Re: Configuration of LDAP Identity Store

[Andrea Patricelli]

Hi Martin,

try to change, in connector configuration, the uidAttribute value to 
*uid* instead of "*entryUUID*".

BTW if this does not work could you attach core-connid.log file?

HTH,
Andrea


Il 21/07/2017 12:00, Böhmer, Martin ha scritto:

HI,

I cannot get the configuration of my LDAP Identity Store right. What I 
want is a synchronization of user, groups and group memberships, 
meaning that everything change in Syncope is propagated to LDAP and 
vice-versa.

With my current configuration below, I am able to pull users from LDAP 
(pull task) and propagate new users to LDAP when created in Syncope. 
What is not working is the synchronization of users existing in both 
systems. Syncope claims about a missing remote key. This is 
particularly strange when creating a user in Syncope. On the result 
screen of the user creation, the remote key is correctly display. When 
I close that screen and open the “Manage resources” dialog for that 
user, the remote key is gone and thus propagation of updates to LDAP 
fails.

Any hints would be greatly appreciated!

Regards,

Martin

I’m using *_OpenLDAP_*. The tree looks like this

dc=example,dc=com

·ou=people

ouid=johndoe

o…

·ou=groups

ocn=testgroup

Here is the configuration of the *_LDAP connector_* (properties not 
listed were not touched = default value)

Bundle

        

*net.tirasa.connid.bundles.ldap*

Host

        

*localhost*

TCP Port

        

389

Principal

        

*cn=syncope,dc=exmaple,dc=com*

Password

        

*/******/*

Base Contexts

        

*dc=exmaple,dc=com*

Password Attribute

        

userPassword

Account Object Classes

        

top, person, organizationalPerson, inetOrgPerson

Account User Name Attributes

        

uid, cn

Group Object Classes

        

top, groupOfuniqueNames

Group Name Attributes

        

cn

Group Member Attribute

        

uniqueMember

Maintain LDAP Group Membership

        

(Haken)

Password Hash Algorithm

        

*SSHA*

VLV Sort Attribute

        

*uid*

Uid Attribute

        

*entryUUID*

Read Schema

        

(Haken)

Base Contexts to Synchronize

        

(leer)

Object Classes to Synchronize

        

*inetOrgPerson, groupOfUniqueNames*

Attributes to Synchronize

        

(leer)

Remove Log Entry Object Class from Filter

        

(Haken)

Enable Password Synchronization

        

(Fehler)

Status management class

        

*net.tirasa.connid.bundles.ldap.commons.AttributeStatusManagement*

Capabilities

        

*/(all selected)/*//

And this is the configuration of my *_LDAP resource_*:

Propagation Actions

        

*LDAPPAsswordPropagationAction*
*LDAPMembershipPropagationAction*

Override Capabilities?

        

(Fehler)

Account Policy

        

/(none)/

Password Policy

        

/(none)/

Pull Policy

        

/(none)/)

Finally, the *_mapping configuration_*

Type

        

/User/

Object Class

        

/__ACCOUNT__/

Mapping
username

        

/Int: username
ext: uid
Remote key: yes/

Mapping
email

        

/Int: email
Ext: mail/

Mapping
password

        

/Int: password
Ext: userPassword
Password: yes/

Object Link

        

/‘uid=’ + username + ‘,ou=people,dc=example,dc=com’/


--
Dott. Andrea Patricelli
Tel. +39 3204524292

Developer @ Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net

Apache Syncope PMC Member