You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Siyanatullah Khan <cy...@yahoo.co.in> on 2015/07/22 12:25:39 UTC
Issues connecting apache syncope with apache DS.
Hi All ,
I am trying to connect the apache syncope with apache DS but my synchronizations have failed so far.I have posted a detailed query here Cannot Connect Syncope with Apache DS
| |
| | | | | | | |
| Cannot Connect Syncope with Apache DSI am facing an error while trying to add an apache DS backend to apache syncope. Environment Apache DS v 2.00-M20 Apache syncope v 1.2.4 OS Windows 7 64 bit I ... |
| |
| View on stackoverflow.com | Preview by Yahoo |
| |
| |
I will be extremely obliged if anyone can point me to the right direction.
ThanksSiyanat
Re: Issues connecting apache syncope with apache DS.
Posted by Siyanat <cy...@yahoo.co.in>.
Fabio Martelli wrote
> Il 27/07/2015 09:21, Siyanat ha scritto:
>> Fabio Martelli wrote
>>> Il 23/07/2015 08:20, Siyanat ha scritto:
>>>> Hi Fabio
>>>> Fabio Martelli wrote
>>>>> Il 22/07/2015 12:25, Siyanatullah Khan ha scritto:
>>>>>> Hi All ,
>>>>>>
>>>>>> I am trying to connect the apache syncope with apache DS but my
>>>>>> synchronizations have failed so far.
>>>>>> I have posted a detailed query here
>>>>>> Cannot Connect Syncope with Apache DS
>>>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>>>>
>>>>>> image
>>>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Cannot Connect Syncope with Apache DS
>>>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>>>>
>>>>>> I am facing an error while trying to add an apache DS backend to
>>>>>> apache syncope. Environment Apache DS v 2.00-M20 Apache syncope v
>>>>>> 1.2.4 OS Windows 7 64 bit I ...
>>>>>>
>>>>>> View on stackoverflow.com
>>>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>>>>
>>>>>> Preview by Yahoo
>>>>>>
>>>>>>
>>>>>> I will be extremely obliged if anyone can point me to the right
>>>>>> direction.
>>>>>>
>>>>>> Thanks
>>>>>> Siyanat
>>>>>>
>>>>>>
>>>>> Hi Siyanat,
>>>>>
>>>>> 1. set ONE-PHASE propagation mode
>>>>> 2. specify JEXL expression for the accountLink into user mapping
>>>>> page
>>>>> 3. take [1] as reference guide
>>>>>
>>>>> Best regards,
>>>>> F.
>>>>>
>>>>> [1] http://blog.tirasa.net/unlock-full-ldap-features-in
>>>>>
>>>> Hi Fabio,
>>>> Thanks for your reply.
>>>> This is what I have tried.
>>>>
>>>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/link-map.png>
>>>>
>>>> I have not done in any role mapping as I am not sure about the values
>>>> to
>>>> put
>>>> here.
