You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by sasha gesta <sa...@gmail.com> on 2017/05/15 12:29:47 UTC
Pull users from LDAP
I have about 400 hundred users which I would like to pull to syncope. After
pull task started, it works a bit and then suddenly stops with following
stack trace :
15:17:48.708 DEBUG Searching in [ou=Users,dc=example,dc=com] with filter
(&(objectClass=inetOrgPerson)(cn=*)) and S
earchControls: {returningAttributes=[cn, description, mail, sn,
userPassword], scope=SUBTREE} Method: doSearch
15:17:48.710 DEBUG OperationNotSupportedException caught:
ou=Users,dc=example,dc=com. Check the Cookie validity Method: doSearch
15:17:48.710 DEBUG Exception: Method: executeQuery
org.identityconnectors.framework.common.exceptions.ConnectorException:
Operation Not Supported. Bad cookie
at
net.tirasa.connid.bundles.ldap.search.PagedSearchStrategy.doSearch(PagedSearchStrategy.java:152)
~[net.tir
asa.connid.bundles.ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.search.LdapInternalSearch.execute(LdapInternalSearch.java:67)
~[net.tirasa.
connid.bundles.ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.search.LdapSearch.execute(LdapSearch.java:137)
~[net.tirasa.connid.bundles.
ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.LdapConnector.executeQuery(LdapConnector.java:136)
~[?:?]
at
net.tirasa.connid.bundles.ldap.LdapConnector.executeQuery(LdapConnector.java:57)
~[?:?]
at
org.identityconnectors.framework.impl.api.local.operations.SearchImpl.rawSearch(SearchImpl.java:171)
~[con
nector-framework-internal-1.4.2.0.jar:?]
at
org.identityconnectors.framework.impl.api.local.operations.SearchImpl.search(SearchImpl.java:130)
~[connec
tor-framework-internal-1.4.2.0.jar:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.8.0_131]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:1.8.0_131]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_131]
at
org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(Connect
orAPIOperationRunnerProxy.java:98)
~[connector-framework-internal-1.4.2.0.jar:?]
at com.sun.proxy.$Proxy280.search(Unknown Source) ~[?:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.8.0_131]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:1.8.0_131]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_131]
at
org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClas
sLoaderManagerProxy.java:96)
~[connector-framework-internal-1.4.2.0.jar:?]
at com.sun.proxy.$Proxy280.search(Unknown Source) ~[?:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.8.0_131]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:1.8.0_131]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_131]
at
org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsP
roxy.java:165)
~[connector-framework-internal-1.4.2.0.jar:?]
15:17:48.712 DEBUG Exception: Method: search
org.identityconnectors.framework.common.exceptions.ConnectorException:
Operation Not Supported. Bad cookie
at
net.tirasa.connid.bundles.ldap.search.PagedSearchStrategy.doSearch(PagedSearchStrategy.java:152)
~[net.tir
asa.connid.bundles.ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.search.LdapInternalSearch.execute(LdapInternalSearch.java:67)
~[net.tirasa.
connid.bundles.ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.search.LdapSearch.execute(LdapSearch.java:137)
~[net.tirasa.connid.bundles.
ldap-1.5.1.jar:?]
at
net.tirasa.connid.bundles.ldap.LdapConnector.executeQuery(LdapConnector.java:136)
~[?:?]
at
net.tirasa.connid.bundles.ldap.LdapConnector.executeQuery(LdapConnector.java:57)
~[?:?]
at
org.identityconnectors.framework.impl.api.local.operations.SearchImpl.rawSearch(SearchImpl.java:171)
~[con
nector-framework-internal-1.4.2.0.jar:?]
at
org.identityconnectors.framework.impl.api.local.operations.SearchImpl.search(SearchImpl.java:130)
~[connec
tor-framework-internal-1.4.2.0.jar:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.8.0_131]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:1.8.0_131]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_131]
at
org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(Connect
orAPIOperationRunnerProxy.java:98)
~[connector-framework-internal-1.4.2.0.jar:?]
at com.sun.proxy.$Proxy280.search(Unknown Source) ~[?:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.8.0_131]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:1.8.0_131]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_131]
at
org.identityconnectors.framework.impl.api.local.operations.ThreadClas
sLoaderManagerProxy.java:96) ~[connector-framework-internal-1.4.2.0.jar:?]
at com.sun.proxy.$Proxy280.search(Unknown Source) ~[?:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.8.0
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_131]
at
org.identityconnectors.framework.impl.api.BufferedResultsProxy$Buffer
roxy.java:165) ~[connector-framework-internal-1.4.2.0.jar:?]
It pulls succesfully about 100 users.
Any clues?
Thanks
Sasha
Re: Pull users from LDAP
Posted by Andrea Patricelli <an...@apache.org>.
Hi,
this morning I made a test with AD connector 1.3.2. I successfully
pulled 600+ users without experiencing any pagination cookie exception.
Best regards,
Andrea
Il 29/07/2017 01:00, justin.isenhour ha scritto:
> Francesco,
>
> I am using the the AD connector (net.tirasa.connid.bundles.ad) v1.3.2 to
> connect to Microsoft Active Directory. Below is the configuration.
>
> *Connector*
> [{"key":"6a9a654d-5b02-4089-9a65-4d5b028089d2","location":"file:/usr/share/tomcat/v8/SYNCOPEDEV/appconfigs/dev/bundles/","connectorName":"net.tirasa.connid.bundles.ad.ADConnector","bundleName":"net.tirasa.connid.bundles.ad","version":"1.3.2","displayName":"conn-ad-compass","connRequestTimeout":10,"poolConf":{"maxObjects":null,"minIdle":null,"maxIdle":null,"maxWait":null,"minEvictableIdleTimeMillis":null},"conf":[{"schema":{"name":"credentials","displayName":"Principal
> password","helpMessage":"Insert password for
> administrator","type":"org.identityconnectors.common.security.GuardedString","required":false,"order":6,"confidential":true,"defaultValues":[]},"overridable":false,"values":["_r4&Age3+s"]},{"schema":{"name":"ssl","displayName":"SSL","helpMessage":"User
> SSL to perform password
> provisioning","type":"boolean","required":false,"order":1,"confidential":false,"defaultValues":[true]},"overridable":false,"values":["false"]},{"schema":{"name":"groupSearchFilter","displayName":"Custom
> group search filter","helpMessage":"Custom group search
> filter","type":"java.lang.String","required":false,"order":11,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"pwdUpdateOnly","displayName":"Permit
> password update only","helpMessage":"Specify TRUE if you want to permit
> password update only: create/delete operation will be denied while other
> attributes update requests will be
> ignored.","type":"boolean","required":true,"order":17,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"retrieveDeletedUser","displayName":"Retrieve
> deleted users","helpMessage":"Specify TRUE to retrieve deleted users also.
