Configuring LDAP connector

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Configuring LDAP connector

Tech
Dear Experts,

we are trying to configure the OLDAP connector with Syncope 2.0.1.

We are using bundle 1.5.1.

We create a connector, we don't configure anything else but admin
username, password, rootcontext, server and port.

We save and we create a resource connected to the connector:
- In the first page we don't modify anything
- in the second page we select all the Capabilities
- No policies (Account, pwd and pull)
We finish.

After we edit the provisioning rules:
- We select USER (__ACCOUNT__)
- No auxiliary classes
- Mapping:
--- username -> cn (key)
--- email -> mail
--- lastName -> sn
--- username -> uid
- No Object Link

We save, we try to provision but there is a failure:

Root cause:

java.util.MissingResourceException: Unable to find property: 'start' for
component:
body:toggle:outerObjectsRepeater:1:outer:form:content:tasks:secondLevelContainer:second:executions:secondLevelContainer:second:container:selectedObjects:topToolbars:toolbars:2:headers:2:header:orderByLink:header_body:label
[class=org.apache.wicket.markup.html.basic.Label]. Locale: null, style:
null
      at org.apache.wicket.Localizer.getString(Localizer.java:268)
      at
org.apache.wicket.model.ResourceModel$AssignmentWrapper.load(ResourceModel.java:129)
      at
org.apache.wicket.model.ResourceModel$AssignmentWrapper.load(ResourceModel.java:99)
      at
org.apache.wicket.model.LoadableDetachableModel.getObject(LoadableDetachableModel.java:134)
      at
org.apache.wicket.Component.getDefaultModelObject(Component.java:1626)
      at
org.apache.wicket.Component.getDefaultModelObjectAsString(Component.java:1654)
      at
org.apache.wicket.markup.html.basic.Label.onComponentTagBody(Label.java:115)
      at
org.apache.wicket.markup.html.panel.DefaultMarkupSourcingStrategy.onComponentTagBody(DefaultMarkupSourcingStrategy.java:70)
      at
org.apache.wicket.Component.internalRenderComponent(Component.java:2565)
      at
org.apache.wicket.markup.html.WebComponent.onRender(WebComponent.java:60)
      at org.apache.wicket.Component.internalRender(Component.java:2380)
      at org.apache.wicket.Component.render(Component.java:2308)
      at
org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1521)








We tried to clone the resource with the same information but using pull
instead of push.
We launch the scheduler and we have this:



JobExecutionException: While pulling from connector
org.quartz.JobExecutionException: While pulling from connector [See
nested exception:
org.identityconnectors.framework.common.exceptions.ConnectorException:
No attribute named entryUUID found in the search result]
        at
org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
        at
org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
        at
org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
        at
org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)




apparently is missing the entryUUID, that it's missing in our OLDAP.

We removed this reference from the Connector and we changed entryUUID
with UID

we launch again the scheduler :

JobExecutionException: While pulling from connector
org.quartz.JobExecutionException: While pulling from connector [See
nested exception: java.lang.IllegalArgumentException: Must be a single
value.]
        at
org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
        at
org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
        at
org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)



Could you please assist?

What is missing both for provisioning and reconciliation?

Thanks!
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Configuring LDAP connector

ilgrosso
Administrator
Hi,
I have just replicated your configuration below to ensure I was
providing adequate answers: see my replies below.

Regards.

On 17/12/2016 20:19, PSYND wrote:

> Dear Experts,
>
> we are trying to configure the OLDAP connector with Syncope 2.0.1.
>
> We are using bundle 1.5.1.
>
> We create a connector, we don't configure anything else but admin
> username, password, rootcontext, server and port.
>
> We save and we create a resource connected to the connector:
> - In the first page we don't modify anything
> - in the second page we select all the Capabilities
> - No policies (Account, pwd and pull)
> We finish.
>
> After we edit the provisioning rules:
> - We select USER (__ACCOUNT__)
> - No auxiliary classes
> - Mapping:
> --- username -> cn (key)
> --- email -> mail
> --- lastName -> sn
> --- username -> uid
> - No Object Link

This is the problem: an "Object Link" for ConnId is something that is
generally not used unless a hierarchical resource (e.g. LDAP or Active
Directory) is to be linked.