>>>>
>>>> Here is my user schema
>>>>
>>>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/schema.png>
>>>>
>>>>
>>>> One Phase changes
>>>>
>>>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/JEXL.png>
>>>>
>>>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/connector-details.png>
>>>>
>>>> Still I am getting this error
>>>>
>>>> JobExecutionException: While syncing on connector
>>>> org.quartz.JobExecutionException: While syncing on connector [See
>>>> nested
>>>> exception:
>>>> org.identityconnectors.framework.common.exceptions.ConnectorException:
>>>> javax.naming.NamingException: [LDAP: error code 36 -
>>>> ALIAS_DEREFERENCING_PROBLEM: failed for MessageType : SEARCH_REQUEST
>>>> Message ID : 25
>>>> SearchRequest
>>>> baseDn : 'o=sevenseas'
>>>> filter :
>>>> '(&(&(objectClass=inetorgperson:[11])(objectClass=top))(cn=*:[∞]))'
>>>> scope : whole subtree
>>>> typesOnly : false
>>>> Size Limit : no limit
>>>> Time Limit : no limit
>>>> Deref Aliases : deref Always
>>>> attributes : 'cn', 'sn', 'uid', 'userPassword'
>>>> org.apache.directory.api.ldap.model.message.SearchRequestImpl@28149cc3
>>>> Virtual List View Request Control
>>>> oid : 2.16.840.1.113730.3.4.9
>>>> critical : true
>>>> beforeCount : '0'
>>>> afterCount : '99'
>>>> target :
>>>> offset : '1'
>>>> contentCount : '0'
>>>> SortRequestControlImpl [sortKeys=[SortKey : [uid]]]:
>>>> java.io.IOException:
>>>> The system cannot find the path specified]; remaining name
>>>> 'o=sevenseas']
>>>> at
>>>> org.apache.syncope.core.sync.impl.SyncJob.executeWithSecurityContext(SyncJob.java:184)
>>>> at
>>>> org.apache.syncope.core.sync.impl.SyncJob.executeWithSecurityContext(SyncJob.java:55)
>>>> at
>>>> org.apache.syncope.core.sync.impl.AbstractSyncJob.doExecute(AbstractSyncJob.java:382)
>>>> at
>>>> org.apache.syncope.core.quartz.AbstractTaskJob.execute(AbstractTaskJob.java:125)
>>>> at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
>>>> at
>>>> org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
>>>>
>>>> Thanks
>>>> Siyanat
>>>>
>>>> --
>>>> View this message in context:
>>>> http://syncope-user.1051894.n5.nabble.com/Issues-connecting-apache-syncope-with-apache-DS-tp5708095p5708097.html
>>>> Sent from the syncope-user mailing list archive at Nabble.com.
>>> Hi Sijanat,
>>> looking at [1] it seems that you can have some trouble with acces rigth
>>> read permission.
>>>
>>> 36 LDAP_ALIAS_DEREF_PROBLEM Indicates that during a search operation,
>>> either the client does not have access rights to read the aliased
>>> object's name or dereferencing is not allowed.
>>>
>>>
>>> Please, try out an ldapsearch by using credentials specified in your
>>> configuration.
>>> Probably your flag is something like as "-a always".
>>>
>>> Kind regards,
>>> F.
>>>
>>> [1]
>>> http://wiki.servicenow.com/index.php?title=LDAP_Error_Codes#gsc.tab=0
>>>
>>> --
>>> Fabio Martelli
>>>
>>> Tirasa - Open Source Excellence
>>> http://www.tirasa.net/
>>>
>>> Apache Syncope PMC
>>> http://people.apache.org/~fmartelli/
>> Hi Fabio,
>>
>> Thanks for your input. I have tried an ldap search from command line with
>> the defined credentials , it is working fine.
>>
>>
>> C:\Users\esiykha\Projects\SFTP\Software\unboundid-ldapsdk-2.3.8-se\tools>ldapsea
>> rch --hostname "localhost" --port 10389 --bindDN "uid=admin,ou=system"
>> --bindPas
>> sword "secret" --baseDN "o=sevenseas" --scope "sub" "(uid=cbuckley)"
>>
>>
>> # Connected to localhost:10389
>> dn: cn=Cornelius Buckley,ou=people,o=sevenseas
>> uid: cbuckley
>> description: LM Cornelius Buckley
>> userPassword: {SHA}nU4eI71bcnBGqeO0t9tXvY1u5oQ=
>> givenname: Cornelius
>> objectclass: organizationalPerson
>> objectclass: person
>> objectclass: inetOrgPerson
>> objectclass: top
>> cn: Cornelius Buckley
>> sn: Buckley
>> mail:
> cbuckley@.mod
>> manager: cn=Horatio Nelson,ou=people,o=sevenSeas
>>
>> # The search operation was processed successfully.
>> # Entries returned: 1
>> # References returned: 0
>>
>> # Disconnected from the server
> Hi, thank you for your feedback.
> BTW, please, try to dereference aliases.
>> Probably your flag is something like as "-a always".
> Regards,
> F.