> The default is
> \"true\".","type":"boolean","required":false,"order":2,"confidential":false,"defaultValues":[true]},"overridable":false,"values":[true]},{"schema":{"name":"port","displayName":"Server
> port","helpMessage":"Insert port. The default is
> 636.","type":"int","required":false,"order":2,"confidential":false,"defaultValues":[636]},"overridable":false,"values":["389"]},{"schema":{"name":"groupOwnerReferenceAttribute","displayName":"Group
> owner reference attribute","helpMessage":"Group attribute name referencing
> (by DN) the
> owner","type":"java.lang.String","required":false,"order":15,"confidential":false,"defaultValues":["managedBy"]},"overridable":false,"values":["managedBy"]},{"schema":{"name":"defaultGroupContainer","displayName":"Default
> group container","helpMessage":"Default group container to be used in case
> of entry DN is not
> provided","type":"java.lang.String","required":false,"order":8,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"defaultPeopleContainer","displayName":"Default
> people container","helpMessage":"Default people container to be used in case
> of entry DN is not
> provided","type":"java.lang.String","required":false,"order":7,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"userBaseContexts","displayName":"Base
> contexts for user entry searches","helpMessage":"DN of context to be used as
> starting point for user entry
> searches","type":"[Ljava.lang.String;","required":false,"order":13,"confidential":false,"defaultValues":[]},"overridable":false,"values":["ou=Accounts,dc=NA,dc=CompassGroup,dc=Corp"]},{"schema":{"name":"failover","displayName":"Failover","helpMessage":"Failover
> host:port","type":"[Ljava.lang.String;","required":false,"order":4,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"startSyncFromToday","displayName":"Null
> token is the latest","helpMessage":"Reset null token value to the latest
> (sync with null token will not return any result). The default is
> \"true\".","type":"boolean","required":false,"order":16,"confidential":false,"defaultValues":[true]},"overridable":false,"values":[true]},{"schema":{"name":"groupSearchScope","displayName":"Group
> search scope","helpMessage":"Choose object, onlevel or
> subtree","type":"java.lang.String","required":false,"order":10,"confidential":false,"defaultValues":["subtree"]},"overridable":false,"values":["subtree"]},{"schema":{"name":"objectClassesToSynchronize","displayName":"Object
> classes to synchronize","helpMessage":"Specify object classes to identify
> entry to
> synchronize","type":"[Ljava.lang.String;","required":false,"order":24,"confidential":false,"defaultValues":["user"]},"overridable":false,"values":["user"]},{"schema":{"name":"membershipsInOr","displayName":"Verify
> memberships in OR","helpMessage":"Specify TRUE if you want to verify
> memberships using OR logical operator. The default is
> \"false\".","type":"boolean","required":false,"order":5,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"groupBaseContexts","displayName":"Base
> contexts for group entry searches","helpMessage":"DN of context to be used
> as starting point for group entry
> searches","type":"[Ljava.lang.String;","required":false,"order":12,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"membershipConservativePolicy","displayName":"Conservative
> membership policy","helpMessage":"Conservative managing and assignment of
> groups to user. The groups already assigned will not be
> removed.","type":"boolean","required":false,"order":18,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"uidAttribute","displayName":"uidAttribute","helpMessage":"uidAttribute","type":"java.lang.String","required":false,"order":21,"confidential":false,"defaultValues":["sAMAccountName"]},"overridable":false,"values":["sAMAccountName"]},{"schema":{"name":"trustAllCerts","displayName":"Trust
> all certs","helpMessage":"Specify TRUE to trust all certs. The default is
> \"false\".","type":"boolean","required":false,"order":4,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"memberships","displayName":"Memberships","helpMessage":"Specify
> memberships","type":"[Ljava.lang.String;","required":false,"order":1,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"retrieveDeletedGroup","displayName":"Retrieve
> deleted groups","helpMessage":"Specify TRUE to retrieve deleted groups
> also","type":"boolean","required":false,"order":3,"confidential":false,"defaultValues":[true]},"overridable":false,"values":[true]},{"schema":{"name":"host","displayName":"Server
> hostname","helpMessage":"Insert
> hostname","type":"java.lang.String","required":true,"order":1,"confidential":false,"defaultValues":[]},"overridable":false,"values":["ldap.na.compassgroup.corp"]},{"schema":{"name":"groupMemberReferenceAttribute","displayName":"Group
> members reference attribute ","helpMessage":"Group attribute referencing (by
> DN) the users members of a
> group","type":"java.lang.String","required":false,"order":14,"confidential":false,"defaultValues":["member"]},"overridable":false,"values":["member"]},{"schema":{"name":"baseContextsToSynchronize","displayName":"Root
> suffixes","helpMessage":"Insert root
> suffixes","type":"[Ljava.lang.String;","required":true,"order":6,"confidential":false,"defaultValues":[]},"overridable":false,"values":["ou=Accounts,dc=NA,dc=CompassGroup,dc=Corp"]},{"schema":{"name":"accountSearchFilter","displayName":"Custom
> user search filter","helpMessage":"Custom user search
> filter","type":"java.lang.String","required":false,"order":11,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"userSearchScope","displayName":"User
> search scope","helpMessage":"Choose object, onlevel or
> subtree","type":"java.lang.String","required":false,"order":9,"confidential":false,"defaultValues":["subtree"]},"overridable":false,"values":["subtree"]},{"schema":{"name":"principal","displayName":"Principal","helpMessage":"Insert
> DN of a user with administration
> capabilities","type":"java.lang.String","required":false,"order":5,"confidential":false,"defaultValues":[]},"overridable":false,"values":["cams_auth_svc_acct@na.compassgroup.corp"]},{"schema":{"name":"accountObjectClasses","displayName":"Entry
> object classes","helpMessage":"Insert object classes to assign to managed
> entries","type":"[Ljava.lang.String;","required":false,"order":9,"confidential":false,"defaultValues":["top","person","organizationalPerson","inetOrgPerson"]},"overridable":false,"values":["top","person","organizationalPerson","user"]}],"capabilities":["AUTHENTICATE","CREATE","UPDATE","DELETE","SEARCH","SYNC"]},{"key":"b1da11c3-4542-49fa-9a11-c34542c9fa3a","location":"file:/usr/share/tomcat/v8/SYNCOPEDEV/appconfigs/dev/bundles/","connectorName":"net.tirasa.connid.bundles.ldap.LdapConnector","bundleName":"net.tirasa.connid.bundles.ldap","version":"1.5.1","displayName":"conn-dev-ads-foodbuy","connRequestTimeout":10,"poolConf":{"maxObjects":null,"minIdle":null,"maxIdle":null,"maxWait":null,"minEvictableIdleTimeMillis":null},"conf":[{"schema":{"name":"accountSearchFilter","displayName":"LDAP
> Filter for Retrieving Accounts","helpMessage":"An optional LDAP filter to
> control which accounts are returned from the LDAP resource. If no filter is
> specified, only accounts that include all specified object classes are
> returned.","type":"java.lang.String","required":false,"order":11,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"maintainLdapGroupMembership","displayName":"Maintain
> LDAP Group Membership","helpMessage":"When enabled and a user is renamed or
> deleted, update any LDAP groups to which the user belongs to reflect the new
> name. Otherwise, the LDAP resource must maintain referential integrity with
> respect to group membership. Default is
> \"false\".","type":"boolean","required":false,"order":15,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"passwordDecryptionKey","displayName":"Password
> Decryption Key","helpMessage":"The key to decrypt passwords with when
> performing password
> synchronization.","type":"org.identityconnectors.common.security.GuardedByteArray","required":false,"order":34,"confidential":true,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"groupMemberAttribute","displayName":"Group
> Member Attribute","helpMessage":"The name of the group attribute that will
> be updated with the distinguished name of the user when the user is added to
> the group. Default is
> \"uniqueMember\".","type":"java.lang.String","required":false,"order":14,"confidential":false,"defaultValues":["uniqueMember"]},"overridable":false,"values":["uniqueMember"]},{"schema":{"name":"accountUserNameAttributes","displayName":"Account
> User Name Attributes","helpMessage":"Attribute or attributes which holds the
> account's user name. They will be used when authenticating to find the LDAP
> entry for the user name to
> authenticate.","type":"[Ljava.lang.String;","required":false,"order":10,"confidential":false,"defaultValues":["uid","cn"]},"overridable":false,"values":["uid"]},{"schema":{"name":"modifiersNamesToFilterOut","displayName":"Filter
> Out Changes By","helpMessage":"The names (DNs) of directory administrators
> to filter from the changes. Changes with the attribute \"modifiersName\"
> that match entries in this list will be filtered out. The standard value is
> the administrator name used by this adapter, to prevent loops. Entries
> should be of the format \"cn=Directory
> Manager\".","type":"[Ljava.lang.String;","required":false,"order":26,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"removeLogEntryObjectClassFromFilter","displayName":"Remove
> Log Entry Object Class from Filter","helpMessage":"If this property is set
> (the default), the filter used to fetch change log entries does not contain
> the \"changeLogEntry\" object class, expecting that there are no entries of
> other object types in the change log. Default is
> \"true\".","type":"boolean","required":false,"order":31,"confidential":false,"defaultValues":[true]},"overridable":false,"values":[true]},{"schema":{"name":"passwordAttributeToSynchronize","displayName":"Password
> Attribute to Synchronize","helpMessage":"The name of the password attribute
> to synchronize when performing password
> synchronization.","type":"java.lang.String","required":false,"order":33,"confidential":false,"defaultValues":[]},"overridable":false,"values":["userPassword"]},{"schema":{"name":"groupNameAttributes","displayName":"Group
> Name Attributes","helpMessage":"Attribute or attributes which holds the
> group's name. Default is
> \"cn\".","type":"[Ljava.lang.String;","required":false,"order":13,"confidential":false,"defaultValues":["cn"]},"overridable":false,"values":["o"]},{"schema":{"name":"attributesToSynchronize","displayName":"Attributes
> to Synchronize","helpMessage":"The names of the attributes to synchronize.
