AD-sync errors

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

AD-sync errors

g2hari
This post has NOT been accepted by the mailing list yet.
I have used AD-sync bundle to sync windows 2008 on ssl, i see the following conn errors in the log

[2017-03-01T02:20:42.223] net.tirasa.connid.bundles.ad.util.ADUtilities
Reading passwords not supported Method: getAttributesToGet
[2017-03-01T02:20:42.223] net.tirasa.connid.bundles.ldap.schema.LdapSchemaMapping
Attribute __ENABLE__ of object class __ACCOUNT__ is not mapped to an LDAP attribute Method: getLdapAttribute


Internal attribute External attribute Mandatory Remote Key Password Purpose
 
username   sAMAccountName  0 0 true
password __PASSWORD__ 0  0 true
 
 
   
Object-Link is created as
'dn=' + username + ',cn=Domain Users,dc=domain,dc=com'

I dont see users are sync with syncope from AD.

Thanks,
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: AD-sync errors

ilgrosso
Administrator
You have not subscribed the mailing list (not Nabble, where you did instead), as several warnings should be telling you.
Please subscribe the mailing list and send your message again.
Regards.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: AD-sync errors

g2hari
I have already subscribed, dont know why it is not upddated
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: AD-sync errors

ilgrosso
Administrator
harikrishnag@techaspect.com wrote
I have already subscribed, dont know why it is not upddated
I see this message, so I confirm you are now subscribed.
Unfortunately, your original message was sent before subscription, it seems.

Let me re-post your message below:

harikrishnag@techaspect.com wrote
I have used AD-sync bundle to sync windows 2008 on ssl, i see the following conn errors in the log

[2017-03-01T02:20:42.223] net.tirasa.connid.bundles.ad.util.ADUtilities
Reading passwords not supported Method: getAttributesToGet
[2017-03-01T02:20:42.223] net.tirasa.connid.bundles.ldap.schema.LdapSchemaMapping
Attribute __ENABLE__ of object class __ACCOUNT__ is not mapped to an LDAP attribute Method: getLdapAttribute


Internal attribute External attribute Mandatory Remote Key Password Purpose
 
username   sAMAccountName  0 0 true
password __PASSWORD__ 0  0 true
 
 
   
Object-Link is created as
'dn=' + username + ',cn=Domain Users,dc=domain,dc=com'

I dont see users are sync with syncope from AD.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: AD-sync errors

Fabio Martelli
Hi, please be sure you don't any local mandatory attribute to be set. In
case, provide mapping them or specify a user template.
Further, be sure to have given sync capability to your the AD connector
instance.

Best regards,
F.

Il 01/03/2017 09:02, ilgrosso ha scritto:

> [hidden email] wrote
>> I have already subscribed, dont know why it is not upddated
> I see this message, so I confirm you are now subscribed.
> Unfortunately, your original message was sent before subscription, it seems.
>
> Let me re-post your message below:
>
>
> [hidden email] wrote
>> I have used AD-sync bundle to sync windows 2008 on ssl, i see the
>> following conn errors in the log
>>
>> [2017-03-01T02:20:42.223] net.tirasa.connid.bundles.ad.util.ADUtilities
>> Reading passwords not supported Method: getAttributesToGet
>> [2017-03-01T02:20:42.223]
>> net.tirasa.connid.bundles.ldap.schema.LdapSchemaMapping
>> Attribute __ENABLE__ of object class __ACCOUNT__ is not mapped to an LDAP
>> attribute Method: getLdapAttribute
>>
>>
>> Internal attribute External attribute Mandatory Remote Key Password
>> Purpose
>>    
>> username   sAMAccountName  0 0 true
>> password __PASSWORD__ 0  0 true
>>    
>>    
>>      
>> Object-Link is created as
>> 'dn=' + username + ',cn=Domain Users,dc=domain,dc=com'
>>
>> I dont see users are sync with syncope from AD.
>
>
> --
> View this message in context: http://syncope-user.1051894.n5.nabble.com/AD-sync-errors-tp5709029p5709033.html
> Sent from the syncope-user mailing list archive at Nabble.com.