>
> --
> Fabio Martelli
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Apache Syncope PMC
> http://people.apache.org/~fmartelli/
Hi Fabio ,
Thank you for the update. There was no de-referencing option in unbound SDK
so i downloaded openLDAP for windows and tried the de referencing option
from there , this is working as expected
C:\Users\esiykha>ldapsearch -h localhost -p 10389 -b o=sevenseas -D
uid=admin,ou
=system -w secret -a always "(uid=hnelson)"
# extended LDIF
#
# LDAPv3
# base <o=sevenseas> with scope subtree
# filter: (uid=hnelson)
# requesting: ALL
#
# Horatio Nelson, people, sevenseas
dn: cn=Horatio Nelson,ou=people,o=sevenseas
description: Lord Horatio Nelson
uid: hnelson
userPassword:: e1NIQX1uVTRlSTcxYmNuQkdxZU8wdDl0WHZZMXU1b1E9
givenname: Horatio
objectclass: organizationalPerson
objectclass: person
objectclass: inetOrgPerson
objectclass: top
cn: Horatio Nelson
sn: Nelson
mail: hnelson@royalnavy.mod.uk
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
--
View this message in context: http://syncope-user.1051894.n5.nabble.com/Issues-connecting-apache-syncope-with-apache-DS-tp5708095p5708103.html
Sent from the syncope-user mailing list archive at Nabble.com.
Re: Issues connecting apache syncope with apache DS.
Posted by Fabio Martelli <fa...@gmail.com>.
Il 27/07/2015 09:21, Siyanat ha scritto:
> Fabio Martelli wrote
>> Il 23/07/2015 08:20, Siyanat ha scritto:
>>> Hi Fabio
>>> Fabio Martelli wrote
>>>> Il 22/07/2015 12:25, Siyanatullah Khan ha scritto:
>>>>> Hi All ,
>>>>>
>>>>> I am trying to connect the apache syncope with apache DS but my
>>>>> synchronizations have failed so far.
>>>>> I have posted a detailed query here
>>>>> Cannot Connect Syncope with Apache DS
>>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>>>
>>>>> image
>>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Cannot Connect Syncope with Apache DS
>>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>>>
>>>>> I am facing an error while trying to add an apache DS backend to
>>>>> apache syncope. Environment Apache DS v 2.00-M20 Apache syncope v
>>>>> 1.2.4 OS Windows 7 64 bit I ...
>>>>>
>>>>> View on stackoverflow.com
>>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>>>
>>>>> Preview by Yahoo
>>>>>
>>>>>
>>>>> I will be extremely obliged if anyone can point me to the right
>>>>> direction.
>>>>>
>>>>> Thanks
>>>>> Siyanat
>>>>>
>>>>>
>>>> Hi Siyanat,
>>>>
>>>> 1. set ONE-PHASE propagation mode
>>>> 2. specify JEXL expression for the accountLink into user mapping page
>>>> 3. take [1] as reference guide
>>>>
>>>> Best regards,
>>>> F.
>>>>
>>>> [1] http://blog.tirasa.net/unlock-full-ldap-features-in
>>>>
>>> Hi Fabio,
>>> Thanks for your reply.
>>> This is what I have tried.
>>>
>>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/link-map.png>
>>>
>>> I have not done in any role mapping as I am not sure about the values to
>>> put
>>> here.
