incubator-syncope-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antony Pulicken <antony.pulic...@gmail.com>
Subject Re: [connid-users] Re: Syncope | Error while provisioning user to LDAP
Date Thu, 15 Mar 2012 15:22:18 GMT
Hi Fabio,

Do you have any idea why the Username is not getting populated on the
account link? Is it working on your side ? Please let me know.

Regards,
Antony.

On Thu, Mar 15, 2012 at 4:23 PM, Antony Pulicken
<antony.pulicken@gmail.com>wrote:

> I had tried that before and tried it again now. If I configure 'Username'
> in the account link, LDAP create will fail with this error:
>
> uid=,ou=people,dc=opensso,dc=java,dc=net: [LDAP: error code 34 - The provided value "uid=,ou=people,dc=opensso,dc=java,dc=net"
>
> could not be parsed as a valid distinguished name because an attribute value started
with a character at position 5 that needs to be escaped]
>
>
> Even though the user is created in syncope with a valid 'Username', it
> doesn't get populated in the account link and that is why I added uid as a
> workaround. Seems like a defect to me. What do you think?
>
> Regards,
> Antony.
>
>
> On Thu, Mar 15, 2012 at 3:57 PM, Fabio Martelli <fabio.martelli@gmail.com>wrote:
>
>>
>> Il giorno 15/mar/2012, alle ore 10.59, Antony Pulicken ha scritto:
>>
>> Thanks a lot Fabio and get well soon :-)
>>
>> 1. We are using OpenDS
>>
>> 2. I have attached the screenshots of mapping and the connector
>> configuration
>>
>> I'm facing another issue now. I doubt it is occurring because the LDAP
>> connector configuration is incorrect. The issue is the updates from AD are
>> not getting synced to LDAP. When an update happens in AD, it's getting
>> synced to syncope and then the LDAP search is getting invoked. Even though
>> the user exists in LDAP, it's returning null and because of that Create is
>> getting triggered. Can you please take a look at the configuration and spot
>> anything that is obvious ?
>>
>>
>> Hi Antony,
>> you are using uid in your AccountLink and Username as AccountId --> this
>> could generate problems ....
>>
>> 1. Consider that in this way syncope will create users with specified DN
>> (AccountLink) but it will search for users using the Username
>> 2. In a certain way you are creating an entry specifying two UIDs:  as
>> far as I know, this happens because you are creating an entry specifying
>> the dn (including the former uid value) and the uid attribute (latter uid
>> value). This is absolutely normal if and only if the two UIDs are the same.
>>
>> Can you try to use Username into the AccountLink as well.
>>
>> Regards,
>> F.
>>
>>
>> Regards,
>> Antony.
>>
>>
>>
>> On Thu, Mar 15, 2012 at 1:33 PM, Fabio Martelli <fabio.martelli@gmail.com
>> > wrote:
>>
>>> Hi Antony, could you give me more info to reproduce the problem?
>>>
>>> 1. What ldap server are you using?
>>> 2. Can you provide your connector configuration screenshot?
>>>
>>> I am sick at the moment but  I will do my best to reply to you asap.
>>>
>>> Regards,
>>> F.
>>> Il giorno 14/mar/2012 04:39, "Antony Pulicken" <
>>> antony.pulicken@gmail.com> ha scritto:
>>>
>>>  Thanks fabio for the response. I removed the Uid attribute mapping, but
>>>> the result is the same.  The javax.naming.directory.Attributes object
>>>> passed to the LdapSchemaMapping.create() still has 'entryuuid=entryUUID:
>>>> user314' as one of the value and it fails if I don't add the check that I
>>>> mentioned in my earlier mail.
>>>>
>>>> Regards,
>>>> Antony.
>>>>
>>>> On Tue, Mar 13, 2012 at 3:32 PM, Fabio Martelli <
>>>> fabio.martelli@gmail.com> wrote:
>>>>
>>>>>
>>>>> Il giorno 13/mar/2012, alle ore 06.43, Antony Pulicken ha scritto:
>>>>>
>>>>> Attaching the screenshots again as there was some issue last time....
>>>>>
>>>>> On Tue, Mar 13, 2012 at 11:08 AM, Antony Pulicken <
>>>>> antony.pulicken@gmail.com> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I'm getting the following error while provisioning a user from
>>>>>> syncope to LDAP.
>>>>>>
>>>>>> org.identityconnectors.framework.common.exceptions.ConnectorException:
>>>>>> javax.naming.OperationNotSupportedException: [LDAP: error code 53
- Entry
>>>>>> uid=user201,ou=people,dc=opensso,dc=java,dc=net cannot be added because
it
>>>>>> includes attribute *entryUUID* which is defined as
>>>>>> NO-USER-MODIFICATION in the server schema]; remaining name
>>>>>> 'uid=user201,ou=people,dc=opensso,dc=java,dc=net'
>>>>>>     at
>>>>>> org.identityconnectors.ldap.schema.LdapSchemaMapping.create(LdapSchemaMapping.java:325)
>>>>>> ~[na:na]
>>>>>>     at
>>>>>> org.identityconnectors.ldap.modify.LdapCreate$1.access(LdapCreate.java:144)
>>>>>> ~[na:na]
>>>>>>     at
>>>>>> org.identityconnectors.ldap.schema.GuardedPasswordAttribute$Simple$1.access(GuardedPasswordAttribute.java:75)
>>>>>> ~[na:na]
>>>>>>
>>>>>> I think the attribute '*entryUUID'* is getting included because we
>>>>>> are setting one of the field/mapping as the account Id (and it's
mandatory
>>>>>> to do that in Syncope).
>>>>>>
>>>>>> It worked only when I added a check for '*entryUUID' *and excluded
>>>>>> the same from the attributes while creating the sub context in the
LDAP
>>>>>> connector code (LdapSchemaMapping.create()). Please let me know whether
>>>>>> there is any better way to make it work?
>>>>>>
>>>>>> I have also attached the screen shot of my LDAP Resource mapping
un
>>>>>> syncope.
>>>>>>
>>>>>
>>>>> Hi Antony,
>>>>> you don't have to map uid. Uid attribute mapping will be generated
>>>>> implicitly  be defining the AccountId.
>>>>>
>>>>> Let me know if the problem persists.
>>>>>
>>>>> Regards,
>>>>> F.
>>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Antony.
>>>>>>
>>>>>
>>>>> <Screen Shot 2012-03-13 at 11.12.23 AM.png><Screen Shot 2012-03-13
at
>>>>> 11.12.43 AM.png>
>>>>>
>>>>>
>>>>>
>>>>
>> <Screen Shot 2012-03-15 at 3.26.51 PM.png><Screen Shot 2012-03-15 at
>> 3.27.08 PM.png><Screen Shot 2012-03-15 at 3.28.07 PM.png>
>>
>>
>>
>

Mime
View raw message