Object Link is a JEXL expression that is used as model for generating
the target DN on the external resource which corresponds to an internal
entity.
Hence, given your mapping above, a value for object link could be

'cn=' + username + ',ou=People,dc=tirasa,dc=net'

Once the mapping is defined, the easiest way to check that everything is
working is to click on the "Explore resource" link from the given
resource's contextual menu in the Topology.

> We save, we try to provision but there is a failure:

How are you trying to provision? The stacktrace below is definitely an
error that must be handled, but I wasn't able to reproduce.
Which language were you using? English / Italian / Brazilian Portuguese
/ Russian?

Please be sure to read

https://syncope.apache.org/docs/reference-guide.html#provisioning

to understand how the provisioning process is managed.

In particular, consider the difference between Propagation

https://syncope.apache.org/docs/reference-guide.html#propagation

and Push

https://syncope.apache.org/docs/reference-guide.html#provisioning-push

> Root cause:
>
> java.util.MissingResourceException: Unable to find property: 'start'
> for component:
> body:toggle:outerObjectsRepeater:1:outer:form:content:tasks:secondLevelContainer:second:executions:secondLevelContainer:second:container:selectedObjects:topToolbars:toolbars:2:headers:2:header:orderByLink:header_body:label
> [class=org.apache.wicket.markup.html.basic.Label]. Locale: null,
> style: null
>      at org.apache.wicket.Localizer.getString(Localizer.java:268)
>      at
> org.apache.wicket.model.ResourceModel$AssignmentWrapper.load(ResourceModel.java:129)
>      at
> org.apache.wicket.model.ResourceModel$AssignmentWrapper.load(ResourceModel.java:99)
>      at
> org.apache.wicket.model.LoadableDetachableModel.getObject(LoadableDetachableModel.java:134)
>      at
> org.apache.wicket.Component.getDefaultModelObject(Component.java:1626)
>      at
> org.apache.wicket.Component.getDefaultModelObjectAsString(Component.java:1654)
>      at
> org.apache.wicket.markup.html.basic.Label.onComponentTagBody(Label.java:115)
>      at
> org.apache.wicket.markup.html.panel.DefaultMarkupSourcingStrategy.onComponentTagBody(DefaultMarkupSourcingStrategy.java:70)
>      at
> org.apache.wicket.Component.internalRenderComponent(Component.java:2565)
>      at
> org.apache.wicket.markup.html.WebComponent.onRender(WebComponent.java:60)
>      at org.apache.wicket.Component.internalRender(Component.java:2380)
>      at org.apache.wicket.Component.render(Component.java:2308)
>      at
> org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1521)
>
> We tried to clone the resource with the same information but using
> pull instead of push.
> We launch the scheduler and we have this:
>
> JobExecutionException: While pulling from connector
> org.quartz.JobExecutionException: While pulling from connector [See
> nested exception:
> org.identityconnectors.framework.common.exceptions.ConnectorException:
> No attribute named entryUUID found in the search result]
>     at
> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>     at
> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>     at
> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>     at
> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>     at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>     at java.lang.reflect.Method.invoke(Method.java:498)
>     at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
>
>
>
>
> apparently is missing the entryUUID, that it's missing in our OLDAP.
>
> We removed this reference from the Connector and we changed entryUUID
> with UID

As specified by the configuration reference for the ConnId bundle that
you are using:

https://connid.atlassian.net/wiki/display/BASE/LDAP

entryUUID is the default value for 'uidAttribute'; since you are setting
'cn' to be the remote key (as stated above), here's why you need to
change the LDAP connector configuration accordingly,

> we launch again the scheduler :
>
> JobExecutionException: While pulling from connector
> org.quartz.JobExecutionException: While pulling from connector [See
> nested exception: java.lang.IllegalArgumentException: Must be a single
> value.]
>     at
> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>     at
> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>     at
> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)