> This ignores updates from the change log if they do not update any of the
> named attributes. For example, if only \"department\" is listed, then only
> changes that affect \"department\" will be processed. All other updates are
> ignored. If blank (the default), then all changes are
> processed.","type":"[Ljava.lang.String;","required":false,"order":25,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"changeLogBlockSize","displayName":"Change
> Log Block Size","helpMessage":"The number of change log entries to fetch per
> query. Default is
> \"100\".","type":"int","required":false,"order":28,"confidential":false,"defaultValues":[100]},"overridable":false,"values":["100"]},{"schema":{"name":"groupSearchFilter","displayName":"LDAP
> Filter for Retrieving Groups","helpMessage":"An optional LDAP filter to
> control which groups are returned from the LDAP resource. If no filter is
> specified, only groups that include all specified object classes are
> returned.","type":"java.lang.String","required":false,"order":39,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"readTimeout","displayName":"Read
> Timeout (Milliseconds)","helpMessage":"Time to wait for a response to be
> received. If there is no response within the specified time period, the read
> attempt will be aborted. Value 0 or less than 0 means there is no
> limit.","type":"long","required":false,"order":40,"confidential":false,"defaultValues":[0]},"overridable":false,"values":["3000"]},{"schema":{"name":"principal","displayName":"Principal","helpMessage":"The
> distinguished name with which to authenticate to the LDAP
> server.","type":"java.lang.String","required":false,"order":5,"confidential":false,"defaultValues":[]},"overridable":false,"values":["uid=admin,ou=system"]},{"schema":{"name":"ssl","displayName":"SSL","helpMessage":"Select
> the check box to connect to the LDAP server using SSL. The default is
> \"false\".","type":"boolean","required":false,"order":3,"confidential":false,"defaultValues":[false]},"overridable":false,"values":["false"]},{"schema":{"name":"changeNumberAttribute","displayName":"Change
> Number Attribute","helpMessage":"The name of the change number attribute in
> the change log entry. Default is
> \"changeNumber\".","type":"java.lang.String","required":false,"order":29,"confidential":false,"defaultValues":["changeNumber"]},"overridable":false,"values":["changeNumber"]},{"schema":{"name":"failover","displayName":"Failover
> Servers","helpMessage":"List all servers that should be used for failover in
> case the preferred server fails. If the preferred server fails, JNDI will
> connect to the next available server in the list. List all servers in the
> form of \"ldap://ldap.example.com:389/\", which follows the standard LDAP v3
> URLs described in RFC 2255. Only the host and port parts of the URL are
> relevant in this
> setting.","type":"[Ljava.lang.String;","required":false,"order":4,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"uidAttribute","displayName":"Uid
> Attribute","helpMessage":"The name of the LDAP attribute which is mapped to
> the Uid attribute. Default is
> \"entryUUID\".","type":"java.lang.String","required":false,"order":21,"confidential":false,"defaultValues":["entryUUID"]},"overridable":false,"values":["uid"]},{"schema":{"name":"host","displayName":"Host","helpMessage":"The
> name or IP address of the host where the LDAP server is
> running.","type":"java.lang.String","required":true,"order":1,"confidential":false,"defaultValues":[]},"overridable":false,"values":["cgldads9018"]},{"schema":{"name":"accountObjectClasses","displayName":"Account
> Object Classes","helpMessage":"The object class or classes that will be used
> when creating new user objects in the LDAP tree. When entering more than one
> object class, each entry should be on its own line; do not use commas or
> semi-colons to separate multiple object classes. Some object classes may
> require that you specify all object classes in the class
> hierarchy.","type":"[Ljava.lang.String;","required":false,"order":9,"confidential":false,"defaultValues":["top","person","organizationalPerson","inetOrgPerson"]},"overridable":false,"values":["top","person","organizationalPerson","inetOrgPerson","stgBasicAccount","foodbuyMemberAccount"]},{"schema":{"name":"filterWithOrInsteadOfAnd","displayName":"Filter
> with Or Instead of And","helpMessage":"Normally the the filter used to fetch
> change log entries is an and-based filter retrieving an interval of change
> entries. If this property is set, the filter will or together the required
> change numbers instead. Default is
> \"false\".","type":"boolean","required":false,"order":30,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"accountSynchronizationFilter","displayName":"LDAP
> Filter for Accounts to Synchronize","helpMessage":"An optional LDAP filter
> for the objects to synchronize. Because the change log is for all objects,
> this filter updates only objects that match the specified filter. If you
> specify a filter, an object will be synchronized only if it matches the
> filter and includes a synchronized object
> class.","type":"java.lang.String","required":false,"order":27,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"retrievePasswordsWithSearch","displayName":"Retrieve
> passwords with search","helpMessage":"Whether to retrieve user passwords
> when searching. The default is
> \"false\".","type":"boolean","required":false,"order":37,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"connectTimeout","displayName":"Connection
> Timeout (Milliseconds)","helpMessage":"Time to wait when opening new server
> connections. Value of 0 means the TCP network timeout will be used, which
> may be several minutes. Value less than 0 means there is no
> limit.","type":"long","required":false,"order":41,"confidential":false,"defaultValues":[0]},"overridable":false,"values":["3000"]},{"schema":{"name":"passwordHashAlgorithm","displayName":"Password
> Hash Algorithm","helpMessage":"Indicates the algorithm that the Identity
> system should use to hash the password. Currently supported values are SSHA,
> SHA, SMD5, and MD5. A blank value indicates that the system will not hash
> passwords. This will cause cleartext passwords to be stored in LDAP unless
> the LDAP server performs the hash (Netscape Directory Server and iPlanet
> Directory Server
> do).","type":"java.lang.String","required":false,"order":17,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"useVlvControls","displayName":"Use
> VLV Controls","helpMessage":"Wheter to enforce usage of VLV controls over
> standard LDAP controls. Default is
> \"false\".","type":"boolean","required":false,"order":19,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"passwordDecryptionInitializationVector","displayName":"Password
> Decryption Initialization Vector","helpMessage":"The initialization vector
> to decrypt passwords with when performing password
> synchronization.","type":"org.identityconnectors.common.security.GuardedByteArray","required":false,"order":35,"confidential":true,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"groupObjectClasses","displayName":"Group
> Object Classes","helpMessage":"The group class or classes that will be used
> when creating new group objects in the LDAP tree. When entering more than
> one object class, each entry should be on its own line; do not use commas or
> semi-colons to separate multiple group classes. Some group classes may
> require that you specify all group classes in the class
> hierarchy.","type":"[Ljava.lang.String;","required":false,"order":12,"confidential":false,"defaultValues":["top","groupOfUniqueNames"]},"overridable":false,"values":["top","groupOfUniqueNames"]},{"schema":{"name":"baseContextsToSynchronize","displayName":"Base
> Contexts to Synchronize","helpMessage":"One or more starting points in the
> LDAP tree that will be used to determine if a change should be synchronized.
> The base contexts attribute will be used to synchronize a change if this
> property is not
> set.","type":"[Ljava.lang.String;","required":false,"order":23,"confidential":false,"defaultValues":[]},"overridable":true,"values":["ou=CommitedMembers,ou=people,dc=foodbuy,dc=com"]},{"schema":{"name":"objectClassesToSynchronize","displayName":"Object
> Classes to Synchronize","helpMessage":"The object classes to synchronize.
> The change log is for all objects; this filters updates to just the listed
> object classes. You should not list the superclasses of an object class
> unless you intend to synchronize objects with any of the superclass values.
> For example, if only \"inetOrgPerson\" objects should be synchronized, but
> the superclasses of \"inetOrgPerson\" (\"person\", \"organizationalperson\"
> and \"top\") should be filtered out, then list only \"inetOrgPerson\" here.
> All objects in LDAP are subclassed from \"top\". For this reason, you should
> never list \"top\", otherwise no object would be filtered. Default is
> \"inetOrgPerson\".","type":"[Ljava.lang.String;","required":false,"order":24,"confidential":false,"defaultValues":["inetOrgPerson"]},"overridable":false,"values":["inetOrgPerson"]},{"schema":{"name":"synchronizePasswords","displayName":"Enable
> Password Synchronization","helpMessage":"If true, the connector will
> synchronize passwords. The Password Capture Plugin needs to be installed for
> password synchronization to work. Default is
> \"false\".","type":"boolean","required":false,"order":32,"confidential":false,"defaultValues":[false]},"overridable":false,"values":["false"]},{"schema":{"name":"baseContexts","displayName":"Base
> Contexts","helpMessage":"One or more starting points in the LDAP tree that
> will be used when searching the tree. Searches are performed when
> discovering users from the LDAP server or when looking for the groups of
> which a user is a
> member.","type":"[Ljava.lang.String;","required":true,"order":7,"confidential":false,"defaultValues":[]},"overridable":true,"values":["ou=CommitedMembers,ou=people,dc=foodbuy,dc=com"]},{"schema":{"name":"maintainPosixGroupMembership","displayName":"Maintain
> POSIX Group Membership","helpMessage":"When enabled and a user is renamed or
> deleted, update any POSIX groups to which the user belongs to reflect the
> new name. Otherwise, the LDAP resource must maintain referential integrity
> with respect to group membership. Default is
> \"false\".","type":"boolean","required":false,"order":16,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"credentials","displayName":"Password","helpMessage":"Password
> for the
> principal.","type":"org.identityconnectors.common.security.GuardedString","required":false,"order":6,"confidential":true,"defaultValues":[]},"overridable":false,"values":["secret"]},{"schema":{"name":"statusManagementClass","displayName":"Status
> management class ","helpMessage":"Class to be used to manage
> enabled/disabled status. If no class is specified then identity status
> management wont be
> possible.","type":"java.lang.String","required":false,"order":36,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"readSchema","displayName":"Read
> Schema","helpMessage":"If true, the connector will read the schema from the
> server. If false, the connector will provide a default schema based on the
> object classes in the configuration. This property must be true in order to
> use extended object classes. Default is
> \"true\".","type":"boolean","required":false,"order":22,"confidential":false,"defaultValues":[true]},"overridable":false,"values":[true]},{"schema":{"name":"passwordAttribute","displayName":"Password
