You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by PortalGuard <pg...@gmail.com> on 2020/05/29 12:57:47 UTC
Random Password Generation
Hello Everyone,
This is my first ever post on any forum so please excuse any mistakes or
faux pas.
Currently, I am able to create an account in AD when a password is set for
that user in Syncope, but I am unable to create an account in AD if a
password is not set. I figured using the 'Generate Random passwords when
missing' feature for an Active Directory resource would resolve this issue
but so far I am unable to create an account. Below is the error I am
receiving when attempting to create an account in AD without a password and
with the 'Generate Random Password when missing feature' enabled:
"Users failed to create: CREATE FAILURE (key/name):
aa44b786-9089-43ab-84b7-86908913aba2/testaccount with message:
javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
0000052D: SvcErr: DSID-031A1236, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'CN=testaccount,CN=Users,DC=Hyrule,DC=int'
Cause: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A1236, problem 5003
(WILL_NOT_PERFORM), data 0"
Here are the configs for my AD Connector and Resource.
Connector:
{
"key" : "79e9e401-214c-4647-a9e4-01214c56475c",
"adminRealm" : "/",
"location" : "file:/opt/syncope/bundles/",
"connectorName" : "net.tirasa.connid.bundles.ad.ADConnector",
"bundleName" : "net.tirasa.connid.bundles.ad",
"version" : "1.3.6",
"displayName" : "Hyrule AD",
"connRequestTimeout" : 10,
"poolConf" : null,
"conf" : [ {
"schema" : {
"name" : "host",
"displayName" : "Server hostname",
"helpMessage" : "Insert hostname",
"type" : "java.lang.String",
"required" : true,
"order" : 1,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ "DEV2019.Hyrule.int" ]
}, {
"schema" : {
"name" : "ssl",
"displayName" : "SSL",
"helpMessage" : "User SSL to perform password provisioning",
"type" : "boolean",
"required" : false,
"order" : 1,
"confidential" : false,
"defaultValues" : [ true ]
},
"overridable" : false,
"values" : [ true ]
}, {
"schema" : {
"name" : "memberships",
"displayName" : "Memberships",
"helpMessage" : "Specify memberships",
"type" : "[Ljava.lang.String;",
"required" : false,
"order" : 1,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ ]
}, {
"schema" : {
"name" : "retrieveDeletedUser",
"displayName" : "Retrieve deleted users",
"helpMessage" : "Specify TRUE to retrieve deleted users also. The
default is \"true\".",
"type" : "boolean",
"required" : false,
"order" : 2,
"confidential" : false,
"defaultValues" : [ true ]
},
"overridable" : false,
"values" : [ true ]
}, {
"schema" : {
"name" : "port",
"displayName" : "Server port",
"helpMessage" : "Insert port. The default is 636.",
"type" : "int",
"required" : false,
"order" : 2,
"confidential" : false,
"defaultValues" : [ 636 ]
},
"overridable" : false,
"values" : [ "636" ]
}, {
"schema" : {
"name" : "retrieveDeletedGroup",
"displayName" : "Retrieve deleted groups",
"helpMessage" : "Specify TRUE to retrieve deleted groups also",
"type" : "boolean",
"required" : false,
"order" : 3,
"confidential" : false,
"defaultValues" : [ true ]
},
"overridable" : false,
"values" : [ true ]
}, {
"schema" : {
"name" : "trustAllCerts",
"displayName" : "Trust all certs",
"helpMessage" : "Specify TRUE to trust all certs. The default is
\"false\".",
"type" : "boolean",
"required" : false,
"order" : 4,
"confidential" : false,
"defaultValues" : [ false ]
},
"overridable" : false,
"values" : [ "true" ]
}, {
"schema" : {
"name" : "failover",
"displayName" : "Failover",
"helpMessage" : "Failover host:port",
"type" : "[Ljava.lang.String;",
"required" : false,
"order" : 4,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ ]
}, {
"schema" : {
"name" : "principal",
"displayName" : "Principal",
"helpMessage" : "Insert DN of a user with administration
capabilities",
"type" : "java.lang.String",
"required" : false,
"order" : 5,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ "CN=Administrator,CN=Users,DC=Hyrule,DC=int" ]
}, {
"schema" : {
"name" : "membershipsInOr",
"displayName" : "Verify memberships in OR",
"helpMessage" : "Specify TRUE if you want to verify memberships using
OR logical operator. The default is \"false\".",
"type" : "boolean",