This error means that, giving the mapping defined above, there are
multiple matching for something that is instead supposed to uniquely
identify the object.
You can naturally find much details in the logs, in particular
core-connid.log

Please also consider that, for OpenLDAP, the ConnId LDAP connector does
not implement yet the SYNC operation, hence the INCREMENTAL pull mode is
not working; more at

https://syncope.apache.org/docs/reference-guide.html#pull-mode

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Configuring LDAP connector

Tech
Dear Francesco,

we modified the JEXL expression putting the same expression your
proposed (adapted to our LDAP), but when we enter in the explore
resource we just have a drop down where is present "USER", down to it
there are __UID__ , __NAME__ and __ENABLE__ , but there is nothing else,
even if I supposed that something should appear.

Have you any idea of what could it be?

Thanks






On 2016-12-19 10:26, Francesco Chicchiriccò wrote:

> Hi,
> I have just replicated your configuration below to ensure I was
> providing adequate answers: see my replies below.
>
> Regards.
>
> On 17/12/2016 20:19, PSYND wrote:
>> Dear Experts,
>>
>> we are trying to configure the OLDAP connector with Syncope 2.0.1.
>>
>> We are using bundle 1.5.1.
>>
>> We create a connector, we don't configure anything else but admin
>> username, password, rootcontext, server and port.
>>
>> We save and we create a resource connected to the connector:
>> - In the first page we don't modify anything
>> - in the second page we select all the Capabilities
>> - No policies (Account, pwd and pull)
>> We finish.
>>
>> After we edit the provisioning rules:
>> - We select USER (__ACCOUNT__)
>> - No auxiliary classes
>> - Mapping:
>> --- username -> cn (key)
>> --- email -> mail
>> --- lastName -> sn
>> --- username -> uid
>> - No Object Link
>
> This is the problem: an "Object Link" for ConnId is something that is
> generally not used unless a hierarchical resource (e.g. LDAP or Active
> Directory) is to be linked.
>
> Object Link is a JEXL expression that is used as model for generating
> the target DN on the external resource which corresponds to an
> internal entity.
> Hence, given your mapping above, a value for object link could be
>
> 'cn=' + username + ',ou=People,dc=tirasa,dc=net'
>
> Once the mapping is defined, the easiest way to check that everything
> is working is to click on the "Explore resource" link from the given
> resource's contextual menu in the Topology.
>
>> We save, we try to provision but there is a failure:
>
> How are you trying to provision? The stacktrace below is definitely an
> error that must be handled, but I wasn't able to reproduce.
> Which language were you using? English / Italian / Brazilian
> Portuguese / Russian?
>
> Please be sure to read
>
> https://syncope.apache.org/docs/reference-guide.html#provisioning
>
> to understand how the provisioning process is managed.
>
> In particular, consider the difference between Propagation
>
> https://syncope.apache.org/docs/reference-guide.html#propagation
>
> and Push
>
> https://syncope.apache.org/docs/reference-guide.html#provisioning-push
>
>> Root cause:
>>
>> java.util.MissingResourceException: Unable to find property: 'start'
>> for component:
>> body:toggle:outerObjectsRepeater:1:outer:form:content:tasks:secondLevelContainer:second:executions:secondLevelContainer:second:container:selectedObjects:topToolbars:toolbars:2:headers:2:header:orderByLink:header_body:label
>> [class=org.apache.wicket.markup.html.basic.Label]. Locale: null,
>> style: null
>>      at org.apache.wicket.Localizer.getString(Localizer.java:268)
>>      at
>> org.apache.wicket.model.ResourceModel$AssignmentWrapper.load(ResourceModel.java:129)
>>      at
>> org.apache.wicket.model.ResourceModel$AssignmentWrapper.load(ResourceModel.java:99)
>>      at
>> org.apache.wicket.model.LoadableDetachableModel.getObject(LoadableDetachableModel.java:134)
>>      at
>> org.apache.wicket.Component.getDefaultModelObject(Component.java:1626)
>>      at
>> org.apache.wicket.Component.getDefaultModelObjectAsString(Component.java:1654)
>>      at
>> org.apache.wicket.markup.html.basic.Label.onComponentTagBody(Label.java:115)
>>      at
>> org.apache.wicket.markup.html.panel.DefaultMarkupSourcingStrategy.onComponentTagBody(DefaultMarkupSourcingStrategy.java:70)
>>      at
>> org.apache.wicket.Component.internalRenderComponent(Component.java:2565)
>>      at
>> org.apache.wicket.markup.html.WebComponent.onRender(WebComponent.java:60)
>>      at
>> org.apache.wicket.Component.internalRender(Component.java:2380)
>>      at org.apache.wicket.Component.render(Component.java:2308)
>>      at
>> org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1521)
>>
>> We tried to clone the resource with the same information but using
>> pull instead of push.
>> We launch the scheduler and we have this:
>>
>> JobExecutionException: While pulling from connector
>> org.quartz.JobExecutionException: While pulling from connector [See
>> nested exception:
>> org.identityconnectors.framework.common.exceptions.ConnectorException:
>> No attribute named entryUUID found in the search result]
>>     at
>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>>     at
>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>>     at
>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>>     at
>> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
>>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>     at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>     at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>     at java.lang.reflect.Method.invoke(Method.java:498)
>>     at
>> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
>>
>>
>>
>>
>> apparently is missing the entryUUID, that it's missing in our OLDAP.
>>
>> We removed this reference from the Connector and we changed entryUUID
>> with UID
>
> As specified by the configuration reference for the ConnId bundle that
> you are using:
>
> https://connid.atlassian.net/wiki/display/BASE/LDAP
>
> entryUUID is the default value for 'uidAttribute'; since you are
> setting 'cn' to be the remote key (as stated above), here's why you
> need to change the LDAP connector configuration accordingly,
>
>> we launch again the scheduler :
>>
>> JobExecutionException: While pulling from connector
>> org.quartz.JobExecutionException: While pulling from connector [See
>> nested exception: java.lang.IllegalArgumentException: Must be a single
>> value.]
>>     at
>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>>     at
>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>>     at
>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>
> This error means that, giving the mapping defined above, there are
> multiple matching for something that is instead supposed to uniquely
> identify the object.
> You can naturally find much details in the logs, in particular
> core-connid.log
>
> Please also consider that, for OpenLDAP, the ConnId LDAP connector
> does not implement yet the SYNC operation, hence the INCREMENTAL pull
> mode is not working; more at
>
> https://syncope.apache.org/docs/reference-guide.html#pull-mode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Configuring LDAP connector

