "674b9738-8fc4-46b1-8b97-388fc4d6b187",
"intAttrName" : "name",
"extAttrName" : "cn",
"connObjectKey" : false,
"password" : false,
"mandatoryCondition" : "false",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
}, {
"key" : "f70b1210-79ae-47d3-8b12-1079ae47d36f",
"intAttrName" : "name",
"extAttrName" : "sAMAccountNAme",
"connObjectKey" : false,
"password" : false,
"mandatoryCondition" : "false",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
} ],
"linkingItems" : [ ]
},
"auxClasses" : [ ],
"virSchemas" : [ ]
}, {
"key" : "93de39d6-b2ca-4d4c-9e39-d6b2cafd4c66",
"anyType" : "USER",
"objectClass" : "__ACCOUNT__",
"syncToken" : null,
"ignoreCaseMatch" : true,
"uidOnCreate" : null,
"mapping" : {
"connObjectLink" : "\"CN=\"+username+\",CN=Users,DC=Hyrule,DC=int\"",
"connObjectKeyItem" : {
"key" : "c35d1ea1-e6f3-41ab-9d1e-a1e6f3e1ab65",
"intAttrName" : "username",
"extAttrName" : "sAMAccountName",
"connObjectKey" : true,
"password" : false,
"mandatoryCondition" : "true",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
},
"items" : [ {
"key" : "2c6e565f-2ecf-4007-ae56-5f2ecf30073a",
"intAttrName" : "email",
"extAttrName" : "mail",
"connObjectKey" : false,
"password" : false,
"mandatoryCondition" : "false",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
}, {
"key" : "7a58c0a4-b85a-4696-98c0-a4b85a269656",
"intAttrName" : "password",
"extAttrName" : "__PASSWORD__",
"connObjectKey" : false,
"password" : true,
"mandatoryCondition" : "true",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
}, {
"key" : "7e46a17e-186b-499f-86a1-7e186bc99f66",
"intAttrName" : "AD_UPN",
"extAttrName" : "userprincipalname",
"connObjectKey" : false,
"password" : false,
"mandatoryCondition" : "false",
"purpose" : "PROPAGATION",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
}, {
"key" : "c35d1ea1-e6f3-41ab-9d1e-a1e6f3e1ab65",
"intAttrName" : "username",
"extAttrName" : "sAMAccountName",
"connObjectKey" : true,
"password" : false,
"mandatoryCondition" : "true",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
} ],
"linkingItems" : [ {
"key" : null,
"intAttrName" : "UPN",
"extAttrName" : "userPrincipalName",
"connObjectKey" : false,
"password" : false,
"mandatoryCondition" : "false",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
} ]
},
"auxClasses" : [ ],
"virSchemas" : [ "UPN" ]
} ],
"confOverride" : [ ],
"capabilitiesOverride" : [ "SEARCH", "AUTHENTICATE", "UPDATE", "CREATE",
"DELETE", "SYNC" ],
"propagationActions" : [ "LDAPMembershipPropogationActions" ]
}
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