> Attribute","helpMessage":"The name of the LDAP attribute which holds the
> password. When changing an user's password, the new password is set to this
> attribute. Default is
> \"userPassword\".","type":"java.lang.String","required":false,"order":8,"confidential":false,"defaultValues":["userPassword"]},"overridable":false,"values":["userPassword"]},{"schema":{"name":"respectResourcePasswordPolicyChangeAfterReset","displayName":"Respect
> Resource Password Policy Change-After-Reset","helpMessage":"When this
> resource is specified in a Login Module (i.e., this resource is a
> pass-through authentication target) and the resource's password policy is
> configured for change-after-reset, a user whose resource account password
> has been administratively reset will be required to change that password
> after successfully authenticating. Default is
> \"false\".","type":"boolean","required":false,"order":18,"confidential":false,"defaultValues":[false]},"overridable":false,"values":["false"]},{"schema":{"name":"dnAttribute","displayName":"Entry
> DN attribute name","helpMessage":"Entry DN attribute name (default:
> entryDN)","type":"java.lang.String","required":false,"order":38,"confidential":false,"defaultValues":["entryDN"]},"overridable":false,"values":["entryDN"]},{"schema":{"name":"port","displayName":"TCP
> Port","helpMessage":"TCP/IP port number used to communicate with the LDAP
> server. The default is
> 389.","type":"int","required":false,"order":2,"confidential":false,"defaultValues":[389]},"overridable":false,"values":["10389"]},{"schema":{"name":"vlvSortAttribute","displayName":"VLV
> Sort Attribute","helpMessage":"Specify the sort attribute to use for VLV
> indexes on the resource. Default is
> \"uid\".","type":"java.lang.String","required":false,"order":20,"confidential":false,"defaultValues":["uid"]},"overridable":false,"values":["uid"]}],"capabilities":["AUTHENTICATE","CREATE","UPDATE","DELETE","SEARCH","SYNC"]},{"key":"db9d3e6f-31d7-4064-9d3e-6f31d7b06420","location":"file:/usr/share/tomcat/v8/SYNCOPEDEV/appconfigs/dev/bundles/","connectorName":"net.tirasa.connid.bundles.rest.RESTConnector","bundleName":"net.tirasa.connid.bundles.rest","version":"1.0.1","displayName":"Conn-REST-Test-ADAMS-API","connRequestTimeout":10,"poolConf":{"maxObjects":null,"minIdle":null,"maxIdle":null,"maxWait":null,"minEvictableIdleTimeMillis":null},"conf":[{"schema":{"name":"authenticateScript","displayName":"authenticateScript","helpMessage":"authenticateScript","type":"java.lang.String","required":false,"order":6,"confidential":false,"defaultValues":[""]},"overridable":false,"values":[]},{"schema":{"name":"contentType","displayName":"contentType","helpMessage":"contentType","type":"java.lang.String","required":true,"order":-1,"confidential":false,"defaultValues":["application/json"]},"overridable":false,"values":["application/json"]},{"schema":{"name":"resolveUsernameScriptFileName","displayName":"resolveUsernameScriptFileName","helpMessage":"resolveUsernameScriptFileName","type":"java.lang.String","required":false,"order":15,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"password","displayName":"password","helpMessage":"password","type":"org.identityconnectors.common.security.GuardedString","required":false,"order":1,"confidential":true,"defaultValues":[]},"overridable":false,"values":["e$$adm1n"]},{"schema":{"name":"schemaScriptFileName","displayName":"schemaScriptFileName","helpMessage":"schemaScriptFileName","type":"java.lang.String","required":false,"order":17,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"updateScript","displayName":"updateScript","helpMessage":"updateScript","type":"java.lang.String","required":false,"order":4,"confidential":false,"defaultValues":[""]},"overridable":false,"values":[]},{"schema":{"name":"searchScript","displayName":"searchScript","helpMessage":"searchScript","type":"java.lang.String","required":false,"order":6,"confidential":false,"defaultValues":[""]},"overridable":false,"values":[]},{"schema":{"name":"clearTextPasswordToScript","displayName":"clearTextPasswordToScript","helpMessage":"clearTextPasswordToScript","type":"boolean","required":false,"order":1,"confidential":false,"defaultValues":[true]},"overridable":false,"values":[true]},{"schema":{"name":"authenticateScriptFileName","displayName":"authenticateScriptFileName","helpMessage":"authenticateScriptFileName","type":"java.lang.String","required":false,"order":14,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"syncScript","displayName":"syncScript","helpMessage":"syncScript","type":"java.lang.String","required":false,"order":7,"confidential":false,"defaultValues":[""]},"overridable":false,"values":[]},{"schema":{"name":"searchScriptFileName","displayName":"searchScriptFileName","helpMessage":"searchScriptFileName","type":"java.lang.String","required":false,"order":13,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"accept","displayName":"accept","helpMessage":"accept","type":"java.lang.String","required":true,"order":-2,"confidential":false,"defaultValues":["application/json"]},"overridable":false,"values":["application/vnd.adams-v1.0+json"]},{"schema":{"name":"resolveUsernameScript","displayName":"resolveUsernameScript","helpMessage":"resolveUsernameScript","type":"java.lang.String","required":false,"order":6,"confidential":false,"defaultValues":[""]},"overridable":false,"values":[]},{"schema":{"name":"syncScriptFileName","displayName":"syncScriptFileName","helpMessage":"syncScriptFileName","type":"java.lang.String","required":false,"order":16,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"baseAddress","displayName":"baseAddress","helpMessage":"baseAddress","type":"java.lang.String","required":true,"order":-3,"confidential":false,"defaultValues":[]},"overridable":false,"values":["https://adamsdev.compassmanager.com/api/users?api_key=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJKVXNlciJ9.E59wqvVNv_L6v6AveQzqD6j4m5DKg86z4cqIMbgHmJ8vd6OYcJ0S4S7A0AzU5gGsLsO7sAFzM9DBZc0jOSd19w"]},{"schema":{"name":"deleteScriptFileName","displayName":"deleteScriptFileName","helpMessage":"deleteScriptFileName","type":"java.lang.String","required":false,"order":12,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"updateScriptFileName","displayName":"updateScriptFileName","helpMessage":"updateScriptFileName","type":"java.lang.String","required":false,"order":11,"confidential":false,"defaultValues":[]},"overridable":false,"values":["/usr/share/tomcat/v8/SYNCOPEDEV/webapps/syncope/WEB-INF/classes/rest/UpdateScript.groovy"]},{"schema":{"name":"deleteScript","displayName":"deleteScript","helpMessage":"deleteScript","type":"java.lang.String","required":false,"order":5,"confidential":false,"defaultValues":[""]},"overridable":false,"values":[]},{"schema":{"name":"schemaScript","displayName":"schemaScript","helpMessage":"schemaScript","type":"java.lang.String","required":false,"order":8,"confidential":false,"defaultValues":[""]},"overridable":false,"values":[]},{"schema":{"name":"username","displayName":"username","helpMessage":"username","type":"java.lang.String","required":false,"order":0,"confidential":false,"defaultValues":[]},"overridable":false,"values":["essadmin"]},{"schema":{"name":"createScriptFileName","displayName":"createScriptFileName","helpMessage":"createScriptFileName","type":"java.lang.String","required":false,"order":10,"confidential":false,"defaultValues":[]},"overridable":false,"values":["/usr/share/tomcat/v8/SYNCOPEDEV/webapps/syncope/WEB-INF/classes/rest/CreateScript.groovy"]},{"schema":{"name":"createScript","displayName":"createScript","helpMessage":"createScript","type":"java.lang.String","required":false,"order":3,"confidential":false,"defaultValues":[""]},"overridable":false,"values":[]},{"schema":{"name":"scriptingLanguage","displayName":"scriptingLanguage","helpMessage":"scriptingLanguage","type":"java.lang.String","required":false,"order":0,"confidential":false,"defaultValues":["GROOVY"]},"overridable":false,"values":["GROOVY"]},{"schema":{"name":"testScript","displayName":"testScript","helpMessage":"testScript","type":"java.lang.String","required":false,"order":9,"confidential":false,"defaultValues":[""]},"overridable":false,"values":[]},{"schema":{"name":"reloadScriptOnExecution","displayName":"reloadScriptOnExecution","helpMessage":"reloadScriptOnExecution","type":"boolean","required":false,"order":2,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"testScriptFileName","displayName":"testScriptFileName","helpMessage":"testScriptFileName","type":"java.lang.String","required":false,"order":18,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]}],"capabilities":["CREATE","UPDATE"]}]
>
>
> *Resource*
>
> [{"key":"res-ad-compass","connector":"6a9a654d-5b02-4089-9a65-4d5b028089d2","connectorDisplayName":"conn-ad-compass","orgUnit":null,"propagationPriority":0,"randomPwdIfNotProvided":false,"enforceMandatoryCondition":false,"createTraceLevel":"ALL","updateTraceLevel":"ALL","deleteTraceLevel":"ALL","provisioningTraceLevel":"ALL","passwordPolicy":null,"accountPolicy":null,"pullPolicy":null,"overrideCapabilities":false,"provisions":[{"key":"a8bfadab-365c-440d-bfad-ab365cf40d56","anyType":"USER","objectClass":"__ACCOUNT__","syncToken":null,"mapping":{"connObjectLink":null,"connObjectKeyItem":{"key":"fd13fe22-5907-46ef-93fe-22590776ef05","intAttrName":"username","extAttrName":"sAMAccountName","connObjectKey":true,"password":false,"mandatoryCondition":"true","purpose":"PULL","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"mappingItemTransformerClassNames":[]},"items":[{"key":"0df2b642-9436-4bbe-b2b6-4294362bbee7","intAttrName":"lastName","extAttrName":"sn","connObjectKey":false,"password":false,"mandatoryCondition":"true","purpose":"PULL","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"mappingItemTransformerClassNames":[]},{"key":"1bdd4d58-a44a-402e-9d4d-58a44a802ecd","intAttrName":"jobTitle","extAttrName":"title","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"PULL","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"mappingItemTransformerClassNames":[]},{"key":"51f9dfcd-de73-410d-b9df-cdde73210da5","intAttrName":"phoneNumber","extAttrName":"telephoneNumber","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"PULL","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"mappingItemTransformerClassNames":[]},{"key":"d6f58e9d-9517-4f7b-b58e-9d9517ff7b92","intAttrName":"email","extAttrName":"mail","connObjectKey":false,"password":false,"mandatoryCondition":"true","purpose":"PULL","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"mappingItemTransformerClassNames":[]},{"key":"fcdf0e39-37e8-4123-9f0e-3937e8b12369","intAttrName":"firstName","extAttrName":"givenName","connObjectKey":false,"password":false,"mandatoryCondition":"true","purpose":"PULL","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"mappingItemTransformerClassNames":[]},{"key":"fd13fe22-5907-46ef-93fe-22590776ef05","intAttrName":"username","extAttrName":"sAMAccountName","connObjectKey":true,"password":false,"mandatoryCondition":"true","purpose":"PULL","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"mappingItemTransformerClassNames":[]}],"linkingItems":[]},"auxClasses":["CompassUser"],"virSchemas":[]}],"confOverride":[],"capabilitiesOverride":["AUTHENTICATE","CREATE","UPDATE","DELETE","SEARCH","SYNC"],"propagationActionsClassNames":[]}]
>
> --
> View this message in context: http://syncope-user.1051894.n5.nabble.com/Pull-users-from-LDAP-tp5709232p5709346.html
> Sent from the syncope-user mailing list archive at Nabble.com.