rajkumar

Hi,

I am trying to configure syncope in centOS, mysql and tomcat.  I am getting error "unable to get driver". I am trying by installing jar file, I have placed connector in lib folder may I know what I have missed and why this error caused.

Thanks,
Rajkumar kanikumar

On Dec 21, 2016 3:54 AM, "PSYND" <[hidden email]> wrote:
Dear Francesco,

we modified the JEXL expression putting the same expression your proposed (adapted to our LDAP), but when we enter in the explore resource we just have a drop down where is present "USER", down to it there are __UID__ , __NAME__ and __ENABLE__ , but there is nothing else, even if I supposed that something should appear.

Have you any idea of what could it be?

Thanks






On 2016-12-19 10:26, Francesco Chicchiriccò wrote:
Hi,
I have just replicated your configuration below to ensure I was
providing adequate answers: see my replies below.

Regards.

On 17/12/2016 20:19, PSYND wrote:
Dear Experts,

we are trying to configure the OLDAP connector with Syncope 2.0.1.

We are using bundle 1.5.1.

We create a connector, we don't configure anything else but admin username, password, rootcontext, server and port.

We save and we create a resource connected to the connector:
- In the first page we don't modify anything
- in the second page we select all the Capabilities
- No policies (Account, pwd and pull)
We finish.