"required" : false,
"order" : 5,
"confidential" : false,
"defaultValues" : [ false ]
},
"overridable" : false,
"values" : [ false ]
}, {
"schema" : {
"name" : "credentials",
"displayName" : "Principal password",
"helpMessage" : "Insert password for administrator",
"type" : "org.identityconnectors.common.security.GuardedString",
"required" : false,
"order" : 6,
"confidential" : true,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ "GenPW123!" ]
}, {
"schema" : {
"name" : "baseContextsToSynchronize",
"displayName" : "Root suffixes",
"helpMessage" : "Insert root suffixes",
"type" : "[Ljava.lang.String;",
"required" : true,
"order" : 6,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ "DC=Hyrule,DC=int" ]
}, {
"schema" : {
"name" : "defaultPeopleContainer",
"displayName" : "Default people container",
"helpMessage" : "Default people container to be used in case of entry
DN is not provided",
"type" : "java.lang.String",
"required" : false,
"order" : 7,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ "CN=Users,DC=Hyrule,DC=int" ]
}, {
"schema" : {
"name" : "defaultGroupContainer",
"displayName" : "Default group container",
"helpMessage" : "Default group container to be used in case of entry
DN is not provided",
"type" : "java.lang.String",
"required" : false,
"order" : 8,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ "CN=Goups,DC=Hyrule,DC=int" ]
}, {
"schema" : {
"name" : "accountObjectClasses",
"displayName" : "Entry object classes",
"helpMessage" : "Insert object classes to assign to managed entries",
"type" : "[Ljava.lang.String;",
"required" : false,
"order" : 9,
"confidential" : false,
"defaultValues" : [ "top", "person", "organizationalPerson",
"inetOrgPerson" ]
},
"overridable" : false,
"values" : [ "top", "person", "organizationalPerson", "inetOrgPerson",
"OrganizationalUnit" ]
}, {
"schema" : {
"name" : "userSearchScope",
"displayName" : "User search scope",
"helpMessage" : "Choose object, onlevel or subtree",
"type" : "java.lang.String",
"required" : false,
"order" : 9,
"confidential" : false,
"defaultValues" : [ "subtree" ]
},
"overridable" : false,
"values" : [ "subtree" ]
}, {
"schema" : {
"name" : "groupSearchScope",
"displayName" : "Group search scope",
"helpMessage" : "Choose object, onlevel or subtree",
"type" : "java.lang.String",
"required" : false,
"order" : 10,
"confidential" : false,
"defaultValues" : [ "subtree" ]
},
"overridable" : false,
"values" : [ "subtree" ]
}, {
"schema" : {
"name" : "accountSearchFilter",
"displayName" : "Custom user search filter",
"helpMessage" : "Custom user search filter",
"type" : "java.lang.String",
"required" : false,
"order" : 11,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ ]
}, {
"schema" : {
"name" : "groupSearchFilter",
"displayName" : "Custom group search filter",
"helpMessage" : "Custom group search filter",
"type" : "java.lang.String",
"required" : false,
"order" : 11,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ ]
}, {
"schema" : {
"name" : "groupBaseContexts",
"displayName" : "Base contexts for group entry searches",
"helpMessage" : "DN of context to be used as starting point for group
entry searches",
"type" : "[Ljava.lang.String;",
"required" : false,
"order" : 12,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ "CN=Groups,DC=Hyrule,DC=int" ]
}, {
"schema" : {
"name" : "userBaseContexts",
"displayName" : "Base contexts for user entry searches",
"helpMessage" : "DN of context to be used as starting point for user
entry searches",
"type" : "[Ljava.lang.String;",
"required" : false,
"order" : 13,
"confidential" : false,
"defaultValues" : [ ]
},
"overridable" : false,
"values" : [ "CN=Users,DC=Hyrule,DC=int" ]
}, {
"schema" : {
"name" : "groupMemberReferenceAttribute",
"displayName" : "Group members reference attribute ",
"helpMessage" : "Group attribute referencing (by DN) the users members
of a group",
"type" : "java.lang.String",
"required" : false,
"order" : 14,
"confidential" : false,
"defaultValues" : [ "member" ]
},
"overridable" : false,
"values" : [ "member" ]
}, {
"schema" : {
"name" : "groupOwnerReferenceAttribute",
"displayName" : "Group owner reference attribute",
"helpMessage" : "Group attribute name referencing (by DN) the owner",
"type" : "java.lang.String",
"required" : false,
