Re: Key violation
On 2016-06-22 23:55 Jonas Israelsson wrote: Greetings. Quite new to syncope but I'm seeing some rather strange behaviour, and could use some guidance. Glad of your interest in Apache Syncope! Running 2.0.0-M3 and have hooked up a connector to my openldap server. First sync, no problem all users are placed in the local storage. Second sync however, even though the sync is marked as successful I see from the logs syncope are trying to reinsert all entrys to the local storage and fail due to key violation. I have set the matching rule to update, and use the uid as remote key, mapped to the local username field. Can I create this behaviour by misconfiguration, or do we have a bug here ? It is quite common to fall into such issues when configuring an LDAP resource; please take this (quite old, but still applying) post of mine as reference: http://blog.tirasa.net/unlock-full-ldap-features-in.html Please let me know if that improves the situation. HTH Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Involved at The Apache Software Foundation: member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF Committer, OpenJPA Committer, PonyMail PPMC http://home.apache.org/~ilgrosso/
Key violation
Greetings.
Quite new to syncope but I'm seeing some rather strange behaviour, and
could use some guidance.
Running 2.0.0-M3 and have hooked up a connector to my openldap server.
First sync, no problem all users are placed in the local storage. Second
sync however, even though the sync is marked as successful I see from
the logs syncope are trying to reinsert all entrys to
the local storage and fail due to key violation. I have set the
matching rule to update, and use the uid as remote key, mapped to the
local username field.
Can I create this behaviour by misconfiguration, or do we have a bug here ?
example of an failing enrty:
Users failed to create: CREATE FAILURE (key/name): null/felicia with message:
JdbcSQLException: Unique index or primary key violation: "U_SYNCPSR_USERNAME_INDEX_6
ON PUBLIC.SYNCOPEUSER(USERNAME) VALUES ('felicia', 2629)";
SQL statement: INSERT INTO SyncopeUser (id, creationDate, creator,
lastChangeDate, lastModifier, status, workflowId, changePwdDate,
cipherAlgorithm, failedLogins, lastLoginDate, mustChangePassword, password,
securityAnswer,
suspended, token, tokenExpireTime, username, REALM_ID, SECURITYQUESTION_ID)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) [23505-192]
Running a standalone server with the embedded/bundled database as
internal storage.
Brgds,
Jonas
Error, when propagate of Active directory to syncope
I could connect to Active Directory but can not remove users to syncope, this without ssl my configuration is as follows, any ideas ??? please, the configuration is in the pictures following http://macateno.net84.net/syncope/1 http://macateno.net84.net/syncope/2 http://macateno.net84.net/syncope/3 http://macateno.net84.net/syncope/4 http://macateno.net84.net/syncope/5 http://macateno.net84.net/syncope/6 http://macateno.net84.net/syncope/7 please, any ideas ??? please -- View this message in context: http://syncope-user.1051894.n5.nabble.com/Error-when-propagate-of-Active-directory-to-syncope-tp5708476.html Sent from the syncope-user mailing list archive at Nabble.com.
Re: 2.0.0-M3 Connector test error
Done: https://issues.apache.org/jira/browse/SYNCOPE-875 Thanks, Colm. On Wed, Jun 22, 2016 at 4:50 PM, Francesco Chicchiriccò wrote: > I am also able to reproduce this error in the demo available at > > http://syncope-vm.apache.org:9080/syncope-console/ > > so it sounds like a bug. > > Colm, would you mind opening an issue for it? Thanks. > > Regards. > > On 22/06/2016 17:35, Colm O hEigeartaigh wrote: > > For the record, I get the same error in the original standalone > distribution for 2.0.0-M3 without any config changes. Just create a new > LDAP Connector, enter the values + try to test it. > > Colm. > > On Wed, Jun 22, 2016 at 4:25 PM, Colm O hEigeartaigh > wrote: > >> Hi Francesco, >> >> On Wed, Jun 22, 2016 at 4:22 PM, Francesco Chicchiriccò < >> ilgro...