>>>
>>> Here is my user schema
>>>
>>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/schema.png>
>>>
>>>
>>> One Phase changes
>>>
>>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/JEXL.png>
>>>
>>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/connector-details.png>
>>>
>>> Still I am getting this error
>>>
>>> JobExecutionException: While syncing on connector
>>> org.quartz.JobExecutionException: While syncing on connector [See nested
>>> exception:
>>> org.identityconnectors.framework.common.exceptions.ConnectorException:
>>> javax.naming.NamingException: [LDAP: error code 36 -
>>> ALIAS_DEREFERENCING_PROBLEM: failed for MessageType : SEARCH_REQUEST
>>> Message ID : 25
>>> SearchRequest
>>> baseDn : 'o=sevenseas'
>>> filter :
>>> '(&(&(objectClass=inetorgperson:[11])(objectClass=top))(cn=*:[∞]))'
>>> scope : whole subtree
>>> typesOnly : false
>>> Size Limit : no limit
>>> Time Limit : no limit
>>> Deref Aliases : deref Always
>>> attributes : 'cn', 'sn', 'uid', 'userPassword'
>>> org.apache.directory.api.ldap.model.message.SearchRequestImpl@28149cc3
>>> Virtual List View Request Control
>>> oid : 2.16.840.1.113730.3.4.9
>>> critical : true
>>> beforeCount : '0'
>>> afterCount : '99'
>>> target :
>>> offset : '1'
>>> contentCount : '0'
>>> SortRequestControlImpl [sortKeys=[SortKey : [uid]]]: java.io.IOException:
>>> The system cannot find the path specified]; remaining name 'o=sevenseas']
>>> at
>>> org.apache.syncope.core.sync.impl.SyncJob.executeWithSecurityContext(SyncJob.java:184)
>>> at
>>> org.apache.syncope.core.sync.impl.SyncJob.executeWithSecurityContext(SyncJob.java:55)
>>> at
>>> org.apache.syncope.core.sync.impl.AbstractSyncJob.doExecute(AbstractSyncJob.java:382)
>>> at
>>> org.apache.syncope.core.quartz.AbstractTaskJob.execute(AbstractTaskJob.java:125)
>>> at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
>>> at
>>> org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
>>>
>>> Thanks
>>> Siyanat
>>>
>>> --
>>> View this message in context:
>>> http://syncope-user.1051894.n5.nabble.com/Issues-connecting-apache-syncope-with-apache-DS-tp5708095p5708097.html
>>> Sent from the syncope-user mailing list archive at Nabble.com.
>> Hi Sijanat,
>> looking at [1] it seems that you can have some trouble with acces rigth
>> read permission.
>>
>> 36 LDAP_ALIAS_DEREF_PROBLEM Indicates that during a search operation,
>> either the client does not have access rights to read the aliased
>> object's name or dereferencing is not allowed.
>>
>>
>> Please, try out an ldapsearch by using credentials specified in your
>> configuration.
>> Probably your flag is something like as "-a always".
>>
>> Kind regards,
>> F.
>>
>> [1] http://wiki.servicenow.com/index.php?title=LDAP_Error_Codes#gsc.tab=0
>>
>> --
>> Fabio Martelli
>>
>> Tirasa - Open Source Excellence
>> http://www.tirasa.net/
>>
>> Apache Syncope PMC
>> http://people.apache.org/~fmartelli/
> Hi Fabio,
>
> Thanks for your input. I have tried an ldap search from command line with
> the defined credentials , it is working fine.
>
>
> C:\Users\esiykha\Projects\SFTP\Software\unboundid-ldapsdk-2.3.8-se\tools>ldapsea
> rch --hostname "localhost" --port 10389 --bindDN "uid=admin,ou=system"
> --bindPas
> sword "secret" --baseDN "o=sevenseas" --scope "sub" "(uid=cbuckley)"
>
>
> # Connected to localhost:10389
> dn: cn=Cornelius Buckley,ou=people,o=sevenseas
> uid: cbuckley
> description: LM Cornelius Buckley
> userPassword: {SHA}nU4eI71bcnBGqeO0t9tXvY1u5oQ=
> givenname: Cornelius
> objectclass: organizationalPerson
> objectclass: person
> objectclass: inetOrgPerson
> objectclass: top
> cn: Cornelius Buckley
> sn: Buckley
> mail: cbuckley@royalnavy.mod.uk
> manager: cn=Horatio Nelson,ou=people,o=sevenSeas
>
> # The search operation was processed successfully.
> # Entries returned: 1
> # References returned: 0
>
> # Disconnected from the server
Hi, thank you for your feedback.
BTW, please, try to dereference aliases.
> Probably your flag is something like as "-a always".
Regards,
F.
--
Fabio Martelli
Tirasa - Open Source Excellence
http://www.tirasa.net/
Apache Syncope PMC
http://people.apache.org/~fmartelli/
Re: Issues connecting apache syncope with apache DS.