"order" : 15,
"confidential" : false,
"defaultValues" : [ "managedBy" ]
},
"overridable" : false,
"values" : [ "managedBy" ]
}, {
"schema" : {
"name" : "pwdUpdateOnly",
"displayName" : "Permit password update only",
"helpMessage" : "Specify TRUE if you want to permit password update
only: create/delete operation will be denied while other attributes update
requests will be ignored.",
"type" : "boolean",
"required" : true,
"order" : 17,
"confidential" : false,
"defaultValues" : [ false ]
},
"overridable" : false,
"values" : [ false ]
}, {
"schema" : {
"name" : "membershipConservativePolicy",
"displayName" : "Conservative membership policy",
"helpMessage" : "Conservative managing and assignment of groups to
user. The groups already assigned will not be removed.",
"type" : "boolean",
"required" : false,
"order" : 18,
"confidential" : false,
"defaultValues" : [ false ]
},
"overridable" : false,
"values" : [ false ]
}, {
"schema" : {
"name" : "defaultIdAttribute",
"displayName" : "Default Uid",
"helpMessage" : "The name of the attribute which is mapped to the id
attribute in case of object different from account and group. Default is
\"cn\".",
"type" : "java.lang.String",
"required" : false,
"order" : 19,
"confidential" : false,
"defaultValues" : [ "cn" ]
},
"overridable" : false,
"values" : [ "cn" ]
}, {
"schema" : {
"name" : "uidAttribute",
"displayName" : "Uid Attribute",
"helpMessage" : "The name of the attribute which is mapped to the Uid
attribute. Default is \"sAMAccountName\".",
"type" : "java.lang.String",
"required" : false,
"order" : 21,
"confidential" : false,
"defaultValues" : [ "sAMAccountName" ]
},
"overridable" : false,
"values" : [ "cn" ]
}, {
"schema" : {
"name" : "gidAttribute",
"displayName" : "Uid Attribute for groups",
"helpMessage" : "The name of the attribute which is mapped to the Uid
attribute for groups. Default is \"sAMAccountName\".",
"type" : "java.lang.String",
"required" : false,
"order" : 22,
"confidential" : false,
"defaultValues" : [ "sAMAccountName" ]
},
"overridable" : false,
"values" : [ "sAMAccountName" ]
}, {
"schema" : {
"name" : "objectClassesToSynchronize",
"displayName" : "Object classes to synchronize",
"helpMessage" : "Specify object classes to identify entry to
synchronize",
"type" : "[Ljava.lang.String;",
"required" : false,
"order" : 25,
"confidential" : false,
"defaultValues" : [ "user" ]
},
"overridable" : false,
"values" : [ "user", "OrganizationalUnit" ]
} ],
"capabilities" : [ "SEARCH", "AUTHENTICATE", "UPDATE", "CREATE", "DELETE",
"SYNC" ]
}
Resource:
{
"key" : "AD Resource",
"connector" : "79e9e401-214c-4647-a9e4-01214c56475c",
"connectorDisplayName" : "Hyrule AD",
"orgUnit" : null,
"propagationPriority" : 1,
"randomPwdIfNotProvided" : true,
"enforceMandatoryCondition" : true,
"createTraceLevel" : "ALL",
"updateTraceLevel" : "ALL",
"deleteTraceLevel" : "ALL",
"provisioningTraceLevel" : "ALL",
"passwordPolicy" : null,
"accountPolicy" : null,
"pullPolicy" : null,
"pushPolicy" : null,
"overrideCapabilities" : false,
"provisions" : [ {
"key" : "5a2f4235-2fc1-4b10-af42-352fc12b1097",
"anyType" : "GROUP",
"objectClass" : "__GROUP__",
"syncToken" : null,
"ignoreCaseMatch" : true,
"uidOnCreate" : null,
"mapping" : {
"connObjectLink" : "\"cn=\"+name+\",OU=Groups,DC=Hyrule,DC=int\"",
"connObjectKeyItem" : {
"key" : "3cebbf86-5482-4127-abbf-86548261270c",
"intAttrName" : "name",
"extAttrName" : "sAMAccountName",
"connObjectKey" : true,
"password" : false,
"mandatoryCondition" : "true",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
},
"items" : [ {
"key" : "25808e6c-edb6-475b-808e-6cedb6c75b89",
"intAttrName" : "name",
"extAttrName" : "description",
"connObjectKey" : false,
"password" : false,
"mandatoryCondition" : "false",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
}, {
"key" : "3cebbf86-5482-4127-abbf-86548261270c",
"intAttrName" : "name",
"extAttrName" : "sAMAccountName",
"connObjectKey" : true,
"password" : false,
"mandatoryCondition" : "true",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
}, {
"key" : "674b9738-8fc4-46b1-8b97-388fc4d6b187",
"intAttrName" : "name",
"extAttrName" : "cn",
"connObjectKey" : false,
"password" : false,
"mandatoryCondition" : "false",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