@apache.org> wrote: >> >>> >>> >>> I suppose you are creating a new LDAP connector instance from scratch, >>> via admin console; correct? >>> >> >> Yup correct. Connecting to an OpenDS LDAP server. >> >> >>> >>> Also, are you starting with an empty storage or using test data (as from >>> standalone distribution, for example)? >>> >> >> I started by taking the standalone distribution and swapping the >> MasterContent.xml from the syncope source >> (/core/persistence-jpa/src/main/resources/domains/MasterContent.xml) into >> the standalone distribution, so as to start with a "clean" >> users/groups/connectors etc. >> >> Thanks, >> >> Colm. >> > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellencehttp://www.tirasa.net/ > > Involved at The Apache Software Foundation: > member, Syncope PMC chair, Cocoon PMC, Olingo PMC, > CXF Committer, OpenJPA Committer, PonyMail > PPMChttp://home.apache.org/~ilgrosso/ > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Re: 2.0.0-M3 Connector test error
I am also able to reproduce this error in the demo available at http://syncope-vm.apache.org:9080/syncope-console/ so it sounds like a bug. Colm, would you mind opening an issue for it? Thanks. Regards. On 22/06/2016 17:35, Colm O hEigeartaigh wrote: For the record, I get the same error in the original standalone distribution for 2.0.0-M3 without any config changes. Just create a new LDAP Connector, enter the values + try to test it. Colm. On Wed, Jun 22, 2016 at 4:25 PM, Colm O hEigeartaigh mailto:cohei...@apache.org>> wrote: Hi Francesco, On Wed, Jun 22, 2016 at 4:22 PM, Francesco Chicchiriccò mailto:ilgro...@apache.org>> wrote: I suppose you are creating a new LDAP connector instance from scratch, via admin console; correct? Yup correct. Connecting to an OpenDS LDAP server. Also, are you starting with an empty storage or using test data (as from standalone distribution, for example)? I started by taking the standalone distribution and swapping the MasterContent.xml from the syncope source (/core/persistence-jpa/src/main/resources/domains/MasterContent.xml) into the standalone distribution, so as to start with a "clean" users/groups/connectors etc. Thanks, Colm. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Involved at The Apache Software Foundation: member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF Committer, OpenJPA Committer, PonyMail PPMC http://home.apache.org/~ilgrosso/
Re: 2.0.0-M3 Connector test error
For the record, I get the same error in the original standalone distribution for 2.0.0-M3 without any config changes. Just create a new LDAP Connector, enter the values + try to test it. Colm. On Wed, Jun 22, 2016 at 4:25 PM, Colm O hEigeartaigh wrote: > Hi Francesco, > > On Wed, Jun 22, 2016 at 4:22 PM, Francesco Chicchiriccò < > ilgro...@apache.org> wrote: > >> >> >> I suppose you are creating a new LDAP connector instance from scratch, >> via admin console; correct? >> > > Yup correct. Connecting to an OpenDS LDAP server. > > >> >> Also, are you starting with an empty storage or using test data (as from >> standalone distribution, for example)? >> > > I started by taking the standalone distribution and swapping the > MasterContent.xml from the syncope source > (/core/persistence-jpa/src/main/resources/domains/MasterContent.xml) into > the standalone distribution, so as to start with a "clean" > users/groups/connectors etc. > > Thanks, > > Colm. > > >> >> -- >> Francesco Chicchiriccò >> >> Tirasa - Open Source Excellence >> http://www.tirasa.net/ >> >> Involved at The Apache Software Foundation: >> member, Syncope PMC chair, Cocoon PMC, Olingo PMC, >> CXF Committer, OpenJPA Committer, PonyMail PPMC >> http://home.apache.org/~ilgrosso/ >> >> > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Re: 2.0.0-M3 Connector test error
Hi Francesco, On Wed, Jun 22, 2016 at 4:22 PM, Francesco Chicchiriccò wrote: > > > I suppose you are creating a new LDAP connector instance from scratch, via > admin console; correct? > Yup correct. Connecting to an OpenDS LDAP server. > > Also, are you starting with an empty storage or using test data (as from > standalone distribution, for example)? > I started by taking the standalone distribution and swapping the MasterContent.xml from the syncope source (/core/persistence-jpa/src/main/resources/domains/MasterContent.xml) into the standalone distribution, so as to start with a "clean" users/groups/connectors etc. Thanks, Colm. > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Involved at The Apache Software Foundation: > member, Syncope PMC chair, Cocoon PMC, Olingo PMC, > CXF Committer, OpenJPA Committer, PonyMail PPMC > http://home.apache.org/~ilgrosso/ > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
