You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Xue Zhi Yong <zh...@126.com> on 2015/11/13 04:37:51 UTC
Can't synchronize user from FreeIPA.
I have two problems for integrate Syncope with FreeIPA(4.1):
1. When I create a posix user in Syncope, the use can be synchronized to FreeIPA, but the user can't be login by linux and can't be deleted from FreeIPA.
The difference between Syncope created user and FreeIPA created user is: FreeIPA created user include "objectClass: ipauser".
2. We can't synchronize user from FreeIPA to Syncope.
The connector configure:
The resource configure:
Any ideas?
Re: Can't synchronize user from FreeIPA.
Posted by zhiy <zh...@126.com>.
No log for Synchronization task.
*And this is create user log:*
10:00:05.204 DEBUG Enter: getObject(ObjectClass: __ACCOUNT__, Attribute:
{Name=__UID__, Value=[syncopex5]}, OperationOptions:
{ATTRS_TO_GET:[uid,mail,sn,__UID__,__NAME__,givenName,__PASSWORD__,__ENABLE__]})
Method: getObject
10:00:05.214 DEBUG Enter: executeQuery(ObjectClass: __ACCOUNT__,
LdapFilter[nativeFilter: (uid=syncopex5); entryDN: null],
org.identityconnectors.framework.impl.api.local.operations.SearchImpl$1@4e6b4ea5,
OperationOptions:
{ATTRS_TO_GET:[uid,mail,sn,__UID__,__NAME__,givenName,__PASSWORD__,__ENABLE__]})
Method: executeQuery
10:00:05.220 DEBUG Return Method: executeQuery
10:00:05.220 DEBUG Return: null Method: getObject
10:00:05.224 DEBUG Enter: create(ObjectClass: __ACCOUNT__, [Attribute:
{Name=givenName, Value=[x5]}, Attribute: {Name=__NAME__, Value=[syncopex5]},
Attribute: {Name=ldapGroups, Value=[]}, Attribute: {Name=sn,
Value=[syncope]}, Attribute: {Name=__PASSWORD__,
Value=[org.identityconnectors.common.security.GuardedString@a05005e9]},
Attribute: {Name=__ENABLE__, Value=[true]}, Attribute: {Name=mail,
Value=[x5@example.com]}], null) Method: create
10:00:05.234 DEBUG Enter: create(ObjectClass: __ACCOUNT__, [Attribute:
{Name=givenName, Value=[x5]}, Attribute: {Name=__NAME__, Value=[syncopex5]},
Attribute: {Name=ldapGroups, Value=[]}, Attribute: {Name=sn,
Value=[syncope]}, Attribute: {Name=__PASSWORD__,
Value=[org.identityconnectors.common.security.GuardedString@a05005e9]},
Attribute: {Name=mail, Value=[x5@example.com]}, Attribute: {Name=__ENABLE__,
Value=[true]}], OperationOptions: {}) Method: create
10:00:05.352 DEBUG Return: Attribute: {Name=__UID__, Value=[syncopex5]}
Method: create
10:00:05.352 DEBUG Return: Attribute: {Name=__UID__, Value=[syncopex5]}
Method: create
10:00:05.352 DEBUG Enter: getObject(ObjectClass: __ACCOUNT__, Attribute:
{Name=__UID__, Value=[syncopex5]}, OperationOptions:
{ATTRS_TO_GET:[uid,mail,sn,__UID__,__NAME__,givenName,__PASSWORD__,__ENABLE__]})
Method: getObject
10:00:05.359 DEBUG Enter: executeQuery(ObjectClass: __ACCOUNT__,
LdapFilter[nativeFilter: (uid=syncopex5); entryDN: null],
org.identityconnectors.framework.impl.api.local.operations.SearchImpl$1@63569c78,
OperationOptions:
{ATTRS_TO_GET:[uid,mail,sn,__UID__,__NAME__,givenName,__PASSWORD__,__ENABLE__]})
Method: executeQuery
10:00:05.372 DEBUG Enter: handle({Name=Attribute: {Name=__NAME__,
Value=[syncopex5]}, Attributes=[Attribute: {Name=uidNumber,
Value=[657600034]}, Attribute: {Name=loginShell, Value=[/bin/sh]},
Attribute: {Name=initials, Value=[xs]}, Attribute: {Name=sn,
Value=[syncope]}, Attribute: {Name=mail, Value=[x5@example.com]}, Attribute:
{Name=krbLastPwdChange, Value=[20151116015721Z]}, Attribute:
{Name=__ENABLE__, Value=[true]}, Attribute: {Name=ipaUniqueID,
Value=[6032a32e-8c05-11e5-b8cd-fa163e630e3d]}, Attribute:
{Name=homeDirectory, Value=[/home/syncopex5]}, Attribute: {Name=memberOf,
Value=[cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com]}, Attribute:
{Name=krbExtraData, Value=[^@^B^A8IVroot/admin@EXAMPLE.COM^@]}, Attribute:
{Name=mepManagedEntry,
Value=[member=syncopex5,cn=groups,cn=accounts,dc=example,dc=com]},
Attribute: {Name=krbPrincipalName, Value=[syncopex5@EXAMPLE.COM]},
Attribute: {Name=krbPasswordExpiration, Value=[20151116015721Z]}, Attribute:
{Name=displayName, Value=[x5syncope]}, Attribute: {Name=givenName,
Value=[x5]}, Attribute: {Name=__UID__, Value=[syncopex5]}, Attribute:
{Name=__NAME__, Value=[syncopex5]}, Attribute: {Name=gecos,
Value=[x5syncope]}, Attribute: {Name=gidNumber, Value=[657600034]},
Attribute: {Name=cn, Value=[x5syncope]}, Attribute: {Name=objectClass,
Value=[top]}], ObjectClass=ObjectClass: __ACCOUNT__, Uid=Attribute:
{Name=__UID__, Value=[syncopex5]}}) Method: handle
10:00:05.372 DEBUG Return: false Method: handle
10:00:05.372 DEBUG Return Method: executeQuery
10:00:05.373 DEBUG Return: {Name=Attribute: {Name=__NAME__,
Value=[syncopex5]}, Attributes=[Attribute: {Name=givenName, Value=[x5]},
Attribute: {Name=__UID__, Value=[syncopex5]}, Attribute: {Name=__NAME__,
Value=[syncopex5]}, Attribute: {Name=sn, Value=[syncope]}, Attribute:
{Name=mail, Value=[x5@example.com]}, Attribute: {Name=__ENABLE__,
Value=[true]}], ObjectClass=ObjectClass: __ACCOUNT__, Uid=Attribute:
{Name=__UID__, Value=[syncopex5]}} Method: getObject
--
View this message in context: http://syncope-user.1051894.n5.nabble.com/Can-t-synchronize-user-from-FreeIPA-tp5708203p5708206.html
Sent from the syncope-user mailing list archive at Nabble.com.
Re: Can't synchronize user from FreeIPA.
Posted by Massimiliano Perrone <ma...@tirasa.net>.
Hi,
Il 13/11/2015 11:37, Massimiliano Perrone ha scritto:
Hi,
before all, can you send some log? It may be enough the core-connid.log file for the moment.
Anyway:
Il 13/11/2015 04:37, Xue Zhi Yong ha scritto:
<blockquote>
I have two problems for integrate Syncope with FreeIPA(4.1):
1. When I create a posix user in Syncope, the use can be synchronized to FreeIPA, but the user can't be login by linux and can't be deleted from FreeIPA.
The difference between Syncope created user and FreeIPA created user is: FreeIPA created user include "objectClass: ipauser".
As you can read here [1] there is a ticket to add a custom objectClass. You can try to add your object class in the code.
[1] https://connid.atlassian.net/browse/FREEIPA-6
<blockquote>
2. We can't synchronize user from FreeIPA to Syncope.
</blockquote>
Here I need the logs.
</blockquote>
I create this [1] with your log. Please don't delete the other (important) message's part when you reply an email otherwise we need to read three different email to answer.
Anyway.
I need others information to understand why your sync doesn't work. Have you followed [2] to configure your resource?
Furthermore I need the Sync log. Have you the DEBUG configuration in your settings?
Regards,
Massi
[1] https://paste.apache.org/5dWB
[2] http://blog.tirasa.net/unlock-full-freeipa-features.html
<blockquote>
<blockquote>
The connector configure:
The resource configure:
Any ideas?
</blockquote>
Best regards,
Massi
--
Massimiliano Perrone
Tel +39 393 9121310
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173 http://www.tirasa.net "L'apprendere molte cose non insegna l'intelligenza"
(Eraclito)
</blockquote>
--
Massimiliano Perrone
Tel +39 393 9121310
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173 http://www.tirasa.net "L'apprendere molte cose non insegna l'intelligenza"
(Eraclito)
Re: Can't synchronize user from FreeIPA.
Posted by Massimiliano Perrone <ma...@tirasa.net>.
Hi,
before all, can you send some log? It may be enough the core-connid.log
file for the moment.
Anyway:
Il 13/11/2015 04:37, Xue Zhi Yong ha scritto:
> I have two problems for integrate Syncope with FreeIPA(4.1):
> 1. When I create a posix user in Syncope, the use can be synchronized
> to FreeIPA, but the user can't be login by linux and can't be deleted
> from FreeIPA.
> The difference between Syncope created user and FreeIPA created user
> is: FreeIPA created user include "objectClass: ipauser".
As you can read here [1] there is a ticket to add a custom objectClass.
You can try to add your object class in the code.
[1] https://connid.atlassian.net/browse/FREEIPA-6
>
> 2. We can't synchronize user from FreeIPA to Syncope.
Here I need the logs.
>
> The connector configure:
>
> The resource configure:
>
> Any ideas?
>
>
>
Best regards,
Massi
--
Massimiliano Perrone
Tel +39 393 9121310
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
"L'apprendere molte cose non insegna l'intelligenza"
(Eraclito)