Posted by Siyanat <cy...@yahoo.co.in>.
Fabio Martelli wrote
> Il 23/07/2015 08:20, Siyanat ha scritto:
>> Hi Fabio
>> Fabio Martelli wrote
>>> Il 22/07/2015 12:25, Siyanatullah Khan ha scritto:
>>>>
>>>> Hi All ,
>>>>
>>>> I am trying to connect the apache syncope with apache DS but my
>>>> synchronizations have failed so far.
>>>> I have posted a detailed query here
>>>> Cannot Connect Syncope with Apache DS
>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>>
>>>> image
>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Cannot Connect Syncope with Apache DS
>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>>
>>>> I am facing an error while trying to add an apache DS backend to
>>>> apache syncope. Environment Apache DS v 2.00-M20 Apache syncope v
>>>> 1.2.4 OS Windows 7 64 bit I ...
>>>>
>>>> View on stackoverflow.com
>>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>>
>>>> Preview by Yahoo
>>>>
>>>>
>>>> I will be extremely obliged if anyone can point me to the right
>>>> direction.
>>>>
>>>> Thanks
>>>> Siyanat
>>>>
>>>>
>>> Hi Siyanat,
>>>
>>> 1. set ONE-PHASE propagation mode
>>> 2. specify JEXL expression for the accountLink into user mapping page
>>> 3. take [1] as reference guide
>>>
>>> Best regards,
>>> F.
>>>
>>> [1] http://blog.tirasa.net/unlock-full-ldap-features-in
>>>
>> Hi Fabio,
>> Thanks for your reply.
>> This is what I have tried.
>>
>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/link-map.png>
>>
>> I have not done in any role mapping as I am not sure about the values to
>> put
>> here.
>>
>> Here is my user schema
>>
>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/schema.png>
>>
>>
>> One Phase changes
>>
>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/JEXL.png>
>>
>> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/connector-details.png>
>>
>> Still I am getting this error
>>
>> JobExecutionException: While syncing on connector
>> org.quartz.JobExecutionException: While syncing on connector [See nested
>> exception:
>> org.identityconnectors.framework.common.exceptions.ConnectorException:
>> javax.naming.NamingException: [LDAP: error code 36 -
>> ALIAS_DEREFERENCING_PROBLEM: failed for MessageType : SEARCH_REQUEST
>> Message ID : 25
>> SearchRequest
>> baseDn : 'o=sevenseas'
>> filter :
>> '(&(&(objectClass=inetorgperson:[11])(objectClass=top))(cn=*:[∞]))'
>> scope : whole subtree
>> typesOnly : false
>> Size Limit : no limit
>> Time Limit : no limit
>> Deref Aliases : deref Always
>> attributes : 'cn', 'sn', 'uid', 'userPassword'
>> org.apache.directory.api.ldap.model.message.SearchRequestImpl@28149cc3
>> Virtual List View Request Control
>> oid : 2.16.840.1.113730.3.4.9
>> critical : true
>> beforeCount : '0'
>> afterCount : '99'
>> target :
>> offset : '1'
>> contentCount : '0'
>> SortRequestControlImpl [sortKeys=[SortKey : [uid]]]: java.io.IOException:
>> The system cannot find the path specified]; remaining name 'o=sevenseas']
>> at
>> org.apache.syncope.core.sync.impl.SyncJob.executeWithSecurityContext(SyncJob.java:184)
>> at
>> org.apache.syncope.core.sync.impl.SyncJob.executeWithSecurityContext(SyncJob.java:55)
>> at
>> org.apache.syncope.core.sync.impl.AbstractSyncJob.doExecute(AbstractSyncJob.java:382)
>> at
>> org.apache.syncope.core.quartz.AbstractTaskJob.execute(AbstractTaskJob.java:125)
>> at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
>> at
>> org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
>>
>> Thanks
>> Siyanat
>>
>> --
>> View this message in context:
>> http://syncope-user.1051894.n5.nabble.com/Issues-connecting-apache-syncope-with-apache-DS-tp5708095p5708097.html
>> Sent from the syncope-user mailing list archive at Nabble.com.