2.0.0-M3 Connector test error
Hi all, I'm seeing an error when trying to test an LDAP Connector with 2.0.0-M3: "Connection failure: RequiredValuesMissing [connectorname]" >From the logs, I can see that the connector name is null: 16:11:20.054 ERROR org.apache.syncope.client.console.rest.BaseRestClient - While checking org.apache.syncope.common.lib.to.ConnInstanceTO@548806e8[ key= location=connid://testconnectorserver@localhost:4554 connectorName= bundleName=net.tirasa.connid.bundles.ldap version=1.5.1 conf=[org.apache.syncope.common.lib.types.ConnConfProperty@1dc08e5[ schema=org.apache.syncope.common.lib.types.ConnConfPropSchema@3a2f6f01[ name=groupMemberAttribute displayName=Group Member Attribute What am I doing wrong here? I can't see anything relating to a connector name that I've left out of the configuration. Thanks, Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Re: 2.0.0-M3 Connector test error
On 22/06/2016 17:17, Colm O hEigeartaigh wrote: Hi all, I'm seeing an error when trying to test an LDAP Connector with 2.0.0-M3: "Connection failure: RequiredValuesMissing [connectorname]" From the logs, I can see that the connector name is null: 16:11:20.054 ERROR org.apache.syncope.client.console.rest.BaseRestClient - While checking org.apache.syncope.common.lib.to.ConnInstanceTO@548806e8[ key= location=connid://testconnectorserver@localhost:4554 connectorName= bundleName=net.tirasa.connid.bundles.ldap version=1.5.1 conf=[org.apache.syncope.common.lib.types.ConnConfProperty@1dc08e5[ schema=org.apache.syncope.common.lib.types.ConnConfPropSchema@3a2f6f01[ name=groupMemberAttribute displayName=Group Member Attribute What am I doing wrong here? I can't see anything relating to a connector name that I've left out of the configuration. Hi Colm, can you provide some more context? I suppose you are creating a new LDAP connector instance from scratch, via admin console; correct? Also, are you starting with an empty storage or using test data (as from standalone distribution, for example)? -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Involved at The Apache Software Foundation: member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF Committer, OpenJPA Committer, PonyMail PPMC http://home.apache.org/~ilgrosso/
Re: JDBC-LDAP Bridge Driver (WAS Re: Session expired error)
My mistake. Its version 1.2.8. Thank you. -- View this message in context: http://syncope-user.1051894.n5.nabble.com/Session-expired-error-tp5708462p5708469.html Sent from the syncope-user mailing list archive at Nabble.com.
Re: JDBC-LDAP Bridge Driver (WAS Re: Session expired error)
On 22/06/2016 10:05, ujwal wrote: Hi, Thank you for the prompt reply. I used Maven archetype version 1.0 for building the Syncope project. Version 1.0? Are you sure? I would have expected 1.2.X or 2.0.0-MX: where did you grab the Maven generate command from? Regards. -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Involved at The Apache Software Foundation: member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF Committer, OpenJPA Committer, PonyMail PPMC http://home.apache.org/~ilgrosso/
Re: JDBC-LDAP Bridge Driver (WAS Re: Session expired error)
Hi, Thank you for the prompt reply. I used Maven archetype version 1.0 for building the Syncope project. Regards, Ujwal -- View this message in context: http://syncope-user.1051894.n5.nabble.com/Session-expired-error-tp5708462p5708467.html Sent from the syncope-user mailing list archive at Nabble.com.
Re: Remove membership via REST call
Thank you Francesco!
2016-06-22 9:49 GMT+02:00 Francesco Chicchiriccò :
> On 22/06/2016 09:38, Antonio Ciancio wrote:
>
>> Hi,
>>
>> I'm trying to remove membership via REST call in syncope 1.2.5.
>>
>> I made a POST request using the rest method "/syncope/rest/users/user_id"
>> and this payload:
>>
>> {"membershipsToRemove": [{"role": "group_id"}]}
>>
>> but something goes wrong.
>>
>> Any suggestions?
>>
>
> Hi,
> take a look at the REST reference, available at
>
> http://syncope.apache.org/rest/1.2/index.html
>
> for the latest 1.2 release available (1.2.8) or check the one available
> with your deployment at
>
> /syncope/rest/doc/
>
> Click on /users on the sidebar, then on /{userId}, finally on "POST
> (update)": a popup will appear with the request content type
> (syncope1:userMod); if you click on that, you will be able to browse the
> XSD schema for that.