>
--
Dott. Andrea Patricelli
Tel. +39 3204524292
Developer @ Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
Re: Pull users from LDAP
Posted by "justin.isenhour" <ju...@compass-usa.com>.
Francesco,
I am using the the AD connector (net.tirasa.connid.bundles.ad) v1.3.2 to
connect to Microsoft Active Directory. Below is the configuration.
*Connector*
[{"key":"6a9a654d-5b02-4089-9a65-4d5b028089d2","location":"file:/usr/share/tomcat/v8/SYNCOPEDEV/appconfigs/dev/bundles/","connectorName":"net.tirasa.connid.bundles.ad.ADConnector","bundleName":"net.tirasa.connid.bundles.ad","version":"1.3.2","displayName":"conn-ad-compass","connRequestTimeout":10,"poolConf":{"maxObjects":null,"minIdle":null,"maxIdle":null,"maxWait":null,"minEvictableIdleTimeMillis":null},"conf":[{"schema":{"name":"credentials","displayName":"Principal
password","helpMessage":"Insert password for
administrator","type":"org.identityconnectors.common.security.GuardedString","required":false,"order":6,"confidential":true,"defaultValues":[]},"overridable":false,"values":["_r4&Age3+s"]},{"schema":{"name":"ssl","displayName":"SSL","helpMessage":"User
SSL to perform password
provisioning","type":"boolean","required":false,"order":1,"confidential":false,"defaultValues":[true]},"overridable":false,"values":["false"]},{"schema":{"name":"groupSearchFilter","displayName":"Custom
group search filter","helpMessage":"Custom group search
filter","type":"java.lang.String","required":false,"order":11,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"pwdUpdateOnly","displayName":"Permit
password update only","helpMessage":"Specify TRUE if you want to permit
password update only: create/delete operation will be denied while other
attributes update requests will be
ignored.","type":"boolean","required":true,"order":17,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"retrieveDeletedUser","displayName":"Retrieve
deleted users","helpMessage":"Specify TRUE to retrieve deleted users also.
The default is
\"true\".","type":"boolean","required":false,"order":2,"confidential":false,"defaultValues":[true]},"overridable":false,"values":[true]},{"schema":{"name":"port","displayName":"Server
port","helpMessage":"Insert port. The default is
636.","type":"int","required":false,"order":2,"confidential":false,"defaultValues":[636]},"overridable":false,"values":["389"]},{"schema":{"name":"groupOwnerReferenceAttribute","displayName":"Group
owner reference attribute","helpMessage":"Group attribute name referencing
(by DN) the
owner","type":"java.lang.String","required":false,"order":15,"confidential":false,"defaultValues":["managedBy"]},"overridable":false,"values":["managedBy"]},{"schema":{"name":"defaultGroupContainer","displayName":"Default
group container","helpMessage":"Default group container to be used in case
of entry DN is not
provided","type":"java.lang.String","required":false,"order":8,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"defaultPeopleContainer","displayName":"Default
people container","helpMessage":"Default people container to be used in case
of entry DN is not
provided","type":"java.lang.String","required":false,"order":7,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"userBaseContexts","displayName":"Base
contexts for user entry searches","helpMessage":"DN of context to be used as
starting point for user entry
searches","type":"[Ljava.lang.String;","required":false,"order":13,"confidential":false,"defaultValues":[]},"overridable":false,"values":["ou=Accounts,dc=NA,dc=CompassGroup,dc=Corp"]},{"schema":{"name":"failover","displayName":"Failover","helpMessage":"Failover
host:port","type":"[Ljava.lang.String;","required":false,"order":4,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"startSyncFromToday","displayName":"Null
token is the latest","helpMessage":"Reset null token value to the latest
(sync with null token will not return any result). The default is
\"true\".","type":"boolean","required":false,"order":16,"confidential":false,"defaultValues":[true]},"overridable":false,"values":[true]},{"schema":{"name":"groupSearchScope","displayName":"Group
search scope","helpMessage":"Choose object, onlevel or
subtree","type":"java.lang.String","required":false,"order":10,"confidential":false,"defaultValues":["subtree"]},"overridable":false,"values":["subtree"]},{"schema":{"name":"objectClassesToSynchronize","displayName":"Object
classes to synchronize","helpMessage":"Specify object classes to identify
entry to
synchronize","type":"[Ljava.lang.String;","required":false,"order":24,"confidential":false,"defaultValues":["user"]},"overridable":false,"values":["user"]},{"schema":{"name":"membershipsInOr","displayName":"Verify
memberships in OR","helpMessage":"Specify TRUE if you want to verify
memberships using OR logical operator. The default is
\"false\".","type":"boolean","required":false,"order":5,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"groupBaseContexts","displayName":"Base
contexts for group entry searches","helpMessage":"DN of context to be used
as starting point for group entry
searches","type":"[Ljava.lang.String;","required":false,"order":12,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"membershipConservativePolicy","displayName":"Conservative
membership policy","helpMessage":"Conservative managing and assignment of
groups to user. The groups already assigned will not be
removed.","type":"boolean","required":false,"order":18,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"uidAttribute","displayName":"uidAttribute","helpMessage":"uidAttribute","type":"java.lang.String","required":false,"order":21,"confidential":false,"defaultValues":["sAMAccountName"]},"overridable":false,"values":["sAMAccountName"]},{"schema":{"name":"trustAllCerts","displayName":"Trust
all certs","helpMessage":"Specify TRUE to trust all certs. The default is
\"false\".","type":"boolean","required":false,"order":4,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"memberships","displayName":"Memberships","helpMessage":"Specify
memberships","type":"[Ljava.lang.String;","required":false,"order":1,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"retrieveDeletedGroup","displayName":"Retrieve
deleted groups","helpMessage":"Specify TRUE to retrieve deleted groups
also","type":"boolean","required":false,"order":3,"confidential":false,"defaultValues":[true]},"overridable":false,"values":[true]},{"schema":{"name":"host","displayName":"Server
hostname","helpMessage":"Insert
hostname","type":"java.lang.String","required":true,"order":1,"confidential":false,"defaultValues":[]},"overridable":false,"values":["ldap.na.compassgroup.corp"]},{"schema":{"name":"groupMemberReferenceAttribute","displayName":"Group
members reference attribute ","helpMessage":"Group attribute referencing (by
DN) the users members of a
group","type":"java.lang.String","required":false,"order":14,"confidential":false,"defaultValues":["member"]},"overridable":false,"values":["member"]},{"schema":{"name":"baseContextsToSynchronize","displayName":"Root
suffixes","helpMessage":"Insert root
suffixes","type":"[Ljava.lang.String;","required":true,"order":6,"confidential":false,"defaultValues":[]},"overridable":false,"values":["ou=Accounts,dc=NA,dc=CompassGroup,dc=Corp"]},{"schema":{"name":"accountSearchFilter","displayName":"Custom
user search filter","helpMessage":"Custom user search
filter","type":"java.lang.String","required":false,"order":11,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"userSearchScope","displayName":"User
search scope","helpMessage":"Choose object, onlevel or
subtree","type":"java.lang.String","required":false,"order":9,"confidential":false,"defaultValues":["subtree"]},"overridable":false,"values":["subtree"]},{"schema":{"name":"principal","displayName":"Principal","helpMessage":"Insert
DN of a user with administration
capabilities","type":"java.lang.String","required":false,"order":5,"confidential":false,"defaultValues":[]},"overridable":false,"values":["cams_auth_svc_acct@na.compassgroup.corp"]},{"schema":{"name":"accountObjectClasses","displayName":"Entry
object classes","helpMessage":"Insert object classes to assign to managed
entries","type":"[Ljava.lang.String;","required":false,"order":9,"confidential":false,"defaultValues":["top","person","organizationalPerson","inetOrgPerson"]},"overridable":false,"values":["top","person","organizationalPerson","user"]}],"capabilities":["AUTHENTICATE","CREATE","UPDATE","DELETE","SEARCH","SYNC"]},{"key":"b1da11c3-4542-49fa-9a11-c34542c9fa3a","location":"file:/usr/share/tomcat/v8/SYNCOPEDEV/appconfigs/dev/bundles/","connectorName":"net.tirasa.connid.bundles.ldap.LdapConnector","bundleName":"net.tirasa.connid.bundles.ldap","version":"1.5.1","displayName":"conn-dev-ads-foodbuy","connRequestTimeout":10,"poolConf":{"maxObjects":null,"minIdle":null,"maxIdle":null,"maxWait":null,"minEvictableIdleTimeMillis":null},"conf":[{"schema":{"name":"accountSearchFilter","displayName":"LDAP
Filter for Retrieving Accounts","helpMessage":"An optional LDAP filter to
control which accounts are returned from the LDAP resource. If no filter is
specified, only accounts that include all specified object classes are
returned.","type":"java.lang.String","required":false,"order":11,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"maintainLdapGroupMembership","displayName":"Maintain
LDAP Group Membership","helpMessage":"When enabled and a user is renamed or
deleted, update any LDAP groups to which the user belongs to reflect the new
name. Otherwise, the LDAP resource must maintain referential integrity with
respect to group membership. Default is
\"false\".","type":"boolean","required":false,"order":15,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"passwordDecryptionKey","displayName":"Password
Decryption Key","helpMessage":"The key to decrypt passwords with when
performing password
synchronization.","type":"org.identityconnectors.common.security.GuardedByteArray","required":false,"order":34,"confidential":true,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"groupMemberAttribute","displayName":"Group
Member Attribute","helpMessage":"The name of the group attribute that will
be updated with the distinguished name of the user when the user is added to