After we edit the provisioning rules:
- We select USER (__ACCOUNT__)
- No auxiliary classes
- Mapping:
--- username -> cn (key)
--- email -> mail
--- lastName -> sn
--- username -> uid
- No Object Link

This is the problem: an "Object Link" for ConnId is something that is
generally not used unless a hierarchical resource (e.g. LDAP or Active
Directory) is to be linked.

Object Link is a JEXL expression that is used as model for generating
the target DN on the external resource which corresponds to an
internal entity.
Hence, given your mapping above, a value for object link could be

'cn=' + username + ',ou=People,dc=tirasa,dc=net'

Once the mapping is defined, the easiest way to check that everything
is working is to click on the "Explore resource" link from the given
resource's contextual menu in the Topology.

We save, we try to provision but there is a failure:

How are you trying to provision? The stacktrace below is definitely an
error that must be handled, but I wasn't able to reproduce.
Which language were you using? English / Italian / Brazilian
Portuguese / Russian?

Please be sure to read

https://syncope.apache.org/docs/reference-guide.html#provisioning

to understand how the provisioning process is managed.

In particular, consider the difference between Propagation

https://syncope.apache.org/docs/reference-guide.html#propagation

and Push

https://syncope.apache.org/docs/reference-guide.html#provisioning-push

Root cause:

java.util.MissingResourceException: Unable to find property: 'start' for component: body:toggle:outerObjectsRepeater:1:outer:form:content:tasks:secondLevelContainer:second:executions:secondLevelContainer:second:container:selectedObjects:topToolbars:toolbars:2:headers:2:header:orderByLink:header_body:label [class=org.apache.wicket.markup.html.basic.Label]. Locale: null, style: null
     at org.apache.wicket.Localizer.getString(Localizer.java:268)
     at org.apache.wicket.model.ResourceModel$AssignmentWrapper.load(ResourceModel.java:129)
     at org.apache.wicket.model.ResourceModel$AssignmentWrapper.load(ResourceModel.java:99)
     at org.apache.wicket.model.LoadableDetachableModel.getObject(LoadableDetachableModel.java:134)
     at org.apache.wicket.Component.getDefaultModelObject(Component.java:1626)
     at org.apache.wicket.Component.getDefaultModelObjectAsString(Component.java:1654)
     at org.apache.wicket.markup.html.basic.Label.onComponentTagBody(Label.java:115)
     at org.apache.wicket.markup.html.panel.DefaultMarkupSourcingStrategy.onComponentTagBody(DefaultMarkupSourcingStrategy.java:70)
     at org.apache.wicket.Component.internalRenderComponent(Component.java:2565)
     at org.apache.wicket.markup.html.WebComponent.onRender(WebComponent.java:60)
     at org.apache.wicket.Component.internalRender(Component.java:2380)
     at org.apache.wicket.Component.render(Component.java:2308)
     at org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1521)

We tried to clone the resource with the same information but using pull instead of push.
We launch the scheduler and we have this:

JobExecutionException: While pulling from connector
org.quartz.JobExecutionException: While pulling from connector [See nested exception: org.identityconnectors.framework.common.exceptions.ConnectorException: No attribute named entryUUID found in the search result]
    at org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
    at org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
    at org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
    at org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)




apparently is missing the entryUUID, that it's missing in our OLDAP.

We removed this reference from the Connector and we changed entryUUID with UID

As specified by the configuration reference for the ConnId bundle that
you are using:

https://connid.atlassian.net/wiki/display/BASE/LDAP

entryUUID is the default value for 'uidAttribute'; since you are
setting 'cn' to be the remote key (as stated above), here's why you
need to change the LDAP connector configuration accordingly,

we launch again the scheduler :

JobExecutionException: While pulling from connector
org.quartz.JobExecutionException: While pulling from connector [See nested exception: java.lang.IllegalArgumentException: Must be a single value.]
    at org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
    at org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
    at org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)

This error means that, giving the mapping defined above, there are
multiple matching for something that is instead supposed to uniquely
identify the object.
You can naturally find much details in the logs, in particular core-connid.log

