'Memberships' property of AD connector

[Antony Pulicken]

Hi,

1. Can you please tell me how/where to set the 'Memberships' property in syncope ? If any of you have already configured 'Memberships' in your local syncope environment, can you please send me the http://localhost:8080/syncope/rest/connector/list.xml ?
2. According to the 'Memberships' description in  wiki,  "The connector ignores any changes about users not member of indicated groups"
• Does it mean that if the user belongs to a group that is not configured (in AD), NO updates of the user will be synced (to Syncope) ?
• In other words, when ever a group is added/deleted in AD, we have to update the 'Memberships' configuration in syncope, so as to get the updates during the sync operation ?

Please let me know whether my understanding is correct.

Regards,
Antony.

[Fabio Martelli]

Il giorno 12/dic/2011, alle ore 11.55, Antony Pulicken ha scritto:

Hi,

1. Can you please tell me how/where to set the 'Memberships' property in syncope ? If any of you have already configured 'Memberships' in your local syncope environment, can you please send me the http://localhost:8080/syncope/rest/connector/list.xml ?

Using the Syncope trunk version you have to set 'Memberships' attribute specifying group DNs separated by a white space.

At the moment I cannot send you a configuration sample.

2. According to the 'Memberships' description in  wiki,  "The connector ignores any changes about users not member of indicated groups"
• Does it mean that if the user belongs to a group that is not configured (in AD), NO updates of the user will be synced (to Syncope) ?

Not exactly. This means that if user doesn't belong to each group specified in 'Memberships' attribute, NO updates of the user will be synced.

• In other words, when ever a group is added/deleted in AD, we have to update the 'Memberships' configuration in syncope, so as to get the updates during the sync operation ?

Of course: if a new group is created and members of this group must be synced, 'Memberships' attribute must be updated.

Regards,

F.

[Fabio Martelli]

Il giorno 12/dic/2011, alle ore 12.08, Fabio Martelli ha scritto:

Il giorno 12/dic/2011, alle ore 11.55, Antony Pulicken ha scritto:

Hi,

1. Can you please tell me how/where to set the 'Memberships' property in syncope ? If any of you have already configured 'Memberships' in your local syncope environment, can you please send me the http://localhost:8080/syncope/rest/connector/list.xml ?

Using the Syncope trunk version you have to set 'Memberships' attribute specifying group DNs separated by a white space.

At the moment I cannot send you a configuration sample.

Hi Antony,

a new implementation of Syncope is available into the trunk: issue #245 has been closed.

Please, check it out and try again with that version.

In a meanwhile I will try to reproduce your issue.

Best regards,

F.

[Antony Pulicken]

Thanks Fabio. Were you able to re-produce the issue (user getting re-created in syncope when we remove the user from a group!).

I took the latest syncope code from the trunk and when I try to configure a new connector (AD), lot of fields including 'Memberships' are not editable. Please see the attached screenshot for more details.

Also, it would help if you can send me a screenshot that has your configuration for AD connector.

Thanks and Regards,
Antony.

[Fabio Martelli]

Il giorno 13/dic/2011, alle ore 09.39, Antony Pulicken ha scritto:

Thanks Fabio. Were you able to re-produce the issue (user getting re-created in syncope when we remove the user from a group!).

I took the latest syncope code from the trunk and when I try to configure a new connector (AD), lot of fields including 'Memberships' are not editable. Please see the attached screenshot for more details.

Also, it would help if you can send me a screenshot that has your configuration for AD connector.

Ops, sorry Antony, I'm going to fix this big bug.

Please, wait for next commit.

Regards,

F.

Thanks and Regards,
Antony.

On Mon, Dec 12, 2011 at 10:36 PM, Fabio Martelli <fabio.m...@gmail.com> wrote:

Il giorno 12/dic/2011, alle ore 12.08, Fabio Martelli ha scritto:

Il giorno 12/dic/2011, alle ore 11.55, Antony Pulicken ha scritto:

Hi,

1. Can you please tell me how/where to set the 'Memberships' property in syncope ? If any of you have already configured 'Memberships' in your local syncope environment, can you please send me the http://localhost:8080/syncope/rest/connector/list.xml ?

Using the Syncope trunk version you have to set 'Memberships' attribute specifying group DNs separated by a white space.

At the moment I cannot send you a configuration sample.

Hi Antony,

a new implementation of Syncope is available into the trunk: issue #245 has been closed.

Please, check it out and try again with that version.

In a meanwhile I will try to reproduce your issue.

Best regards,

F.

2. According to the 'Memberships' description in  wiki,  "The connector ignores any changes about users not member of indicated groups"
• Does it mean that if the user belongs to a group that is not configured (in AD), NO updates of the user will be synced (to Syncope) ?

