incubator-syncope-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fabio Martelli <fabio.marte...@gmail.com>
Subject Re: [connid-users] Re: Syncope | Error while provisioning user to LDAP
Date Thu, 15 Mar 2012 14:26:32 GMT

Il giorno 15/mar/2012, alle ore 11.52, Emmanuel Lécharny ha scritto:

> Le 3/15/12 11:27 AM, Fabio Martelli a écrit :
>> Il giorno 15/mar/2012, alle ore 10.59, Antony Pulicken ha scritto:
>> 
>>> Thanks a lot Fabio and get well soon :-)
>>> 
>>> 1. We are using OpenDS
>>> 2. I have attached the screenshots of mapping and the connector configuration
>>> 
>>> I'm facing another issue now. I doubt it is occurring because the LDAP connector
configuration is incorrect. The issue is the updates from AD are not getting synced to LDAP.
When an update happens in AD, it's getting synced to syncope and then the LDAP search is getting
invoked. Even though the user exists in LDAP, it's returning null and because of that Create
is getting triggered. Can you please take a look at the configuration and spot anything that
is obvious ?
>> Hi Antony,
>> you are using uid in your AccountLink and Username as AccountId -->  this could
generate problems ....
>> 
>> 1. Consider that in this way syncope will create users with specified DN (AccountLink)
but it will search for users using the Username
>> 2. In a certain way you are creating an entry specifying two UIDs:  as far as I know,
this happens because you are creating an entry specifying the dn (including the former uid
value) and the uid attribute (latter uid value). This is absolutely normal if and only if
the two UIDs are the same.
> 
> FYI, a decent LDAP server will add the uid found in the DN if it's not present in the
entry. For instance, adding :
> 
> dn: uid=jdoe,dc=example,dc=com
> ...
> uid:jacme
> ...
> 
> will create this entry :
> dn: uid=jdoe,dc=example,dc=com
> ...
> uid: jacme
> uid: jdoe
> ...
> 
> as the uid AT is multi-valued.
> 
> Now, this might not be the expected things.

This is exactly what I mean.
Thank you Emmanuel for your observation.

Regards,
F.

> -- 
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
> 


Mime
View raw message