>
> Hi Sijanat,
> looking at [1] it seems that you can have some trouble with acces rigth
> read permission.
>
> 36 LDAP_ALIAS_DEREF_PROBLEM Indicates that during a search operation,
> either the client does not have access rights to read the aliased
> object's name or dereferencing is not allowed.
>
>
> Please, try out an ldapsearch by using credentials specified in your
> configuration.
> Probably your flag is something like as "-a always".
>
> Kind regards,
> F.
>
> [1] http://wiki.servicenow.com/index.php?title=LDAP_Error_Codes#gsc.tab=0
>
> --
> Fabio Martelli
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Apache Syncope PMC
> http://people.apache.org/~fmartelli/
Hi Fabio,
Thanks for your input. I have tried an ldap search from command line with
the defined credentials , it is working fine.
C:\Users\esiykha\Projects\SFTP\Software\unboundid-ldapsdk-2.3.8-se\tools>ldapsea
rch --hostname "localhost" --port 10389 --bindDN "uid=admin,ou=system"
--bindPas
sword "secret" --baseDN "o=sevenseas" --scope "sub" "(uid=cbuckley)"
# Connected to localhost:10389
dn: cn=Cornelius Buckley,ou=people,o=sevenseas
uid: cbuckley
description: LM Cornelius Buckley
userPassword: {SHA}nU4eI71bcnBGqeO0t9tXvY1u5oQ=
givenname: Cornelius
objectclass: organizationalPerson
objectclass: person
objectclass: inetOrgPerson
objectclass: top
cn: Cornelius Buckley
sn: Buckley
mail: cbuckley@royalnavy.mod.uk
manager: cn=Horatio Nelson,ou=people,o=sevenSeas
# The search operation was processed successfully.
# Entries returned: 1
# References returned: 0
# Disconnected from the server
C:\Users\esiykha\Projects\SFTP\Software\unboundid-ldapsdk-2.3.8-se\tools>
--
View this message in context: http://syncope-user.1051894.n5.nabble.com/Issues-connecting-apache-syncope-with-apache-DS-tp5708095p5708100.html
Sent from the syncope-user mailing list archive at Nabble.com.
Re: Issues connecting apache syncope with apache DS.
Posted by Fabio Martelli <fa...@gmail.com>.
Il 23/07/2015 08:20, Siyanat ha scritto:
> Hi Fabio
> Fabio Martelli wrote
>> Il 22/07/2015 12:25, Siyanatullah Khan ha scritto:
>>>
>>> Hi All ,
>>>
>>> I am trying to connect the apache syncope with apache DS but my
>>> synchronizations have failed so far.
>>> I have posted a detailed query here
>>> Cannot Connect Syncope with Apache DS
>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>
>>> image
>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>
>>>
>>>
>>>
>>>
>>> Cannot Connect Syncope with Apache DS
>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>
>>> I am facing an error while trying to add an apache DS backend to
>>> apache syncope. Environment Apache DS v 2.00-M20 Apache syncope v
>>> 1.2.4 OS Windows 7 64 bit I ...
>>>
>>> View on stackoverflow.com
>>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>>
>>> Preview by Yahoo
>>>
>>>
>>> I will be extremely obliged if anyone can point me to the right
>>> direction.
>>>
>>> Thanks
>>> Siyanat
>>>
>>>
>> Hi Siyanat,
>>
>> 1. set ONE-PHASE propagation mode
>> 2. specify JEXL expression for the accountLink into user mapping page
>> 3. take [1] as reference guide
>>
>> Best regards,
>> F.
>>
>> [1] http://blog.tirasa.net/unlock-full-ldap-features-in
>>
> Hi Fabio,
> Thanks for your reply.
> This is what I have tried.
>
> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/link-map.png>
>
> I have not done in any role mapping as I am not sure about the values to put
> here.