}, {
"key" : "f70b1210-79ae-47d3-8b12-1079ae47d36f",
"intAttrName" : "name",
"extAttrName" : "sAMAccountNAme",
"connObjectKey" : false,
"password" : false,
"mandatoryCondition" : "false",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
} ],
"linkingItems" : [ ]
},
"auxClasses" : [ ],
"virSchemas" : [ ]
}, {
"key" : "93de39d6-b2ca-4d4c-9e39-d6b2cafd4c66",
"anyType" : "USER",
"objectClass" : "__ACCOUNT__",
"syncToken" : null,
"ignoreCaseMatch" : true,
"uidOnCreate" : null,
"mapping" : {
"connObjectLink" : "\"CN=\"+username+\",CN=Users,DC=Hyrule,DC=int\"",
"connObjectKeyItem" : {
"key" : "c35d1ea1-e6f3-41ab-9d1e-a1e6f3e1ab65",
"intAttrName" : "username",
"extAttrName" : "sAMAccountName",
"connObjectKey" : true,
"password" : false,
"mandatoryCondition" : "true",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
},
"items" : [ {
"key" : "2c6e565f-2ecf-4007-ae56-5f2ecf30073a",
"intAttrName" : "email",
"extAttrName" : "mail",
"connObjectKey" : false,
"password" : false,
"mandatoryCondition" : "false",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
}, {
"key" : "7a58c0a4-b85a-4696-98c0-a4b85a269656",
"intAttrName" : "password",
"extAttrName" : "__PASSWORD__",
"connObjectKey" : false,
"password" : true,
"mandatoryCondition" : "true",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
}, {
"key" : "7e46a17e-186b-499f-86a1-7e186bc99f66",
"intAttrName" : "AD_UPN",
"extAttrName" : "userprincipalname",
"connObjectKey" : false,
"password" : false,
"mandatoryCondition" : "false",
"purpose" : "PROPAGATION",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
}, {
"key" : "c35d1ea1-e6f3-41ab-9d1e-a1e6f3e1ab65",
"intAttrName" : "username",
"extAttrName" : "sAMAccountName",
"connObjectKey" : true,
"password" : false,
"mandatoryCondition" : "true",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
} ],
"linkingItems" : [ {
"key" : null,
"intAttrName" : "UPN",
"extAttrName" : "userPrincipalName",
"connObjectKey" : false,
"password" : false,
"mandatoryCondition" : "false",
"purpose" : "BOTH",
"propagationJEXLTransformer" : null,
"pullJEXLTransformer" : null,
"transformers" : [ ]
} ]
},
"auxClasses" : [ ],
"virSchemas" : [ "UPN" ]
} ],
"confOverride" : [ ],
"capabilitiesOverride" : [ "SEARCH", "AUTHENTICATE", "UPDATE", "CREATE",
"DELETE", "SYNC" ],
"propagationActions" : [ "LDAPMembershipPropogationActions" ]
}
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Random Password Generation
Posted by Marco Di Sabatino Di Diodoro <ma...@tirasa.net>.
Hi
Inline reply
Il 29/05/20 14:57, PortalGuard ha scritto:
> Hello Everyone,
>
> This is my first ever post on any forum so please excuse any mistakes or
> faux pas.
>
> Currently, I am able to create an account in AD when a password is set for
> that user in Syncope, but I am unable to create an account in AD if a
> password is not set. I figured using the 'Generate Random passwords when
> missing' feature for an Active Directory resource would resolve this issue
> but so far I am unable to create an account. Below is the error I am
> receiving when attempting to create an account in AD without a password and
> with the 'Generate Random Password when missing feature' enabled:
>
> "Users failed to create: CREATE FAILURE (key/name):
> aa44b786-9089-43ab-84b7-86908913aba2/testaccount with message:
> javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
> 0000052D: SvcErr: DSID-031A1236, problem 5003 (WILL_NOT_PERFORM), data 0
> ]; remaining name 'CN=testaccount,CN=Users,DC=Hyrule,DC=int'
> Cause: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A1236, problem 5003
> (WILL_NOT_PERFORM), data 0"
I suggest you to see exactly what syncope sends to the AD resource. So I
ask you to check the core-connid logs or the propagation task that has
been generated.
If there is a password in the propagation task, it means that the
generated password doesn't reflect the Password Policy present on Active
Directory. My suggestion is to add a password policy on Syncope, so that
the generated password is correct.
Usually if you propagate a user without a password, the user on Active
Directory is correctly created but is disabled.
Please, check the logs and try to add password policy.
Regards
Marco
>
> Here are the configs for my AD Connector and Resource.