Please also consider that, for OpenLDAP, the ConnId LDAP connector
does not implement yet the SYNC operation, hence the INCREMENTAL pull
mode is not working; more at

https://syncope.apache.org/docs/reference-guide.html#pull-mode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Configuring LDAP connector

ilgrosso
Administrator
In reply to this post by Tech
On 20/12/2016 23:23, PSYND wrote:
> Dear Francesco,
>
> we modified the JEXL expression putting the same expression your
> proposed (adapted to our LDAP), but when we enter in the explore
> resource we just have a drop down where is present "USER", down to it
> there are __UID__ , __NAME__ and __ENABLE__ , but there is nothing
> else, even if I supposed that something should appear.
>
> Have you any idea of what could it be?

Hi,
you are just seeing an empty table because Syncope cannot fetch any
__USER__ (the ConnId object class you have associated to Syncope users
in the provision rules) from LDAP.

This barely means that the current configuration for the LDAP connector
/ resource is not working.

I would suggest you to watch the core-connid.log file while using admin
console's explore resource feature and to look for any relevant error /
message.

Could you also please report your current LDAP connector / resource
configurations (obscuring any sensitive information, clearly)? Maybe
there is something I can recognize.

Regards.

> On 2016-12-19 10:26, Francesco Chicchiriccò wrote:
>> Hi,
>> I have just replicated your configuration below to ensure I was
>> providing adequate answers: see my replies below.
>>
>> Regards.
>>
>> On 17/12/2016 20:19, PSYND wrote:
>>> Dear Experts,
>>>
>>> we are trying to configure the OLDAP connector with Syncope 2.0.1.
>>>
>>> We are using bundle 1.5.1.
>>>
>>> We create a connector, we don't configure anything else but admin
>>> username, password, rootcontext, server and port.
>>>
>>> We save and we create a resource connected to the connector:
>>> - In the first page we don't modify anything
>>> - in the second page we select all the Capabilities
>>> - No policies (Account, pwd and pull)
>>> We finish.
>>>
>>> After we edit the provisioning rules:
>>> - We select USER (__ACCOUNT__)
>>> - No auxiliary classes
>>> - Mapping:
>>> --- username -> cn (key)
>>> --- email -> mail
>>> --- lastName -> sn
>>> --- username -> uid
>>> - No Object Link
>>
>> This is the problem: an "Object Link" for ConnId is something that is
>> generally not used unless a hierarchical resource (e.g. LDAP or Active
>> Directory) is to be linked.
>>
>> Object Link is a JEXL expression that is used as model for generating
>> the target DN on the external resource which corresponds to an
>> internal entity.
>> Hence, given your mapping above, a value for object link could be
>>
>> 'cn=' + username + ',ou=People,dc=tirasa,dc=net'
>>
>> Once the mapping is defined, the easiest way to check that everything
>> is working is to click on the "Explore resource" link from the given
>> resource's contextual menu in the Topology.
>>
>>> We save, we try to provision but there is a failure:
>>
>> How are you trying to provision? The stacktrace below is definitely an
>> error that must be handled, but I wasn't able to reproduce.
>> Which language were you using? English / Italian / Brazilian
>> Portuguese / Russian?
>>
>> Please be sure to read
>>
>> https://syncope.apache.org/docs/reference-guide.html#provisioning
>>
>> to understand how the provisioning process is managed.
>>
>> In particular, consider the difference between Propagation
>>
>> https://syncope.apache.org/docs/reference-guide.html#propagation
>>
>> and Push
>>
>> https://syncope.apache.org/docs/reference-guide.html#provisioning-push
>>
>>> Root cause:
>>>
>>> java.util.MissingResourceException: Unable to find property: 'start'
>>> for component:
>>> body:toggle:outerObjectsRepeater:1:outer:form:content:tasks:secondLevelContainer:second:executions:secondLevelContainer:second:container:selectedObjects:topToolbars:toolbars:2:headers:2:header:orderByLink:header_body:label