>
> Here is my user schema
>
> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/schema.png>
>
>
> One Phase changes
>
> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/JEXL.png>
>
> <http://syncope-user.1051894.n5.nabble.com/file/n5708097/connector-details.png>
>
> Still I am getting this error
>
> JobExecutionException: While syncing on connector
> org.quartz.JobExecutionException: While syncing on connector [See nested
> exception:
> org.identityconnectors.framework.common.exceptions.ConnectorException:
> javax.naming.NamingException: [LDAP: error code 36 -
> ALIAS_DEREFERENCING_PROBLEM: failed for MessageType : SEARCH_REQUEST
> Message ID : 25
> SearchRequest
> baseDn : 'o=sevenseas'
> filter :
> '(&(&(objectClass=inetorgperson:[11])(objectClass=top))(cn=*:[∞]))'
> scope : whole subtree
> typesOnly : false
> Size Limit : no limit
> Time Limit : no limit
> Deref Aliases : deref Always
> attributes : 'cn', 'sn', 'uid', 'userPassword'
> org.apache.directory.api.ldap.model.message.SearchRequestImpl@28149cc3
> Virtual List View Request Control
> oid : 2.16.840.1.113730.3.4.9
> critical : true
> beforeCount : '0'
> afterCount : '99'
> target :
> offset : '1'
> contentCount : '0'
> SortRequestControlImpl [sortKeys=[SortKey : [uid]]]: java.io.IOException:
> The system cannot find the path specified]; remaining name 'o=sevenseas']
> at
> org.apache.syncope.core.sync.impl.SyncJob.executeWithSecurityContext(SyncJob.java:184)
> at
> org.apache.syncope.core.sync.impl.SyncJob.executeWithSecurityContext(SyncJob.java:55)
> at
> org.apache.syncope.core.sync.impl.AbstractSyncJob.doExecute(AbstractSyncJob.java:382)
> at
> org.apache.syncope.core.quartz.AbstractTaskJob.execute(AbstractTaskJob.java:125)
> at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
> at
> org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
>
> Thanks
> Siyanat
>
> --
> View this message in context: http://syncope-user.1051894.n5.nabble.com/Issues-connecting-apache-syncope-with-apache-DS-tp5708095p5708097.html
> Sent from the syncope-user mailing list archive at Nabble.com.
Hi Sijanat,
looking at [1] it seems that you can have some trouble with acces rigth
read permission.
36 LDAP_ALIAS_DEREF_PROBLEM Indicates that during a search operation,
either the client does not have access rights to read the aliased
object's name or dereferencing is not allowed.
Please, try out an ldapsearch by using credentials specified in your
configuration.
Probably your flag is something like as "-a always".
Kind regards,
F.
[1] http://wiki.servicenow.com/index.php?title=LDAP_Error_Codes#gsc.tab=0
--
Fabio Martelli
Tirasa - Open Source Excellence
http://www.tirasa.net/
Apache Syncope PMC
http://people.apache.org/~fmartelli/
Re: Issues connecting apache syncope with apache DS.
Posted by Siyanat <cy...@yahoo.co.in>.
Hi Fabio
Fabio Martelli wrote
> Il 22/07/2015 12:25, Siyanatullah Khan ha scritto:
>>
>>
>> Hi All ,
>>
>> I am trying to connect the apache syncope with apache DS but my
>> synchronizations have failed so far.
>> I have posted a detailed query here
>> Cannot Connect Syncope with Apache DS
>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>
>> image
>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>
>>
>>
>>
>>
>> Cannot Connect Syncope with Apache DS
>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>
>> I am facing an error while trying to add an apache DS backend to
>> apache syncope. Environment Apache DS v 2.00-M20 Apache syncope v
>> 1.2.4 OS Windows 7 64 bit I ...
>>
>> View on stackoverflow.com
>> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>>
>> Preview by Yahoo
>>
>>
>> I will be extremely obliged if anyone can point me to the right
>> direction.
>>
>> Thanks
>> Siyanat
>>
>>
> Hi Siyanat,
>
> 1. set ONE-PHASE propagation mode
> 2. specify JEXL expression for the accountLink into user mapping page
> 3. take [1] as reference guide
>
> Best regards,
> F.