>
> Connector:
>
> {
> "key" : "79e9e401-214c-4647-a9e4-01214c56475c",
> "adminRealm" : "/",
> "location" : "file:/opt/syncope/bundles/",
> "connectorName" : "net.tirasa.connid.bundles.ad.ADConnector",
> "bundleName" : "net.tirasa.connid.bundles.ad",
> "version" : "1.3.6",
> "displayName" : "Hyrule AD",
> "connRequestTimeout" : 10,
> "poolConf" : null,
> "conf" : [ {
> "schema" : {
> "name" : "host",
> "displayName" : "Server hostname",
> "helpMessage" : "Insert hostname",
> "type" : "java.lang.String",
> "required" : true,
> "order" : 1,
> "confidential" : false,
> "defaultValues" : [ ]
> },
> "overridable" : false,
> "values" : [ "DEV2019.Hyrule.int" ]
> }, {
> "schema" : {
> "name" : "ssl",
> "displayName" : "SSL",
> "helpMessage" : "User SSL to perform password provisioning",
> "type" : "boolean",
> "required" : false,
> "order" : 1,
> "confidential" : false,
> "defaultValues" : [ true ]
> },
> "overridable" : false,
> "values" : [ true ]
> }, {
> "schema" : {
> "name" : "memberships",
> "displayName" : "Memberships",
> "helpMessage" : "Specify memberships",
> "type" : "[Ljava.lang.String;",
> "required" : false,
> "order" : 1,
> "confidential" : false,
> "defaultValues" : [ ]
> },
> "overridable" : false,
> "values" : [ ]
> }, {
> "schema" : {
> "name" : "retrieveDeletedUser",
> "displayName" : "Retrieve deleted users",
> "helpMessage" : "Specify TRUE to retrieve deleted users also. The
> default is \"true\".",
> "type" : "boolean",
> "required" : false,
> "order" : 2,
> "confidential" : false,
> "defaultValues" : [ true ]
> },
> "overridable" : false,
> "values" : [ true ]
> }, {
> "schema" : {
> "name" : "port",
> "displayName" : "Server port",
> "helpMessage" : "Insert port. The default is 636.",
> "type" : "int",
> "required" : false,
> "order" : 2,
> "confidential" : false,
> "defaultValues" : [ 636 ]
> },
> "overridable" : false,
> "values" : [ "636" ]
> }, {
> "schema" : {
> "name" : "retrieveDeletedGroup",
> "displayName" : "Retrieve deleted groups",
> "helpMessage" : "Specify TRUE to retrieve deleted groups also",
> "type" : "boolean",
> "required" : false,
> "order" : 3,
> "confidential" : false,
> "defaultValues" : [ true ]
> },
> "overridable" : false,
> "values" : [ true ]
> }, {
> "schema" : {
> "name" : "trustAllCerts",
> "displayName" : "Trust all certs",
> "helpMessage" : "Specify TRUE to trust all certs. The default is
> \"false\".",
> "type" : "boolean",
> "required" : false,
> "order" : 4,
> "confidential" : false,
> "defaultValues" : [ false ]
> },
> "overridable" : false,
> "values" : [ "true" ]
> }, {
> "schema" : {
> "name" : "failover",
> "displayName" : "Failover",
> "helpMessage" : "Failover host:port",
> "type" : "[Ljava.lang.String;",
> "required" : false,
> "order" : 4,
> "confidential" : false,
> "defaultValues" : [ ]
> },
> "overridable" : false,
> "values" : [ ]
> }, {
> "schema" : {
> "name" : "principal",
> "displayName" : "Principal",
> "helpMessage" : "Insert DN of a user with administration
> capabilities",
> "type" : "java.lang.String",
> "required" : false,
> "order" : 5,
> "confidential" : false,
> "defaultValues" : [ ]
> },
> "overridable" : false,
> "values" : [ "CN=Administrator,CN=Users,DC=Hyrule,DC=int" ]
> }, {
> "schema" : {
> "name" : "membershipsInOr",
> "displayName" : "Verify memberships in OR",
> "helpMessage" : "Specify TRUE if you want to verify memberships using
> OR logical operator. The default is \"false\".",
> "type" : "boolean",
> "required" : false,
> "order" : 5,
> "confidential" : false,
> "defaultValues" : [ false ]
> },
> "overridable" : false,
> "values" : [ false ]
> }, {
> "schema" : {
> "name" : "credentials",
> "displayName" : "Principal password",
> "helpMessage" : "Insert password for administrator",
> "type" : "org.identityconnectors.common.security.GuardedString",
> "required" : false,
> "order" : 6,
> "confidential" : true,
> "defaultValues" : [ ]
> },
> "overridable" : false,
> "values" : [ "GenPW123!" ]
> }, {
> "schema" : {
> "name" : "baseContextsToSynchronize",
> "displayName" : "Root suffixes",