the group. Default is
\"uniqueMember\".","type":"java.lang.String","required":false,"order":14,"confidential":false,"defaultValues":["uniqueMember"]},"overridable":false,"values":["uniqueMember"]},{"schema":{"name":"accountUserNameAttributes","displayName":"Account
User Name Attributes","helpMessage":"Attribute or attributes which holds the
account's user name. They will be used when authenticating to find the LDAP
entry for the user name to
authenticate.","type":"[Ljava.lang.String;","required":false,"order":10,"confidential":false,"defaultValues":["uid","cn"]},"overridable":false,"values":["uid"]},{"schema":{"name":"modifiersNamesToFilterOut","displayName":"Filter
Out Changes By","helpMessage":"The names (DNs) of directory administrators
to filter from the changes. Changes with the attribute \"modifiersName\"
that match entries in this list will be filtered out. The standard value is
the administrator name used by this adapter, to prevent loops. Entries
should be of the format \"cn=Directory
Manager\".","type":"[Ljava.lang.String;","required":false,"order":26,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"removeLogEntryObjectClassFromFilter","displayName":"Remove
Log Entry Object Class from Filter","helpMessage":"If this property is set
(the default), the filter used to fetch change log entries does not contain
the \"changeLogEntry\" object class, expecting that there are no entries of
other object types in the change log. Default is
\"true\".","type":"boolean","required":false,"order":31,"confidential":false,"defaultValues":[true]},"overridable":false,"values":[true]},{"schema":{"name":"passwordAttributeToSynchronize","displayName":"Password
Attribute to Synchronize","helpMessage":"The name of the password attribute
to synchronize when performing password
synchronization.","type":"java.lang.String","required":false,"order":33,"confidential":false,"defaultValues":[]},"overridable":false,"values":["userPassword"]},{"schema":{"name":"groupNameAttributes","displayName":"Group
Name Attributes","helpMessage":"Attribute or attributes which holds the
group's name. Default is
\"cn\".","type":"[Ljava.lang.String;","required":false,"order":13,"confidential":false,"defaultValues":["cn"]},"overridable":false,"values":["o"]},{"schema":{"name":"attributesToSynchronize","displayName":"Attributes
to Synchronize","helpMessage":"The names of the attributes to synchronize.
This ignores updates from the change log if they do not update any of the
named attributes. For example, if only \"department\" is listed, then only
changes that affect \"department\" will be processed. All other updates are
ignored. If blank (the default), then all changes are
processed.","type":"[Ljava.lang.String;","required":false,"order":25,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"changeLogBlockSize","displayName":"Change
Log Block Size","helpMessage":"The number of change log entries to fetch per
query. Default is
\"100\".","type":"int","required":false,"order":28,"confidential":false,"defaultValues":[100]},"overridable":false,"values":["100"]},{"schema":{"name":"groupSearchFilter","displayName":"LDAP
Filter for Retrieving Groups","helpMessage":"An optional LDAP filter to
control which groups are returned from the LDAP resource. If no filter is
specified, only groups that include all specified object classes are
returned.","type":"java.lang.String","required":false,"order":39,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"readTimeout","displayName":"Read
Timeout (Milliseconds)","helpMessage":"Time to wait for a response to be
received. If there is no response within the specified time period, the read
attempt will be aborted. Value 0 or less than 0 means there is no
limit.","type":"long","required":false,"order":40,"confidential":false,"defaultValues":[0]},"overridable":false,"values":["3000"]},{"schema":{"name":"principal","displayName":"Principal","helpMessage":"The
distinguished name with which to authenticate to the LDAP
server.","type":"java.lang.String","required":false,"order":5,"confidential":false,"defaultValues":[]},"overridable":false,"values":["uid=admin,ou=system"]},{"schema":{"name":"ssl","displayName":"SSL","helpMessage":"Select
the check box to connect to the LDAP server using SSL. The default is
\"false\".","type":"boolean","required":false,"order":3,"confidential":false,"defaultValues":[false]},"overridable":false,"values":["false"]},{"schema":{"name":"changeNumberAttribute","displayName":"Change
Number Attribute","helpMessage":"The name of the change number attribute in
the change log entry. Default is
\"changeNumber\".","type":"java.lang.String","required":false,"order":29,"confidential":false,"defaultValues":["changeNumber"]},"overridable":false,"values":["changeNumber"]},{"schema":{"name":"failover","displayName":"Failover
Servers","helpMessage":"List all servers that should be used for failover in
case the preferred server fails. If the preferred server fails, JNDI will
connect to the next available server in the list. List all servers in the
form of \"ldap://ldap.example.com:389/\", which follows the standard LDAP v3
URLs described in RFC 2255. Only the host and port parts of the URL are
relevant in this
setting.","type":"[Ljava.lang.String;","required":false,"order":4,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"uidAttribute","displayName":"Uid
Attribute","helpMessage":"The name of the LDAP attribute which is mapped to
the Uid attribute. Default is
\"entryUUID\".","type":"java.lang.String","required":false,"order":21,"confidential":false,"defaultValues":["entryUUID"]},"overridable":false,"values":["uid"]},{"schema":{"name":"host","displayName":"Host","helpMessage":"The
name or IP address of the host where the LDAP server is
running.","type":"java.lang.String","required":true,"order":1,"confidential":false,"defaultValues":[]},"overridable":false,"values":["cgldads9018"]},{"schema":{"name":"accountObjectClasses","displayName":"Account
Object Classes","helpMessage":"The object class or classes that will be used
when creating new user objects in the LDAP tree. When entering more than one
object class, each entry should be on its own line; do not use commas or
semi-colons to separate multiple object classes. Some object classes may
require that you specify all object classes in the class
hierarchy.","type":"[Ljava.lang.String;","required":false,"order":9,"confidential":false,"defaultValues":["top","person","organizationalPerson","inetOrgPerson"]},"overridable":false,"values":["top","person","organizationalPerson","inetOrgPerson","stgBasicAccount","foodbuyMemberAccount"]},{"schema":{"name":"filterWithOrInsteadOfAnd","displayName":"Filter
with Or Instead of And","helpMessage":"Normally the the filter used to fetch
change log entries is an and-based filter retrieving an interval of change
entries. If this property is set, the filter will or together the required
change numbers instead. Default is
\"false\".","type":"boolean","required":false,"order":30,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"accountSynchronizationFilter","displayName":"LDAP
Filter for Accounts to Synchronize","helpMessage":"An optional LDAP filter
for the objects to synchronize. Because the change log is for all objects,
this filter updates only objects that match the specified filter. If you
specify a filter, an object will be synchronized only if it matches the
filter and includes a synchronized object
class.","type":"java.lang.String","required":false,"order":27,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"retrievePasswordsWithSearch","displayName":"Retrieve
passwords with search","helpMessage":"Whether to retrieve user passwords
when searching. The default is
\"false\".","type":"boolean","required":false,"order":37,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"connectTimeout","displayName":"Connection
Timeout (Milliseconds)","helpMessage":"Time to wait when opening new server
connections. Value of 0 means the TCP network timeout will be used, which
may be several minutes. Value less than 0 means there is no
limit.","type":"long","required":false,"order":41,"confidential":false,"defaultValues":[0]},"overridable":false,"values":["3000"]},{"schema":{"name":"passwordHashAlgorithm","displayName":"Password
Hash Algorithm","helpMessage":"Indicates the algorithm that the Identity
system should use to hash the password. Currently supported values are SSHA,
SHA, SMD5, and MD5. A blank value indicates that the system will not hash
passwords. This will cause cleartext passwords to be stored in LDAP unless
the LDAP server performs the hash (Netscape Directory Server and iPlanet
Directory Server
do).","type":"java.lang.String","required":false,"order":17,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"useVlvControls","displayName":"Use
VLV Controls","helpMessage":"Wheter to enforce usage of VLV controls over
standard LDAP controls. Default is
\"false\".","type":"boolean","required":false,"order":19,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"passwordDecryptionInitializationVector","displayName":"Password
Decryption Initialization Vector","helpMessage":"The initialization vector
to decrypt passwords with when performing password
synchronization.","type":"org.identityconnectors.common.security.GuardedByteArray","required":false,"order":35,"confidential":true,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"groupObjectClasses","displayName":"Group
Object Classes","helpMessage":"The group class or classes that will be used
when creating new group objects in the LDAP tree. When entering more than
one object class, each entry should be on its own line; do not use commas or
semi-colons to separate multiple group classes. Some group classes may
require that you specify all group classes in the class
hierarchy.","type":"[Ljava.lang.String;","required":false,"order":12,"confidential":false,"defaultValues":["top","groupOfUniqueNames"]},"overridable":false,"values":["top","groupOfUniqueNames"]},{"schema":{"name":"baseContextsToSynchronize","displayName":"Base
Contexts to Synchronize","helpMessage":"One or more starting points in the
LDAP tree that will be used to determine if a change should be synchronized.
