Managing AD primary group

[Mirko Signoretto <mi...@intesys.it>]

Hello,

I have a problem managing the AD primary group. I have mapped for the AD resource connector the "ldapgroups" attribute and I'm able to provision group memberships correctly in AD.
The default AD primary group is "Domain Users".
But if I change the user primary group directly in AD, setting as primary group a Syncope provisioned group, I obtain a propagation error.

18:42:15.717 DEBUG org.identityconnectors.framework.api.operations.UpdateApiOp.update Exception:
org.identityconnectors.framework.common.exceptions.ConnectorException: javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 00000528: UpdErr: DSID-031A0F4F, problem 6005 (ENTRY_EXISTS), data 0
]; remaining name 'CN=SyncopeUsers,OU=Syncope,OU=Groups,dc=wip,dc=lab'

How Syncope AD connector treat the primary group? It seems that I cannot overwrite the primary group.

I'm using Syncope 1.1.3 and AD 1.2 connector.

Thanks, Mirko

R: Managing AD primary group

[Mirko Signoretto <mi...@intesys.it>]

OK. Thank's Fabio.

Da: Fabio Martelli [mailto:fabio.martelli@gmail.com]
Inviato: venerdì 28 marzo 2014 09:46
A: user@syncope.apache.org
Cc: connid-dev@googlegroups.com; connid-users@googlegroups.com
Oggetto: Re: Managing AD primary group

Il 27/03/2014 18:55, Mirko Signoretto ha scritto:
Hello,

I have a problem managing the AD primary group. I have mapped for the AD resource connector the "ldapgroups" attribute and I'm able to provision group memberships correctly in AD.
The default AD primary group is "Domain Users".
But if I change the user primary group directly in AD, setting as primary group a Syncope provisioned group, I obtain a propagation error.

18:42:15.717 DEBUG org.identityconnectors.framework.api.operations.UpdateApiOp.update Exception:
org.identityconnectors.framework.common.exceptions.ConnectorException: javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 00000528: UpdErr: DSID-031A0F4F, problem 6005 (ENTRY_EXISTS), data 0
]; remaining name 'CN=SyncopeUsers,OU=Syncope,OU=Groups,dc=wip,dc=lab'

How Syncope AD connector treat the primary group? It seems that I cannot overwrite the primary group.
Hi Mirko, it seems that  currently AD (JNDI) Connector doesn't take care of user primary groups.
I do think that this is an AD connector bug to be fixed asap: just opened issue AD-29  [1].

Thank you for your contribution.

Best regards,
F.

[1] https://connid.atlassian.net/browse/AD-29



--

Fabio Martelli



Tirasa - Open Source Excellence

http://www.tirasa.net/



Apache Syncope PMC

http://people.apache.org/~fmartelli/

Re: Managing AD primary group

[Fabio Martelli <fa...@gmail.com>]

Il 27/03/2014 18:55, Mirko Signoretto ha scritto:
>
> Hello,
>
> I have a problem managing the AD primary group. I have mapped for the 
> AD resource connector the "ldapgroups" attribute and I'm able to 
> provision group memberships correctly in AD.
>
> The default AD primary group is "Domain Users".
>
> But if I change the user primary group directly in AD, setting as 
> primary group a Syncope provisioned group, I obtain a propagation error.
>
> 18:42:15.717 DEBUG 
> org.identityconnectors.framework.api.operations.UpdateApiOp.update 
> Exception:
>
> org.identityconnectors.framework.common.exceptions.ConnectorException: 
> javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 
> 00000528: UpdErr: DSID-031A0F4F, problem 6005 (ENTRY_EXISTS), data 0
>
> ]; remaining name 'CN=SyncopeUsers,OU=Syncope,OU=Groups,dc=wip,dc=lab'
>
> How Syncope AD connector treat the primary group? It seems that I 
> cannot overwrite the primary group.
>
Hi Mirko, it seems that  currently AD (JNDI) Connector doesn't take care 
of user primary groups.
I do think that this is an AD connector bug to be fixed asap: just 
opened issue AD-29  [1].

Thank you for your contribution.

Best regards,
F.

[1] https://connid.atlassian.net/browse/AD-29

-- 
Fabio Martelli

Tirasa - Open Source Excellence
http://www.tirasa.net/

Apache Syncope PMC
http://people.apache.org/~fmartelli/