Hi Fabio, Further to the mail below, please find the log messages from OpenDS, especially the line that I have highlighted in bold. Please let me know your comments.
[15/Mar/2012:11:17:34 +0100] SEARCH REQ conn=12 op=17 msgID=18 base="" scope=baseObject filter="(objectClass=*)" attrs="subschemaSubentry" [15/Mar/2012:11:17:34 +0100] SEARCH RES conn=12 op=17 msgID=18 result=0 nentries=1 etime=1 [15/Mar/2012:11:17:34 +0100] SEARCH REQ conn=12 op=18 msgID=19 *base="ou=people,dc=opensso,dc=java,dc=net" scope=wholeSubtree filter="(&(&(objectClass=top)(objectClass=person)(objectClass=organizationalPerson)(objectClass=inetOrgPerson))(entryUUID=syncopeuser004))" *attrs="audio,businessCategory,carLicense,cn,departmentNumber,description,destinationIndicator,displayName,employeeNumber,employeeType,entryUUID,facsimileTelephoneNumber,givenName,homePhone,homePostalAddress,initials,internationaliSDNNumber,jpegPhoto,l,labeledURI,mail,manager,mobile,o,objectClass,ou,pager,photo,physicalDeliveryOfficeName,postalAddress,postalCode,postOfficeBox,preferredDeliveryMethod,preferredLanguage,registeredAddress,roomNumber,secretary,seeAlso,sn,st,street,telephoneNumber,teletexTerminalIdentifier,telexNumber,title,uid,userCertificate;binary,userPassword,userPKCS12,userSMIMECertificate,x121Address,x500UniqueIdentifier" [15/Mar/2012:11:17:34 +0100] SEARCH RES conn=12 op=18 msgID=19 result=0 nentries=0 etime=4 [15/Mar/2012:11:17:34 +0100] SEARCH REQ conn=12 op=19 msgID=20 base="" scope=baseObject filter="(objectClass=*)" attrs="subschemaSubentry" [15/Mar/2012:11:17:34 +0100] SEARCH RES conn=12 op=19 msgID=20 result=0 nentries=1 etime=1 [15/Mar/2012:11:17:34 +0100] ADD REQ conn=12 op=20 msgID=21 dn="uid=syncopeuser004,ou=people,dc=opensso,dc=java,dc=net" [15/Mar/2012:11:17:34 +0100] ADD RES conn=12 op=20 msgID=21 result=68 message="The entry uid=syncopeuser004,ou=people,dc=opensso,dc=java,dc=net cannot be added because an entry with that name already exists" etime=1 [15/Mar/2012:11:18:57 +0100] SEARCH REQ conn=12 op=21 msgID=22 base="" scope=baseObject filter="(objectClass=*)" attrs="subschemaSubentry" [15/Mar/2012:11:18:57 +0100] SEARCH RES conn=12 op=21 msgID=22 result=0 nentries=1 etime=0 Regards, Antony. On Thu, Mar 15, 2012 at 3:29 PM, Antony Pulicken <[email protected]>wrote: > Thanks a lot Fabio and get well soon :-) > > 1. We are using OpenDS > 2. I have attached the screenshots of mapping and the connector > configuration > > I'm facing another issue now. I doubt it is occurring because the LDAP > connector configuration is incorrect. The issue is the updates from AD are > not getting synced to LDAP. When an update happens in AD, it's getting > synced to syncope and then the LDAP search is getting invoked. Even though > the user exists in LDAP, it's returning null and because of that Create is > getting triggered. Can you please take a look at the configuration and spot > anything that is obvious ? > > Regards, > Antony. > > > > > On Thu, Mar 15, 2012 at 1:33 PM, Fabio Martelli > <[email protected]>wrote: > >> Hi Antony, could you give me more info to reproduce the problem? >> >> 1. What ldap server are you using? >> 2. Can you provide your connector configuration screenshot? >> >> I am sick at the moment but I will do my best to reply to you asap. >> >> Regards, >> F. >> Il giorno 14/mar/2012 04:39, "Antony Pulicken" <[email protected]> >> ha scritto: >> >> Thanks fabio for the response. I removed the Uid attribute mapping, but >>> the result is the same. The javax.naming.directory.Attributes object >>> passed to the LdapSchemaMapping.create() still has 'entryuuid=entryUUID: >>> user314' as one of the value and it fails if I don't add the check that I >>> mentioned in my earlier mail. >>> >>> Regards, >>> Antony. >>> >>> On Tue, Mar 13, 2012 at 3:32 PM, Fabio Martelli < >>> [email protected]> wrote: >>> >>>> >>>> Il giorno 13/mar/2012, alle ore 06.43, Antony Pulicken ha scritto: >>>> >>>> Attaching the screenshots again as there was some issue last time.... >>>> >>>> On Tue, Mar 13, 2012 at 11:08 AM, Antony Pulicken < >>>> [email protected]> wrote: >>>> >>>>> Hi, >>>>> >>>>> I'm getting the following error while provisioning a user from syncope >>>>> to LDAP. >>>>> >>>>> org.identityconnectors.framework.common.exceptions.ConnectorException: >>>>> javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Entry >>>>> uid=user201,ou=people,dc=opensso,dc=java,dc=net cannot be added because it >>>>> includes attribute *entryUUID* which is defined as >>>>> NO-USER-MODIFICATION in the server schema]; remaining name >>>>> 'uid=user201,ou=people,dc=opensso,dc=java,dc=net' >>>>> at >>>>> org.identityconnectors.ldap.schema.LdapSchemaMapping.create(LdapSchemaMapping.java:325) >>>>> ~[na:na] >>>>> at >>>>> org.identityconnectors.ldap.modify.LdapCreate$1.access(LdapCreate.java:144) >>>>> ~[na:na] >>>>> at >>>>> org.identityconnectors.ldap.schema.GuardedPasswordAttribute$Simple$1.access(GuardedPasswordAttribute.java:75) >>>>> ~[na:na] >>>>> >>>>> I think the attribute '*entryUUID'* is getting included because we >>>>> are setting one of the field/mapping as the account Id (and it's mandatory >>>>> to do that in Syncope). >>>>> >>>>> It worked only when I added a check for '*entryUUID' *and excluded >>>>> the same from the attributes while creating the sub context in the LDAP >>>>> connector code (LdapSchemaMapping.create()). Please let me know whether >>>>> there is any better way to make it work? >>>>> >>>>> I have also attached the screen shot of my LDAP Resource mapping un >>>>> syncope. >>>>> >>>> >>>> Hi Antony, >>>> you don't have to map uid. Uid attribute mapping will be generated >>>> implicitly be defining the AccountId. >>>> >>>> Let me know if the problem persists. >>>> >>>> Regards, >>>> F. >>>> >>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Regards, >>>>> Antony. >>>>> >>>> >>>> <Screen Shot 2012-03-13 at 11.12.23 AM.png><Screen Shot 2012-03-13 at >>>> 11.12.43 AM.png> >>>> >>>> >>>> >>> >