>
> [1] http://blog.tirasa.net/unlock-full-ldap-features-in
>
Hi Fabio,
Thanks for your reply.
This is what I have tried.
<http://syncope-user.1051894.n5.nabble.com/file/n5708097/link-map.png>
I have not done in any role mapping as I am not sure about the values to put
here.
Here is my user schema
<http://syncope-user.1051894.n5.nabble.com/file/n5708097/schema.png>
One Phase changes
<http://syncope-user.1051894.n5.nabble.com/file/n5708097/JEXL.png>
<http://syncope-user.1051894.n5.nabble.com/file/n5708097/connector-details.png>
Still I am getting this error
JobExecutionException: While syncing on connector
org.quartz.JobExecutionException: While syncing on connector [See nested
exception:
org.identityconnectors.framework.common.exceptions.ConnectorException:
javax.naming.NamingException: [LDAP: error code 36 -
ALIAS_DEREFERENCING_PROBLEM: failed for MessageType : SEARCH_REQUEST
Message ID : 25
SearchRequest
baseDn : 'o=sevenseas'
filter :
'(&(&(objectClass=inetorgperson:[11])(objectClass=top))(cn=*:[∞]))'
scope : whole subtree
typesOnly : false
Size Limit : no limit
Time Limit : no limit
Deref Aliases : deref Always
attributes : 'cn', 'sn', 'uid', 'userPassword'
org.apache.directory.api.ldap.model.message.SearchRequestImpl@28149cc3
Virtual List View Request Control
oid : 2.16.840.1.113730.3.4.9
critical : true
beforeCount : '0'
afterCount : '99'
target :
offset : '1'
contentCount : '0'
SortRequestControlImpl [sortKeys=[SortKey : [uid]]]: java.io.IOException:
The system cannot find the path specified]; remaining name 'o=sevenseas']
at
org.apache.syncope.core.sync.impl.SyncJob.executeWithSecurityContext(SyncJob.java:184)
at
org.apache.syncope.core.sync.impl.SyncJob.executeWithSecurityContext(SyncJob.java:55)
at
org.apache.syncope.core.sync.impl.AbstractSyncJob.doExecute(AbstractSyncJob.java:382)
at
org.apache.syncope.core.quartz.AbstractTaskJob.execute(AbstractTaskJob.java:125)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at
org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
Thanks
Siyanat
--
View this message in context: http://syncope-user.1051894.n5.nabble.com/Issues-connecting-apache-syncope-with-apache-DS-tp5708095p5708097.html
Sent from the syncope-user mailing list archive at Nabble.com.
Re: Issues connecting apache syncope with apache DS.
Posted by Fabio Martelli <fa...@gmail.com>.
Il 22/07/2015 12:25, Siyanatullah Khan ha scritto:
>
>
> Hi All ,
>
> I am trying to connect the apache syncope with apache DS but my
> synchronizations have failed so far.
> I have posted a detailed query here
> Cannot Connect Syncope with Apache DS
> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>
> image
> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>
>
>
>
>
> Cannot Connect Syncope with Apache DS
> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>
> I am facing an error while trying to add an apache DS backend to
> apache syncope. Environment Apache DS v 2.00-M20 Apache syncope v
> 1.2.4 OS Windows 7 64 bit I ...
>
> View on stackoverflow.com
> <http://stackoverflow.com/questions/31560169/cannot-connect-syncope-with-apache-ds>
>
> Preview by Yahoo
>
>
> I will be extremely obliged if anyone can point me to the right
> direction.
>
> Thanks
> Siyanat
>
>
Hi Siyanat,
1. set ONE-PHASE propagation mode
2. specify JEXL expression for the accountLink into user mapping page
3. take [1] as reference guide
Best regards,
F.
[1] http://blog.tirasa.net/unlock-full-ldap-features-in
--
Fabio Martelli
Tirasa - Open Source Excellence
http://www.tirasa.net/
Apache Syncope PMC
http://people.apache.org/~fmartelli/