> "helpMessage" : "Insert root suffixes",
> "type" : "[Ljava.lang.String;",
> "required" : true,
> "order" : 6,
> "confidential" : false,
> "defaultValues" : [ ]
> },
> "overridable" : false,
> "values" : [ "DC=Hyrule,DC=int" ]
> }, {
> "schema" : {
> "name" : "defaultPeopleContainer",
> "displayName" : "Default people container",
> "helpMessage" : "Default people container to be used in case of entry
> DN is not provided",
> "type" : "java.lang.String",
> "required" : false,
> "order" : 7,
> "confidential" : false,
> "defaultValues" : [ ]
> },
> "overridable" : false,
> "values" : [ "CN=Users,DC=Hyrule,DC=int" ]
> }, {
> "schema" : {
> "name" : "defaultGroupContainer",
> "displayName" : "Default group container",
> "helpMessage" : "Default group container to be used in case of entry
> DN is not provided",
> "type" : "java.lang.String",
> "required" : false,
> "order" : 8,
> "confidential" : false,
> "defaultValues" : [ ]
> },
> "overridable" : false,
> "values" : [ "CN=Goups,DC=Hyrule,DC=int" ]
> }, {
> "schema" : {
> "name" : "accountObjectClasses",
> "displayName" : "Entry object classes",
> "helpMessage" : "Insert object classes to assign to managed entries",
> "type" : "[Ljava.lang.String;",
> "required" : false,
> "order" : 9,
> "confidential" : false,
> "defaultValues" : [ "top", "person", "organizationalPerson",
> "inetOrgPerson" ]
> },
> "overridable" : false,
> "values" : [ "top", "person", "organizationalPerson", "inetOrgPerson",
> "OrganizationalUnit" ]
> }, {
> "schema" : {
> "name" : "userSearchScope",
> "displayName" : "User search scope",
> "helpMessage" : "Choose object, onlevel or subtree",
> "type" : "java.lang.String",
> "required" : false,
> "order" : 9,
> "confidential" : false,
> "defaultValues" : [ "subtree" ]
> },
> "overridable" : false,
> "values" : [ "subtree" ]
> }, {
> "schema" : {
> "name" : "groupSearchScope",
> "displayName" : "Group search scope",
> "helpMessage" : "Choose object, onlevel or subtree",
> "type" : "java.lang.String",
> "required" : false,
> "order" : 10,
> "confidential" : false,
> "defaultValues" : [ "subtree" ]
> },
> "overridable" : false,
> "values" : [ "subtree" ]
> }, {
> "schema" : {
> "name" : "accountSearchFilter",
> "displayName" : "Custom user search filter",
> "helpMessage" : "Custom user search filter",
> "type" : "java.lang.String",
> "required" : false,
> "order" : 11,
> "confidential" : false,
> "defaultValues" : [ ]
> },
> "overridable" : false,
> "values" : [ ]
> }, {
> "schema" : {
> "name" : "groupSearchFilter",
> "displayName" : "Custom group search filter",
> "helpMessage" : "Custom group search filter",
> "type" : "java.lang.String",
> "required" : false,
> "order" : 11,
> "confidential" : false,
> "defaultValues" : [ ]
> },
> "overridable" : false,
> "values" : [ ]
> }, {
> "schema" : {
> "name" : "groupBaseContexts",
> "displayName" : "Base contexts for group entry searches",
> "helpMessage" : "DN of context to be used as starting point for group
> entry searches",
> "type" : "[Ljava.lang.String;",
> "required" : false,
> "order" : 12,
> "confidential" : false,
> "defaultValues" : [ ]
> },
> "overridable" : false,
> "values" : [ "CN=Groups,DC=Hyrule,DC=int" ]
> }, {
> "schema" : {
> "name" : "userBaseContexts",
> "displayName" : "Base contexts for user entry searches",
> "helpMessage" : "DN of context to be used as starting point for user
> entry searches",
> "type" : "[Ljava.lang.String;",
> "required" : false,
> "order" : 13,
> "confidential" : false,
> "defaultValues" : [ ]
> },
> "overridable" : false,
> "values" : [ "CN=Users,DC=Hyrule,DC=int" ]
> }, {
> "schema" : {
> "name" : "groupMemberReferenceAttribute",
> "displayName" : "Group members reference attribute ",
> "helpMessage" : "Group attribute referencing (by DN) the users members
> of a group",
> "type" : "java.lang.String",
> "required" : false,
> "order" : 14,
> "confidential" : false,
> "defaultValues" : [ "member" ]
> },
> "overridable" : false,
> "values" : [ "member" ]
> }, {
> "schema" : {