Not exactly. This means that if user doesn't belong to each group specified in 'Memberships' attribute, NO updates of the user will be synced.

• In other words, when ever a group is added/deleted in AD, we have to update the 'Memberships' configuration in syncope, so as to get the updates during the sync operation ?

Of course: if a new group is created and members of this group must be synced, 'Memberships' attribute must be updated.

Regards,

F.

<Screen Shot 2011-12-13 at 2.06.06 PM.png>

[Antony Pulicken]

Thanks Fabio. Were you able to re-produce the issue (user getting re-created in syncope when we remove the user from a group!). ?

Regards,
Antony.

[Fabio Martelli]

Il giorno 13/dic/2011, alle ore 11.33, Antony Pulicken ha scritto:

Thanks Fabio. Were you able to re-produce the issue (user getting re-created in syncope when we remove the user from a group!). ?

Sure, I'm able.

1. start my vm windows server 2003

2. load some users on AD

3. configure connector, resource and syncjob

4. start syncjob

5. remove a user from a group

6. start syncjob

7. verify result

That's right?

Please, let me know if I miss something.

Regards,

F.

[Antony Pulicken]

Yes. That is correct. We also have to make sure that the group from where we are removing the user is configured in the 'Memberships' property.


Regards,
Antony.

[Fabio Martelli]

Il giorno 14/dic/2011, alle ore 16.25, Antony Pulicken ha scritto:

Sure. Please send me a mail once you are done...and let me know which issue mentioned below is fixed... if the fix for first issue is in syncope, please let me know the files that you changed...we may have to apply that in the syncope version that we are using....!! thanks again for all the help....

1)user getting re-created in syncope when we remove the user from a group!
2)I took the latest syncope code from the trunk and when I try to configure a new connector (AD), lot of fields including 'Memberships' are not editable. Please see the attached screenshot for more details.

Some fixes in trunk (connid and syncope).

Please keep mailing list in touch.

Further updates tomorrow.....

Regards,

F.

-Antony.

On Wed, Dec 14, 2011 at 1:55 PM, Fabio Martelli <fabio.m...@gmail.com> wrote:

Il giorno 14/dic/2011, alle ore 09.24, Antony Pulicken ha scritto:

ok..thanks a lot...I will take the latest and try...do you have any sample configuration for AD con ?

I'm working on it. Just a few minutes ...

On Wed, Dec 14, 2011 at 1:48 PM, Fabio Martelli <fabio.m...@gmail.com> wrote:

Il giorno 14/dic/2011, alle ore 09.17, Antony Pulicken ha scritto:

sorry.send the previous mail bit early :-)

2)I took the latest syncope code from the trunk and when I try to configure a new connector (AD), lot of fields including 'Memberships' are not editable. Please see the attached screenshot for more details.

Hi Antony,

this issue has been closed.

I'm working on the number 1.

Regards,

F.

On Wed, Dec 14, 2011 at 1:46 PM, Antony Pulicken <antony....@gmail.com> wrote:

Hi Fabio,

Are you able to simulate both the issues ?

1)user getting re-created in syncope when we remove the user from a group!
2)

[Antony Pulicken]

Hi Fabio,

Good to see that 'Ritornello' is released ahead of schedule !! Hope what ever changes/fixes you made in last few days are already part of 'Ritornello'. We are starting the migration to 'Ritornello' from today. Please let us know your comments.

Thanks and Regards,
Antony.

[Francesco Chicchiriccò]

On 16/12/2011 00:49, Antony Pulicken wrote:

Hi Fabio,

Good to see that 'Ritornello' is released ahead of schedule !! Hope what ever changes/fixes you made in last few days are already part of 'Ritornello'. We are starting the migration to 'Ritornello' from today. Please let us know your comments.

Great news: you will probably be the first migration in a production environment, so please let us know about your progresses!

Any change up to yesterday morning is on 0.7RC1 tag [1]: any other fix will be committed on 0_7_X branch [2] and released in a short while for 0.7RC2.

Please consider that AD features you discuss below are implemented by ConnId bundle 0.9 [3], while fixes are currently committed to trunk [4]: I think that in a short while we would be able to release 1.0: stay tuned on ConnId mailing lists for this.

Regards.

[1] http://syncope.googlecode.com/svn/tags/syncope-0.7RC1/
[2] http://syncope.googlecode.com/svn/branches/0_7_X/
[3] http://connid.googlecode.com/svn/bundles/ad/tags/org.connid.bundles.ad-0.9/
[4] http://connid.googlecode.com/svn/bundles/ad/trunk/

-- 
Francesco Chicchiriccò

"Computer Science is no more about computers than astronomy
is about telescopes." (E. W. Dijkstra)