On Mar 15, 2012, at 4:22 PM, Antony Pulicken wrote: > Hi Fabio, > > Do you have any idea why the Username is not getting populated on the account > link? Is it working on your side ? Please let me know. > > Regards, > Antony. > > On Thu, Mar 15, 2012 at 4:23 PM, Antony Pulicken <[email protected]> > wrote: > I had tried that before and tried it again now. If I configure 'Username' in > the account link, LDAP create will fail with this error: > > uid=,ou=people,dc=opensso,dc=java,dc=net: [LDAP: error code 34 - The provided > value "uid=,ou=people,dc=opensso,dc=java,dc=net" > > could not be parsed as a valid distinguished name because an attribute value > started with a character at position 5 that needs to be escaped] > > Even though the user is created in syncope with a valid 'Username', it > doesn't get populated in the account link and that is why I added uid as a > workaround. Seems like a defect to me. What do you think?
username must be written all in lower case Regards Marco > > Regards, > Antony. > > > On Thu, Mar 15, 2012 at 3:57 PM, Fabio Martelli <[email protected]> > wrote: > > Il giorno 15/mar/2012, alle ore 10.59, Antony Pulicken ha scritto: > >> Thanks a lot Fabio and get well soon :-) >> >> 1. We are using OpenDS >> 2. I have attached the screenshots of mapping and the connector configuration >> >> I'm facing another issue now. I doubt it is occurring because the LDAP >> connector configuration is incorrect. The issue is the updates from AD are >> not getting synced to LDAP. When an update happens in AD, it's getting >> synced to syncope and then the LDAP search is getting invoked. Even though >> the user exists in LDAP, it's returning null and because of that Create is >> getting triggered. Can you please take a look at the configuration and spot >> anything that is obvious ? > > Hi Antony, > you are using uid in your AccountLink and Username as AccountId --> this > could generate problems .... > > 1. Consider that in this way syncope will create users with specified DN > (AccountLink) but it will search for users using the Username > 2. In a certain way you are creating an entry specifying two UIDs: as far as > I know, this happens because you are creating an entry specifying the dn > (including the former uid value) and the uid attribute (latter uid value). > This is absolutely normal if and only if the two UIDs are the same. > > Can you try to use Username into the AccountLink as well. > > Regards, > F. > >> >> Regards, >> Antony. >> >> >> >> On Thu, Mar 15, 2012 at 1:33 PM, Fabio Martelli <[email protected]> >> wrote: >> Hi Antony, could you give me more info to reproduce the problem? >> >> 1. What ldap server are you using? >> 2. Can you provide your connector configuration screenshot? >> >> I am sick at the moment but I will do my best to reply to you asap. >> >> Regards, >> F. >> >> Il giorno 14/mar/2012 04:39, "Antony Pulicken" <[email protected]> >> ha scritto: >> >> Thanks fabio for the response. I removed the Uid attribute mapping, but the >> result is the same. The javax.naming.directory.Attributes object passed to >> the LdapSchemaMapping.create() still has 'entryuuid=entryUUID: user314' as >> one of the value and it fails if I don't add the check that I mentioned in >> my earlier mail. >> >> Regards, >> Antony. >> >> On Tue, Mar 13, 2012 at 3:32 PM, Fabio Martelli <[email protected]> >> wrote: >> >> Il giorno 13/mar/2012, alle ore 06.43, Antony Pulicken ha scritto: >> >>> Attaching the screenshots again as there was some issue last time.... >>> >>> On Tue, Mar 13, 2012 at 11:08 AM, Antony Pulicken >>> <[email protected]> wrote: >>> Hi, >>> >>> I'm getting the following error while provisioning a user from syncope to >>> LDAP. >>> >>> org.identityconnectors.framework.common.exceptions.ConnectorException: >>> javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Entry >>> uid=user201,ou=people,dc=opensso,dc=java,dc=net cannot be added because it >>> includes attribute entryUUID which is defined as NO-USER-MODIFICATION in >>> the server schema]; remaining name >>> 'uid=user201,ou=people,dc=opensso,dc=java,dc=net' >>> at >>> org.identityconnectors.ldap.schema.LdapSchemaMapping.create(LdapSchemaMapping.java:325) >>> ~[na:na] >>> at >>> org.identityconnectors.ldap.modify.LdapCreate$1.access(LdapCreate.java:144) >>> ~[na:na] >>> at >>> org.identityconnectors.ldap.schema.GuardedPasswordAttribute$Simple$1.access(GuardedPasswordAttribute.java:75) >>> ~[na:na] >>> >>> I think the attribute 'entryUUID' is getting included because we are >>> setting one of the field/mapping as the account Id (and it's mandatory to >>> do that in Syncope). >>> >>> It worked only when I added a check for 'entryUUID' and excluded the same >>> from the attributes while creating the sub context in the LDAP connector >>> code (LdapSchemaMapping.create()). Please let me know whether there is any >>> better way to make it work? >>> >>> I have also attached the screen shot of my LDAP Resource mapping un syncope. >> >> Hi Antony, >> you don't have to map uid. Uid attribute mapping will be generated >> implicitly be defining the AccountId. >> >> Let me know if the problem persists. >> >> Regards, >> F. >> >>> >>> >>> >>> >>> >>> >>> Regards, >>> Antony. >>> >>> <Screen Shot 2012-03-13 at 11.12.23 AM.png><Screen Shot 2012-03-13 at >>> 11.12.43 AM.png> >> >> >> >> <Screen Shot 2012-03-15 at 3.26.51 PM.png><Screen Shot 2012-03-15 at 3.27.08 >> PM.png><Screen Shot 2012-03-15 at 3.28.07 PM.png> > > > -- Dott. Marco Di Sabatino Di Diodoro Tel. +39 3939065570 Tirasa S.r.l. Viale D'Annunzio 267 - 65127 Pescara Tel +39 0859116307 / FAX +39 0859111173 http://www.tirasa.net Apache Syncope PPMC Member http://people.apache.org/~mdisabatino