> "name" : "groupOwnerReferenceAttribute",
> "displayName" : "Group owner reference attribute",
> "helpMessage" : "Group attribute name referencing (by DN) the owner",
> "type" : "java.lang.String",
> "required" : false,
> "order" : 15,
> "confidential" : false,
> "defaultValues" : [ "managedBy" ]
> },
> "overridable" : false,
> "values" : [ "managedBy" ]
> }, {
> "schema" : {
> "name" : "pwdUpdateOnly",
> "displayName" : "Permit password update only",
> "helpMessage" : "Specify TRUE if you want to permit password update
> only: create/delete operation will be denied while other attributes update
> requests will be ignored.",
> "type" : "boolean",
> "required" : true,
> "order" : 17,
> "confidential" : false,
> "defaultValues" : [ false ]
> },
> "overridable" : false,
> "values" : [ false ]
> }, {
> "schema" : {
> "name" : "membershipConservativePolicy",
> "displayName" : "Conservative membership policy",
> "helpMessage" : "Conservative managing and assignment of groups to
> user. The groups already assigned will not be removed.",
> "type" : "boolean",
> "required" : false,
> "order" : 18,
> "confidential" : false,
> "defaultValues" : [ false ]
> },
> "overridable" : false,
> "values" : [ false ]
> }, {
> "schema" : {
> "name" : "defaultIdAttribute",
> "displayName" : "Default Uid",
> "helpMessage" : "The name of the attribute which is mapped to the id
> attribute in case of object different from account and group. Default is
> \"cn\".",
> "type" : "java.lang.String",
> "required" : false,
> "order" : 19,
> "confidential" : false,
> "defaultValues" : [ "cn" ]
> },
> "overridable" : false,
> "values" : [ "cn" ]
> }, {
> "schema" : {
> "name" : "uidAttribute",
> "displayName" : "Uid Attribute",
> "helpMessage" : "The name of the attribute which is mapped to the Uid
> attribute. Default is \"sAMAccountName\".",
> "type" : "java.lang.String",
> "required" : false,
> "order" : 21,
> "confidential" : false,
> "defaultValues" : [ "sAMAccountName" ]
> },
> "overridable" : false,
> "values" : [ "cn" ]
> }, {
> "schema" : {
> "name" : "gidAttribute",
> "displayName" : "Uid Attribute for groups",
> "helpMessage" : "The name of the attribute which is mapped to the Uid
> attribute for groups. Default is \"sAMAccountName\".",
> "type" : "java.lang.String",
> "required" : false,
> "order" : 22,
> "confidential" : false,
> "defaultValues" : [ "sAMAccountName" ]
> },
> "overridable" : false,
> "values" : [ "sAMAccountName" ]
> }, {
> "schema" : {
> "name" : "objectClassesToSynchronize",
> "displayName" : "Object classes to synchronize",
> "helpMessage" : "Specify object classes to identify entry to
> synchronize",
> "type" : "[Ljava.lang.String;",
> "required" : false,
> "order" : 25,
> "confidential" : false,
> "defaultValues" : [ "user" ]
> },
> "overridable" : false,
> "values" : [ "user", "OrganizationalUnit" ]
> } ],
> "capabilities" : [ "SEARCH", "AUTHENTICATE", "UPDATE", "CREATE", "DELETE",
> "SYNC" ]
> }
>
>
>
> Resource:
> {
> "key" : "AD Resource",
> "connector" : "79e9e401-214c-4647-a9e4-01214c56475c",
> "connectorDisplayName" : "Hyrule AD",
> "orgUnit" : null,
> "propagationPriority" : 1,
> "randomPwdIfNotProvided" : true,
> "enforceMandatoryCondition" : true,
> "createTraceLevel" : "ALL",
> "updateTraceLevel" : "ALL",
> "deleteTraceLevel" : "ALL",
> "provisioningTraceLevel" : "ALL",
> "passwordPolicy" : null,
> "accountPolicy" : null,
> "pullPolicy" : null,
> "pushPolicy" : null,
> "overrideCapabilities" : false,
> "provisions" : [ {
> "key" : "5a2f4235-2fc1-4b10-af42-352fc12b1097",
> "anyType" : "GROUP",
> "objectClass" : "__GROUP__",
> "syncToken" : null,
> "ignoreCaseMatch" : true,
> "uidOnCreate" : null,
> "mapping" : {
> "connObjectLink" : "\"cn=\"+name+\",OU=Groups,DC=Hyrule,DC=int\"",
> "connObjectKeyItem" : {
> "key" : "3cebbf86-5482-4127-abbf-86548261270c",
> "intAttrName" : "name",
> "extAttrName" : "sAMAccountName",
> "connObjectKey" : true,
> "password" : false,
> "mandatoryCondition" : "true",
> "purpose" : "BOTH",
> "propagationJEXLTransformer" : null,
> "pullJEXLTransformer" : null,