--
Fabio Martelli
https://it.linkedin.com/pub/fabio-martelli/1/974/a44
http://blog.tirasa.net/author/fabio/index.html

Tirasa - Open Source Excellence
http://www.tirasa.net/

Apache Syncope PMC
http://people.apache.org/~fmartelli/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: AD-sync errors

g2hari
I am not using any filter to retrive users or group, need to pull all resources from AD to syncope

I am getting the below errors in connid logs

[2017-03-01T03:16:29.306] net.tirasa.connid.bundles.ad.util.ADUtilities
Reading passwords not supported Method: getAttributesToGet
[2017-03-01T03:16:29.306] net.tirasa.connid.bundles.ldap.schema.LdapSchemaMapping
Attribute __ENABLE__ of object class __ACCOUNT__ is not mapped to an LDAP attribute Method: getLdapAttribute

same time Groups are sync to the system with out any errors.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: AD-sync errors

Fabio Martelli
Hi, please be sure you don't any local mandatory attribute to be set. In
case, provide mapping them or specify a user template.
Further, be sure to have given sync capability to your the AD connector
instance.

Best regards,
F.

Il 01/03/2017 09:17, [hidden email] ha scritto:

> I am not using any filter to retrive users or group, need to pull all
> resources from AD to syncope
>
> I am getting the below errors in connid logs
>
> [2017-03-01T03:16:29.306] net.tirasa.connid.bundles.ad.util.ADUtilities
> Reading passwords not supported Method: getAttributesToGet
> [2017-03-01T03:16:29.306]
> net.tirasa.connid.bundles.ldap.schema.LdapSchemaMapping
> Attribute __ENABLE__ of object class __ACCOUNT__ is not mapped to an LDAP
> attribute Method: getLdapAttribute
>
> same time Groups are sync to the system with out any errors.
>
> --
> View this message in context: http://syncope-user.1051894.n5.nabble.com/AD-sync-errors-tp5709029p5709035.html
> Sent from the syncope-user mailing list archive at Nabble.com.


--
Fabio Martelli
https://it.linkedin.com/pub/fabio-martelli/1/974/a44
http://blog.tirasa.net/author/fabio/index.html

Tirasa - Open Source Excellence
http://www.tirasa.net/

Apache Syncope PMC
http://people.apache.org/~fmartelli/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: AD-sync errors

g2hari
Thank you for your reply, There are Mappings created for users is username with Samaccountname, password and email and there is no Object link is created for users.


Thanks,
Hari
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: AD-sync errors

g2hari
In between, is there any detailed Active directory sync document available ?

I followed the below documentation which was created in 5th June (outdated),
https://cwiki.apache.org/confluence/display/SYNCOPE/Configure+an+Active+Directory+resource


Many of them are not covered with the new interface, clarity missing on Internal and external mapping for Active directory attributes.

Thanks,
hari
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: AD-sync errors

ilgrosso
Administrator
On 01/03/2017 10:52, g2hari wrote:
> In between, is there any detailed Active directory sync document available ?
>
> I followed the below documentation which was created in 5th June (outdated),
> https://cwiki.apache.org/confluence/display/SYNCOPE/Configure+an+Active+Directory+resource

There is a pretty clear statement on top of the page that says:

Version Warning
The content below is for Apache Syncope <= 1.2 - for later versions the
Reference Guide is available.

I suppose you are using Apache Syncope 2.0, no?

> Many of them are not covered with the new interface, clarity missing on
> Internal and external mapping for Active directory attributes.


There is no similar documentation yet for 2.0; the only related content
(but for LDAP) can be found in

http://coheigea.blogspot.it/2016/08/pulling-users-and-groups-from-ldap-into.html

Regards.

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: AD-sync errors

g2hari
I followed this same document along with an official document, but no luck, only groups from AD are sync.  

Thanks,
Hari
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: AD-sync errors

g2hari
In the sync status i always end up with
Users [created/failures]: 0/0 [updated/failures]: 0/0 [deleted/failures]: 0/0 [no operation/ignored]: 0/0
Groups [created/failures]: 0/319 [updated/failures]: 0/0 [deleted/failures]: 0/0 [no operation/ignored]: 0/0
Loading...