incubator-syncope-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antony Pulicken <antony.pulic...@gmail.com>
Subject Re: [connid-users] Re: Syncope | Error while provisioning user to LDAP
Date Thu, 15 Mar 2012 10:26:42 GMT
Hi Fabio,

Further to the mail below, please find the log messages from OpenDS,
especially the line that I have highlighted in bold. Please let me know
your comments.

[15/Mar/2012:11:17:34 +0100] SEARCH REQ conn=12 op=17 msgID=18 base=""
scope=baseObject filter="(objectClass=*)" attrs="subschemaSubentry"
[15/Mar/2012:11:17:34 +0100] SEARCH RES conn=12 op=17 msgID=18 result=0
nentries=1 etime=1
[15/Mar/2012:11:17:34 +0100] SEARCH REQ conn=12 op=18 msgID=19
*base="ou=people,dc=opensso,dc=java,dc=net"
scope=wholeSubtree
filter="(&(&(objectClass=top)(objectClass=person)(objectClass=organizationalPerson)(objectClass=inetOrgPerson))(entryUUID=syncopeuser004))"
*attrs="audio,businessCategory,carLicense,cn,departmentNumber,description,destinationIndicator,displayName,employeeNumber,employeeType,entryUUID,facsimileTelephoneNumber,givenName,homePhone,homePostalAddress,initials,internationaliSDNNumber,jpegPhoto,l,labeledURI,mail,manager,mobile,o,objectClass,ou,pager,photo,physicalDeliveryOfficeName,postalAddress,postalCode,postOfficeBox,preferredDeliveryMethod,preferredLanguage,registeredAddress,roomNumber,secretary,seeAlso,sn,st,street,telephoneNumber,teletexTerminalIdentifier,telexNumber,title,uid,userCertificate;binary,userPassword,userPKCS12,userSMIMECertificate,x121Address,x500UniqueIdentifier"
[15/Mar/2012:11:17:34 +0100] SEARCH RES conn=12 op=18 msgID=19 result=0
nentries=0 etime=4
[15/Mar/2012:11:17:34 +0100] SEARCH REQ conn=12 op=19 msgID=20 base=""
scope=baseObject filter="(objectClass=*)" attrs="subschemaSubentry"
[15/Mar/2012:11:17:34 +0100] SEARCH RES conn=12 op=19 msgID=20 result=0
nentries=1 etime=1
[15/Mar/2012:11:17:34 +0100] ADD REQ conn=12 op=20 msgID=21
dn="uid=syncopeuser004,ou=people,dc=opensso,dc=java,dc=net"
[15/Mar/2012:11:17:34 +0100] ADD RES conn=12 op=20 msgID=21 result=68
message="The entry uid=syncopeuser004,ou=people,dc=opensso,dc=java,dc=net
cannot be added because an entry with that name already exists" etime=1
[15/Mar/2012:11:18:57 +0100] SEARCH REQ conn=12 op=21 msgID=22 base=""
scope=baseObject filter="(objectClass=*)" attrs="subschemaSubentry"
[15/Mar/2012:11:18:57 +0100] SEARCH RES conn=12 op=21 msgID=22 result=0
nentries=1 etime=0


Regards,
Antony.

On Thu, Mar 15, 2012 at 3:29 PM, Antony Pulicken
<antony.pulicken@gmail.com>wrote:

> Thanks a lot Fabio and get well soon :-)
>
> 1. We are using OpenDS
> 2. I have attached the screenshots of mapping and the connector
> configuration
>
> I'm facing another issue now. I doubt it is occurring because the LDAP
> connector configuration is incorrect. The issue is the updates from AD are
> not getting synced to LDAP. When an update happens in AD, it's getting
> synced to syncope and then the LDAP search is getting invoked. Even though
> the user exists in LDAP, it's returning null and because of that Create is
> getting triggered. Can you please take a look at the configuration and spot
> anything that is obvious ?
>
> Regards,
> Antony.
>
>
>
>
> On Thu, Mar 15, 2012 at 1:33 PM, Fabio Martelli <fabio.martelli@gmail.com>wrote:
>
>> Hi Antony, could you give me more info to reproduce the problem?
>>
>> 1. What ldap server are you using?
>> 2. Can you provide your connector configuration screenshot?
>>
>> I am sick at the moment but  I will do my best to reply to you asap.
>>
>> Regards,
>> F.
>> Il giorno 14/mar/2012 04:39, "Antony Pulicken" <antony.pulicken@gmail.com>
>> ha scritto:
>>
>>  Thanks fabio for the response. I removed the Uid attribute mapping, but
>>> the result is the same.  The javax.naming.directory.Attributes object
>>> passed to the LdapSchemaMapping.create() still has 'entryuuid=entryUUID:
>>> user314' as one of the value and it fails if I don't add the check that I
>>> mentioned in my earlier mail.
>>>
>>> Regards,
>>> Antony.
>>>
>>> On Tue, Mar 13, 2012 at 3:32 PM, Fabio Martelli <
>>> fabio.martelli@gmail.com> wrote:
>>>
>>>>
>>>> Il giorno 13/mar/2012, alle ore 06.43, Antony Pulicken ha scritto:
>>>>
>>>> Attaching the screenshots again as there was some issue last time....
>>>>
>>>> On Tue, Mar 13, 2012 at 11:08 AM, Antony Pulicken <
>>>> antony.pulicken@gmail.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I'm getting the following error while provisioning a user from syncope
>>>>> to LDAP.
>>>>>
>>>>> org.identityconnectors.framework.common.exceptions.ConnectorException:
>>>>> javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Entry
>>>>> uid=user201,ou=people,dc=opensso,dc=java,dc=net cannot be added because
it
>>>>> includes attribute *entryUUID* which is defined as
>>>>> NO-USER-MODIFICATION in the server schema]; remaining name
>>>>> 'uid=user201,ou=people,dc=opensso,dc=java,dc=net'
>>>>>     at
>>>>> org.identityconnectors.ldap.schema.LdapSchemaMapping.create(LdapSchemaMapping.java:325)
>>>>> ~[na:na]
>>>>>     at
>>>>> org.identityconnectors.ldap.modify.LdapCreate$1.access(LdapCreate.java:144)
>>>>> ~[na:na]
>>>>>     at
>>>>> org.identityconnectors.ldap.schema.GuardedPasswordAttribute$Simple$1.access(GuardedPasswordAttribute.java:75)
>>>>> ~[na:na]
>>>>>
>>>>> I think the attribute '*entryUUID'* is getting included because we
>>>>> are setting one of the field/mapping as the account Id (and it's mandatory
>>>>> to do that in Syncope).
>>>>>
>>>>> It worked only when I added a check for '*entryUUID' *and excluded
>>>>> the same from the attributes while creating the sub context in the LDAP
>>>>> connector code (LdapSchemaMapping.create()). Please let me know whether
>>>>> there is any better way to make it work?
>>>>>
>>>>> I have also attached the screen shot of my LDAP Resource mapping un
>>>>> syncope.
>>>>>
>>>>
>>>> Hi Antony,
>>>> you don't have to map uid. Uid attribute mapping will be generated
>>>> implicitly  be defining the AccountId.
>>>>
>>>> Let me know if the problem persists.
>>>>
>>>> Regards,
>>>> F.
>>>>
>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Regards,
>>>>> Antony.
>>>>>
>>>>
>>>> <Screen Shot 2012-03-13 at 11.12.23 AM.png><Screen Shot 2012-03-13
at
>>>> 11.12.43 AM.png>
>>>>
>>>>
>>>>
>>>
>

Mime
View raw message