> "transformers" : [ ]
> },
> "items" : [ {
> "key" : "25808e6c-edb6-475b-808e-6cedb6c75b89",
> "intAttrName" : "name",
> "extAttrName" : "description",
> "connObjectKey" : false,
> "password" : false,
> "mandatoryCondition" : "false",
> "purpose" : "BOTH",
> "propagationJEXLTransformer" : null,
> "pullJEXLTransformer" : null,
> "transformers" : [ ]
> }, {
> "key" : "3cebbf86-5482-4127-abbf-86548261270c",
> "intAttrName" : "name",
> "extAttrName" : "sAMAccountName",
> "connObjectKey" : true,
> "password" : false,
> "mandatoryCondition" : "true",
> "purpose" : "BOTH",
> "propagationJEXLTransformer" : null,
> "pullJEXLTransformer" : null,
> "transformers" : [ ]
> }, {
> "key" : "674b9738-8fc4-46b1-8b97-388fc4d6b187",
> "intAttrName" : "name",
> "extAttrName" : "cn",
> "connObjectKey" : false,
> "password" : false,
> "mandatoryCondition" : "false",
> "purpose" : "BOTH",
> "propagationJEXLTransformer" : null,
> "pullJEXLTransformer" : null,
> "transformers" : [ ]
> }, {
> "key" : "f70b1210-79ae-47d3-8b12-1079ae47d36f",
> "intAttrName" : "name",
> "extAttrName" : "sAMAccountNAme",
> "connObjectKey" : false,
> "password" : false,
> "mandatoryCondition" : "false",
> "purpose" : "BOTH",
> "propagationJEXLTransformer" : null,
> "pullJEXLTransformer" : null,
> "transformers" : [ ]
> } ],
> "linkingItems" : [ ]
> },
> "auxClasses" : [ ],
> "virSchemas" : [ ]
> }, {
> "key" : "93de39d6-b2ca-4d4c-9e39-d6b2cafd4c66",
> "anyType" : "USER",
> "objectClass" : "__ACCOUNT__",
> "syncToken" : null,
> "ignoreCaseMatch" : true,
> "uidOnCreate" : null,
> "mapping" : {
> "connObjectLink" : "\"CN=\"+username+\",CN=Users,DC=Hyrule,DC=int\"",
> "connObjectKeyItem" : {
> "key" : "c35d1ea1-e6f3-41ab-9d1e-a1e6f3e1ab65",
> "intAttrName" : "username",
> "extAttrName" : "sAMAccountName",
> "connObjectKey" : true,
> "password" : false,
> "mandatoryCondition" : "true",
> "purpose" : "BOTH",
> "propagationJEXLTransformer" : null,
> "pullJEXLTransformer" : null,
> "transformers" : [ ]
> },
> "items" : [ {
> "key" : "2c6e565f-2ecf-4007-ae56-5f2ecf30073a",
> "intAttrName" : "email",
> "extAttrName" : "mail",
> "connObjectKey" : false,
> "password" : false,
> "mandatoryCondition" : "false",
> "purpose" : "BOTH",
> "propagationJEXLTransformer" : null,
> "pullJEXLTransformer" : null,
> "transformers" : [ ]
> }, {
> "key" : "7a58c0a4-b85a-4696-98c0-a4b85a269656",
> "intAttrName" : "password",
> "extAttrName" : "__PASSWORD__",
> "connObjectKey" : false,
> "password" : true,
> "mandatoryCondition" : "true",
> "purpose" : "BOTH",
> "propagationJEXLTransformer" : null,
> "pullJEXLTransformer" : null,
> "transformers" : [ ]
> }, {
> "key" : "7e46a17e-186b-499f-86a1-7e186bc99f66",
> "intAttrName" : "AD_UPN",
> "extAttrName" : "userprincipalname",
> "connObjectKey" : false,
> "password" : false,
> "mandatoryCondition" : "false",
> "purpose" : "PROPAGATION",
> "propagationJEXLTransformer" : null,
> "pullJEXLTransformer" : null,
> "transformers" : [ ]
> }, {
> "key" : "c35d1ea1-e6f3-41ab-9d1e-a1e6f3e1ab65",
> "intAttrName" : "username",
> "extAttrName" : "sAMAccountName",
> "connObjectKey" : true,
> "password" : false,
> "mandatoryCondition" : "true",
> "purpose" : "BOTH",
> "propagationJEXLTransformer" : null,
> "pullJEXLTransformer" : null,
> "transformers" : [ ]
> } ],
> "linkingItems" : [ {
> "key" : null,
> "intAttrName" : "UPN",
> "extAttrName" : "userPrincipalName",
> "connObjectKey" : false,
> "password" : false,
> "mandatoryCondition" : "false",
> "purpose" : "BOTH",
> "propagationJEXLTransformer" : null,
> "pullJEXLTransformer" : null,
> "transformers" : [ ]
> } ]
> },
> "auxClasses" : [ ],
> "virSchemas" : [ "UPN" ]
> } ],
> "confOverride" : [ ],
> "capabilitiesOverride" : [ "SEARCH", "AUTHENTICATE", "UPDATE", "CREATE",
> "DELETE", "SYNC" ],
> "propagationActions" : [ "LDAPMembershipPropogationActions" ]
> }
>
> --
> Sent from: http://syncope-user.1051894.n5.nabble.com/
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale Vittoria Colonna, 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/