>
> This as general approach.
>
> For your specific case, simply change
>
> {"membershipsToRemove": [{"role": "group_id"}]}
>
> to
>
> {"id": 113,"membershipsToRemove": [101]}
>
> assuming that user_id is 113 and the role for which you want to remove the
> membership has id 101.
>
> HTH
> Regards.
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Involved at The Apache Software Foundation:
> member, Syncope PMC chair, Cocoon PMC, Olingo PMC,
> CXF Committer, OpenJPA Committer, PonyMail PPMC
> http://home.apache.org/~ilgrosso/
>
>
>
Re: Remove membership via REST call
On 22/06/2016 09:38, Antonio Ciancio wrote:
Hi,
I'm trying to remove membership via REST call in syncope 1.2.5.
I made a POST request using the rest method
"/syncope/rest/users/user_id" and this payload:
{"membershipsToRemove": [{"role": "group_id"}]}
but something goes wrong.
Any suggestions?
Hi,
take a look at the REST reference, available at
http://syncope.apache.org/rest/1.2/index.html
for the latest 1.2 release available (1.2.8) or check the one available
with your deployment at
/syncope/rest/doc/
Click on /users on the sidebar, then on /{userId}, finally on "POST
(update)": a popup will appear with the request content type
(syncope1:userMod); if you click on that, you will be able to browse the
XSD schema for that.
This as general approach.
For your specific case, simply change
{"membershipsToRemove": [{"role": "group_id"}]}
to
{"id": 113,"membershipsToRemove": [101]}
assuming that user_id is 113 and the role for which you want to remove
the membership has id 101.
HTH
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC,
CXF Committer, OpenJPA Committer, PonyMail PPMC
http://home.apache.org/~ilgrosso/
Remove membership via REST call
Hi,
I'm trying to remove membership via REST call in syncope 1.2.5.
I made a POST request using the rest method "/syncope/rest/users/user_id"
and this payload:
{"membershipsToRemove": [{"role": "group_id"}]}
but something goes wrong.
Any suggestions?
Regards,
Antonio
JDBC-LDAP Bridge Driver (WAS Re: Session expired error)
On 22/06/2016 09:00, ujwal wrote: Hi, I am new to Syncope and LDAP and want to configure openLDAP as an internal storage for syncope. I have used jdbc-ldap bridge to do this. I have deployed the war file in tomcat and on opening the link of syncope-console I get an error of 'Session expired: please login again' directly bypassing the login page. Hi ujwal, this is definitely something that no one else here has been doing before, as fas as I know. Essentially, you are attempting to replace the RDBMS internal storage with OpenLDAP by mean of [1]. I see several problems in this approach: 1. the persistence logic in Syncope heavily relies on JPA, which is plenty of RDBMS concepts that I can hardly imagine being implemented in LDAP 2. the jdbc-ldap bridge seems quite stale: last commit is about 11 years ago [2] and last binary package > 8 years ago [3]. Hence, I would strongly suggest to go back to one of supported configurations, with H2 / PostgreSQL / MySQL / MariaDB / Oracle / SQL Server. The error you are seeing (BTW, which Syncope version are you running? And which distribution?) barely means that admin console is not able to contact the core, likely because the core could not initialize correctly. Regards. [1] http://www.openldap.org/jdbcldap/ [2] http://www.openldap.org/devel/gitweb.cgi?p=openldap-jdbcldap.git;a=summary [3] https://sourceforge.net/projects/myvd/files/jdbc%20ldap%20bridge/jdbc%20ldap%20bridge%202.1/ -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Involved at The Apache Software Foundation: member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF Committer, OpenJPA Committer, PonyMail PPMC http://home.apache.org/~ilgrosso/
Session expired error
Hi, I am new to Syncope and LDAP and want to configure openLDAP as an internal storage for syncope. I have used jdbc-ldap bridge to do this. I have deployed the war file in tomcat and on opening the link of syncope-console I get an error of 'Session expired: please login again' directly bypassing the login page. Any help would be appreciated. Ujwal -- View this message in context: http://syncope-user.1051894.n5.nabble.com/Session-expired-error-tp5708462.html Sent from the syncope-user mailing list archive at Nabble.com.