The base contexts attribute will be used to synchronize a change if this
property is not
set.","type":"[Ljava.lang.String;","required":false,"order":23,"confidential":false,"defaultValues":[]},"overridable":true,"values":["ou=CommitedMembers,ou=people,dc=foodbuy,dc=com"]},{"schema":{"name":"objectClassesToSynchronize","displayName":"Object
Classes to Synchronize","helpMessage":"The object classes to synchronize.
The change log is for all objects; this filters updates to just the listed
object classes. You should not list the superclasses of an object class
unless you intend to synchronize objects with any of the superclass values.
For example, if only \"inetOrgPerson\" objects should be synchronized, but
the superclasses of \"inetOrgPerson\" (\"person\", \"organizationalperson\"
and \"top\") should be filtered out, then list only \"inetOrgPerson\" here.
All objects in LDAP are subclassed from \"top\". For this reason, you should
never list \"top\", otherwise no object would be filtered. Default is
\"inetOrgPerson\".","type":"[Ljava.lang.String;","required":false,"order":24,"confidential":false,"defaultValues":["inetOrgPerson"]},"overridable":false,"values":["inetOrgPerson"]},{"schema":{"name":"synchronizePasswords","displayName":"Enable
Password Synchronization","helpMessage":"If true, the connector will
synchronize passwords. The Password Capture Plugin needs to be installed for
password synchronization to work. Default is
\"false\".","type":"boolean","required":false,"order":32,"confidential":false,"defaultValues":[false]},"overridable":false,"values":["false"]},{"schema":{"name":"baseContexts","displayName":"Base
Contexts","helpMessage":"One or more starting points in the LDAP tree that
will be used when searching the tree. Searches are performed when
discovering users from the LDAP server or when looking for the groups of
which a user is a
member.","type":"[Ljava.lang.String;","required":true,"order":7,"confidential":false,"defaultValues":[]},"overridable":true,"values":["ou=CommitedMembers,ou=people,dc=foodbuy,dc=com"]},{"schema":{"name":"maintainPosixGroupMembership","displayName":"Maintain
POSIX Group Membership","helpMessage":"When enabled and a user is renamed or
deleted, update any POSIX groups to which the user belongs to reflect the
new name. Otherwise, the LDAP resource must maintain referential integrity
with respect to group membership. Default is
\"false\".","type":"boolean","required":false,"order":16,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"credentials","displayName":"Password","helpMessage":"Password
for the
principal.","type":"org.identityconnectors.common.security.GuardedString","required":false,"order":6,"confidential":true,"defaultValues":[]},"overridable":false,"values":["secret"]},{"schema":{"name":"statusManagementClass","displayName":"Status
management class ","helpMessage":"Class to be used to manage
enabled/disabled status. If no class is specified then identity status
management wont be
possible.","type":"java.lang.String","required":false,"order":36,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"readSchema","displayName":"Read
Schema","helpMessage":"If true, the connector will read the schema from the
server. If false, the connector will provide a default schema based on the
object classes in the configuration. This property must be true in order to
use extended object classes. Default is
\"true\".","type":"boolean","required":false,"order":22,"confidential":false,"defaultValues":[true]},"overridable":false,"values":[true]},{"schema":{"name":"passwordAttribute","displayName":"Password
Attribute","helpMessage":"The name of the LDAP attribute which holds the
password. When changing an user's password, the new password is set to this
attribute. Default is
\"userPassword\".","type":"java.lang.String","required":false,"order":8,"confidential":false,"defaultValues":["userPassword"]},"overridable":false,"values":["userPassword"]},{"schema":{"name":"respectResourcePasswordPolicyChangeAfterReset","displayName":"Respect
Resource Password Policy Change-After-Reset","helpMessage":"When this
resource is specified in a Login Module (i.e., this resource is a
pass-through authentication target) and the resource's password policy is
configured for change-after-reset, a user whose resource account password
has been administratively reset will be required to change that password
after successfully authenticating. Default is
\"false\".","type":"boolean","required":false,"order":18,"confidential":false,"defaultValues":[false]},"overridable":false,"values":["false"]},{"schema":{"name":"dnAttribute","displayName":"Entry
DN attribute name","helpMessage":"Entry DN attribute name (default:
entryDN)","type":"java.lang.String","required":false,"order":38,"confidential":false,"defaultValues":["entryDN"]},"overridable":false,"values":["entryDN"]},{"schema":{"name":"port","displayName":"TCP
Port","helpMessage":"TCP/IP port number used to communicate with the LDAP
server. The default is
389.","type":"int","required":false,"order":2,"confidential":false,"defaultValues":[389]},"overridable":false,"values":["10389"]},{"schema":{"name":"vlvSortAttribute","displayName":"VLV
Sort Attribute","helpMessage":"Specify the sort attribute to use for VLV
indexes on the resource. Default is
\"uid\".","type":"java.lang.String","required":false,"order":20,"confidential":false,"defaultValues":["uid"]},"overridable":false,"values":["uid"]}],"capabilities":["AUTHENTICATE","CREATE","UPDATE","DELETE","SEARCH","SYNC"]},{"key":"db9d3e6f-31d7-4064-9d3e-6f31d7b06420","location":"file:/usr/share/tomcat/v8/SYNCOPEDEV/appconfigs/dev/bundles/","connectorName":"net.tirasa.connid.bundles.rest.RESTConnector","bundleName":"net.tirasa.connid.bundles.rest","version":"1.0.1","displayName":"Conn-REST-Test-ADAMS-API","connRequestTimeout":10,"poolConf":{"maxObjects":null,"minIdle":null,"maxIdle":null,"maxWait":null,"minEvictableIdleTimeMillis":null},"conf":[{"schema":{"name":"authenticateScript","displayName":"authenticateScript","helpMessage":"authenticateScript","type":"java.lang.String","required":false,"order":6,"confidential":false,"defaultValues":[""]},"overridable":false,"values":[]},{"schema":{"name":"contentType","displayName":"contentType","helpMessage":"contentType","type":"java.lang.String","required":true,"order":-1,"confidential":false,"defaultValues":["application/json"]},"overridable":false,"values":["application/json"]},{"schema":{"name":"resolveUsernameScriptFileName","displayName":"resolveUsernameScriptFileName","helpMessage":"resolveUsernameScriptFileName","type":"java.lang.String","required":false,"order":15,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"password","displayName":"password","helpMessage":"password","type":"org.identityconnectors.common.security.GuardedString","required":false,"order":1,"confidential":true,"defaultValues":[]},"overridable":false,"values":["e$$adm1n"]},{"schema":{"name":"schemaScriptFileName","displayName":"schemaScriptFileName","helpMessage":"schemaScriptFileName","type":"java.lang.String","required":false,"order":17,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"updateScript","displayName":"updateScript","helpMessage":"updateScript","type":"java.lang.String","required":false,"order":4,"confidential":false,"defaultValues":[""]},"overridable":false,"values":[]},{"schema":{"name":"searchScript","displayName":"searchScript","helpMessage":"searchScript","type":"java.lang.String","required":false,"order":6,"confidential":false,"defaultValues":[""]},"overridable":false,"values":[]},{"schema":{"name":"clearTextPasswordToScript","displayName":"clearTextPasswordToScript","helpMessage":"clearTextPasswordToScript","type":"boolean","required":false,"order":1,"confidential":false,"defaultValues":[true]},"overridable":false,"values":[true]},{"schema":{"name":"authenticateScriptFileName","displayName":"authenticateScriptFileName","helpMessage":"authenticateScriptFileName","type":"java.lang.String","required":false,"order":14,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"syncScript","displayName":"syncScript","helpMessage":"syncScript","type":"java.lang.String","required":false,"order":7,"confidential":false,"defaultValues":[""]},"overridable":false,"values":[]},{"schema":{"name":"searchScriptFileName","displayName":"searchScriptFileName","helpMessage":"searchScriptFileName","type":"java.lang.String","required":false,"order":13,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"accept","displayName":"accept","helpMessage":"accept","type":"java.lang.String","required":true,"order":-2,"confidential":false,"defaultValues":["application/json"]},"overridable":false,"values":["application/vnd.adams-v1.0+json"]},{"schema":{"name":"resolveUsernameScript","displayName":"resolveUsernameScript","helpMessage":"resolveUsernameScript","type":"java.lang.String","required":false,"order":6,"confidential":false,"defaultValues":[""]},"overridable":false,"values":[]},{"schema":{"name":"syncScriptFileName","displayName":"syncScriptFileName","helpMessage":"syncScriptFileName","type":"java.lang.String","required":false,"order":16,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"baseAddress","displayName":"baseAddress","helpMessage":"baseAddress","type":"java.lang.String","required":true,"order":-3,"confidential":false,"defaultValues":[]},"overridable":false,"values":["https://adamsdev.compassmanager.com/api/users?api_key=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJKVXNlciJ9.E59wqvVNv_L6v6AveQzqD6j4m5DKg86z4cqIMbgHmJ8vd6OYcJ0S4S7A0AzU5gGsLsO7sAFzM9DBZc0jOSd19w"]},{"schema":{"name":"deleteScriptFileName","displayName":"deleteScriptFileName","helpMessage":"deleteScriptFileName","type":"java.lang.String","required":false,"order":12,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]},{"schema":{"name":"updateScriptFileName","displayName":"updateScriptFileName","helpMessage":"updateScriptFileName","type":"java.lang.String","required":false,"order":11,"confidential":false,"defaultValues":[]},"overridable":false,"values":["/usr/share/tomcat/v8/SYNCOPEDEV/webapps/syncope/WEB-INF/classes/rest/UpdateScript.groovy"]},{"schema":{"name":"deleteScript","displayName":"deleteScript","helpMessage":"deleteScript","type":"java.lang.String","required":false,"order":5,"confidential":false,"defaultValues":[""]},"overridable":false,"values":[]},{"schema":{"name":"schemaScript","displayName":"schemaScript","helpMessage":"schemaScript","type":"java.lang.String","required":false,"order":8,"confidential":false,"defaultValues":[""]},"overridable":false,"values":[]},{"schema":{"name":"username","displayName":"username","helpMessage":"username","type":"java.lang.String","required":false,"order":0,"confidential":false,"defaultValues":[]},"overridable":false,"values":["essadmin"]},{"schema":{"name":"createScriptFileName","displayName":"createScriptFileName","helpMessage":"createScriptFileName","type":"java.lang.String","required":false,"order":10,"confidential":false,"defaultValues":[]},"overridable":false,"values":["/usr/share/tomcat/v8/SYNCOPEDEV/webapps/syncope/WEB-INF/classes/rest/CreateScript.groovy"]},{"schema":{"name":"createScript","displayName":"createScript","helpMessage":"createScript","type":"java.lang.String","required":false,"order":3,"confidential":false,"defaultValues":[""]},"overridable":false,"values":[]},{"schema":{"name":"scriptingLanguage","displayName":"scriptingLanguage","helpMessage":"scriptingLanguage","type":"java.lang.String","required":false,"order":0,"confidential":false,"defaultValues":["GROOVY"]},"overridable":false,"values":["GROOVY"]},{"schema":{"name":"testScript","displayName":"testScript","helpMessage":"testScript","type":"java.lang.String","required":false,"order":9,"confidential":false,"defaultValues":[""]},"overridable":false,"values":[]},{"schema":{"name":"reloadScriptOnExecution","displayName":"reloadScriptOnExecution","helpMessage":"reloadScriptOnExecution","type":"boolean","required":false,"order":2,"confidential":false,"defaultValues":[false]},"overridable":false,"values":[false]},{"schema":{"name":"testScriptFileName","displayName":"testScriptFileName","helpMessage":"testScriptFileName","type":"java.lang.String","required":false,"order":18,"confidential":false,"defaultValues":[]},"overridable":false,"values":[]}],"capabilities":["CREATE","UPDATE"]}]
*Resource*
[{"key":"res-ad-compass","connector":"6a9a654d-5b02-4089-9a65-4d5b028089d2","connectorDisplayName":"conn-ad-compass","orgUnit":null,"propagationPriority":0,"randomPwdIfNotProvided":false,"enforceMandatoryCondition":false,"createTraceLevel":"ALL","updateTraceLevel":"ALL","deleteTraceLevel":"ALL","provisioningTraceLevel":"ALL","passwordPolicy":null,"accountPolicy":null,"pullPolicy":null,"overrideCapabilities":false,"provisions":[{"key":"a8bfadab-365c-440d-bfad-ab365cf40d56","anyType":"USER","objectClass":"__ACCOUNT__","syncToken":null,"mapping":{"connObjectLink":null,"connObjectKeyItem":{"key":"fd13fe22-5907-46ef-93fe-22590776ef05","intAttrName":"username","extAttrName":"sAMAccountName","connObjectKey":true,"password":false,"mandatoryCondition":"true","purpose":"PULL","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"mappingItemTransformerClassNames":[]},"items":[{"key":"0df2b642-9436-4bbe-b2b6-4294362bbee7","intAttrName":"lastName","extAttrName":"sn","connObjectKey":false,"password":false,"mandatoryCondition":"true","purpose":"PULL","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"mappingItemTransformerClassNames":[]},{"key":"1bdd4d58-a44a-402e-9d4d-58a44a802ecd","intAttrName":"jobTitle","extAttrName":"title","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"PULL","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"mappingItemTransformerClassNames":[]},{"key":"51f9dfcd-de73-410d-b9df-cdde73210da5","intAttrName":"phoneNumber","extAttrName":"telephoneNumber","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"PULL","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"mappingItemTransformerClassNames":[]},{"key":"d6f58e9d-9517-4f7b-b58e-9d9517ff7b92","intAttrName":"email","extAttrName":"mail","connObjectKey":false,"password":false,"mandatoryCondition":"true","purpose":"PULL","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"mappingItemTransformerClassNames":[]},{"key":"fcdf0e39-37e8-4123-9f0e-3937e8b12369","intAttrName":"firstName","extAttrName":"givenName","connObjectKey":false,"password":false,"mandatoryCondition":"true","purpose":"PULL","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"mappingItemTransformerClassNames":[]},{"key":"fd13fe22-5907-46ef-93fe-22590776ef05","intAttrName":"username","extAttrName":"sAMAccountName","connObjectKey":true,"password":false,"mandatoryCondition":"true","purpose":"PULL","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"mappingItemTransformerClassNames":[]}],"linkingItems":[]},"auxClasses":["CompassUser"],"virSchemas":[]}],"confOverride":[],"capabilitiesOverride":["AUTHENTICATE","CREATE","UPDATE","DELETE","SEARCH","SYNC"],"propagationActionsClassNames":[]}]
--
View this message in context: http://syncope-user.1051894.n5.nabble.com/Pull-users-from-LDAP-tp5709232p5709346.html
Sent from the syncope-user mailing list archive at Nabble.com.
Re: Pull users from LDAP
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 25/07/2017 00:48, justin.isenhour wrote:
> Sasha,
>
> I'm curious, were you able to resolve this issue? I am facing a similar
> issue myself. For me the first time I run a pull task it works fine be then
> fails because I have a mapping issue (not really related to this) but then
> after that every time I try to run the pull task again I get this message
> "org.identityconnectors.framework.common.exceptions.ConnectorException:
> Operation Not Supported. Bad cookie". If I recycle the JVM I can run it
> again. Can you provide any direction or insight into this?
Hi Justin,
it seems you are experiencing problems with the ConnId pagination APIs,
introduced by
https://connid.atlassian.net/browse/BASE-14
and supported by the LDAP Connector Bundle with
https://connid.atlassian.net/browse/LDAP-16
Which LDAP server implementation are you using? Would you mind to share
your Connector and Resource configurations?
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: Pull users from LDAP
Posted by "justin.isenhour" <ju...@compass-usa.com>.
Sasha,
I'm curious, were you able to resolve this issue? I am facing a similar
issue myself. For me the first time I run a pull task it works fine be then
fails because I have a mapping issue (not really related to this) but then
after that every time I try to run the pull task again I get this message
"org.identityconnectors.framework.common.exceptions.ConnectorException:
Operation Not Supported. Bad cookie". If I recycle the JVM I can run it
again. Can you provide any direction or insight into this?
Thanks,
Justin
--
View this message in context: http://syncope-user.1051894.n5.nabble.com/Pull-users-from-LDAP-tp5709232p5709312.html
Sent from the syncope-user mailing list archive at Nabble.com.