>>> [class=org.apache.wicket.markup.html.basic.Label]. Locale: null,
>>> style: null
>>>      at org.apache.wicket.Localizer.getString(Localizer.java:268)
>>>      at
>>> org.apache.wicket.model.ResourceModel$AssignmentWrapper.load(ResourceModel.java:129)
>>>      at
>>> org.apache.wicket.model.ResourceModel$AssignmentWrapper.load(ResourceModel.java:99)
>>>      at
>>> org.apache.wicket.model.LoadableDetachableModel.getObject(LoadableDetachableModel.java:134)
>>>      at
>>> org.apache.wicket.Component.getDefaultModelObject(Component.java:1626)
>>>      at
>>> org.apache.wicket.Component.getDefaultModelObjectAsString(Component.java:1654)
>>>      at
>>> org.apache.wicket.markup.html.basic.Label.onComponentTagBody(Label.java:115)
>>>      at
>>> org.apache.wicket.markup.html.panel.DefaultMarkupSourcingStrategy.onComponentTagBody(DefaultMarkupSourcingStrategy.java:70)
>>>      at
>>> org.apache.wicket.Component.internalRenderComponent(Component.java:2565)
>>>
>>>      at
>>> org.apache.wicket.markup.html.WebComponent.onRender(WebComponent.java:60)
>>>      at org.apache.wicket.Component.internalRender(Component.java:2380)
>>>      at org.apache.wicket.Component.render(Component.java:2308)
>>>      at
>>> org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1521)
>>>
>>> We tried to clone the resource with the same information but using
>>> pull instead of push.
>>> We launch the scheduler and we have this:
>>>
>>> JobExecutionException: While pulling from connector
>>> org.quartz.JobExecutionException: While pulling from connector [See
>>> nested exception:
>>> org.identityconnectors.framework.common.exceptions.ConnectorException:
>>> No attribute named entryUUID found in the search result]
>>>     at
>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>>>     at
>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>>>     at
>>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>>>     at
>>> org.apache.syncope.core.provisioning.java.job.AbstractSchedTaskJobDelegate.execute(AbstractSchedTaskJobDelegate.java:96)
>>>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>     at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>>     at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>>     at java.lang.reflect.Method.invoke(Method.java:498)
>>>     at
>>> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
>>>
>>>
>>>
>>>
>>> apparently is missing the entryUUID, that it's missing in our OLDAP.
>>>
>>> We removed this reference from the Connector and we changed
>>> entryUUID with UID
>>
>> As specified by the configuration reference for the ConnId bundle that
>> you are using:
>>
>> https://connid.atlassian.net/wiki/display/BASE/LDAP
>>
>> entryUUID is the default value for 'uidAttribute'; since you are
>> setting 'cn' to be the remote key (as stated above), here's why you
>> need to change the LDAP connector configuration accordingly,
>>
>>> we launch again the scheduler :
>>>
>>> JobExecutionException: While pulling from connector
>>> org.quartz.JobExecutionException: While pulling from connector [See
>>> nested exception: java.lang.IllegalArgumentException: Must be a
>>> single value.]
>>>     at
>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:284)
>>>     at
>>> org.apache.syncope.core.provisioning.java.pushpull.PullJobDelegate.doExecuteProvisioning(PullJobDelegate.java:60)
>>>     at
>>> org.apache.syncope.core.provisioning.java.pushpull.AbstractProvisioningJobDelegate.doExecute(AbstractProvisioningJobDelegate.java:558)
>>
>> This error means that, giving the mapping defined above, there are
>> multiple matching for something that is instead supposed to uniquely
>> identify the object.
>> You can naturally find much details in the logs, in particular
>> core-connid.log
>>
>> Please also consider that, for OpenLDAP, the ConnId LDAP connector
>> does not implement yet the SYNC operation, hence the INCREMENTAL pull
>> mode is not working; more at
>>
>> https://syncope.apache.org/docs/reference-guide.html#pull-mode

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Loading...