Ritornello | AD Resource-SchemaMapping questions
7 views
Skip to first unread message
Antony Pulicken
Dec 19, 2011, 1:29:14 AM12/19/11
to syncop...@googlegroups.com
Hi,
Thanks and Regards,
Antony.
- While creating a resource mapping for AD connector, I had given the external attributes mapping for 'uid' as 'sAMAccountName' and it was a text field where I had typed in the mapping. After some time I noticed that it has been changed to drop down with the value as 'USNIntersite' and I'm not able to find 'sAMAccountName' in the drop down. More over, it was giving me an 'Attribute Conversion Exception'
- In the earlier version of syncope, we were able to give the 'external attribute' mapping for the password field (unicodepwd or password), Username (sAMAccountName even when Username is the accountId) etc. Is it taken care internally now or is there a different approach?
Thanks and Regards,
Antony.
Fabio Martelli
Dec 19, 2011, 2:51:52 AM12/19/11
to syncop...@googlegroups.com
Il giorno 19/dic/2011, alle ore 07.29, Antony Pulicken ha scritto:
Hi,
- While creating a resource mapping for AD connector, I had given the external attributes mapping for 'uid' as 'sAMAccountName' and it was a text field where I had typed in the mapping. After some time I noticed that it has been changed to drop down with the value as 'USNIntersite' and I'm not able to find 'sAMAccountName' in the drop down. More over, it was giving me an 'Attribute Conversion Exception'
Hi Antony,
you cannot see sAMAccountName because this is not a schema of object classes specified.
This is a bug that I'm going to correct (http://code.google.com/p/connid/issues/detail?id=24).
- In the earlier version of syncope, we were able to give the 'external attribute' mapping for the password field (unicodepwd or password), Username (sAMAccountName even when Username is the accountId) etc. Is it taken care internally now or is there a different approach?
Yes, it's a little bit different: now you don't have to specify external attribute when you are configuring Password or AccountId.
Password and AccountId is always sent to the target resource using special attribute (__PASSWORD__, __UID__/__NAME__).
Regards,
F.
Fabio Martelli
Dec 19, 2011, 3:35:38 AM12/19/11
to syncop...@googlegroups.com
Il giorno 19/dic/2011, alle ore 08.51, Fabio Martelli ha scritto:
Il giorno 19/dic/2011, alle ore 07.29, Antony Pulicken ha scritto:Hi,Hi Antony,
- While creating a resource mapping for AD connector, I had given the external attributes mapping for 'uid' as 'sAMAccountName' and it was a text field where I had typed in the mapping. After some time I noticed that it has been changed to drop down with the value as 'USNIntersite' and I'm not able to find 'sAMAccountName' in the drop down. More over, it was giving me an 'Attribute Conversion Exception'
you cannot see sAMAccountName because this is not a schema of object classes specified.This is a bug that I'm going to correct (http://code.google.com/p/connid/issues/detail?id=24).
Issue #24 fixed on trunk. Check it out and try again.
Regards,
F.
Antony Pulicken
Dec 19, 2011, 3:44:53 AM12/19/11
to syncop...@googlegroups.com
Thanks Fabio for the quick fix.
Currently we are using http://syncope.googlecode.com/svn/tags/syncope-0.7RC1/ and it looks pretty stable. Are you suggesting to take the latest from the trunk instead of using the released version? Also, I had faced some issues when I pointed the trunk version to mySQL last week. What do you recommend ?
Regards,
Antony.
Currently we are using http://syncope.googlecode.com/svn/tags/syncope-0.7RC1/ and it looks pretty stable. Are you suggesting to take the latest from the trunk instead of using the released version? Also, I had faced some issues when I pointed the trunk version to mySQL last week. What do you recommend ?
Regards,
Antony.
Fabio Martelli
Dec 19, 2011, 3:48:41 AM12/19/11
to syncop...@googlegroups.com
Il giorno 19/dic/2011, alle ore 09.44, Antony Pulicken ha scritto:
Thanks Fabio for the quick fix.
Currently we are using http://syncope.googlecode.com/svn/tags/syncope-0.7RC1/ and it looks pretty stable. Are you suggesting to take the latest from the trunk instead of using the released version? Also, I had faced some issues when I pointed the trunk version to mySQL last week. What do you recommend ?
I'm talking about connid (AD connector, in particular).
As you should know, we released the ad connector 0.9.1 release on friday.
Regards,
F.
Antony Pulicken
Dec 19, 2011, 9:33:44 AM12/19/11
to syncop...@googlegroups.com
Hi Fabio,
I'm getting 'javax.naming.OperationNotSupportedException' error when I check the 'Verify memberships in OR' flag. If I don't enable it, then I can see the delta being picked up by the connector, but change won't get propagated to syncope. Please find attached the screenshots of the AD connector configuration, AD resource mapping and the log files for your reference. Please let us know your suggestions as early as possible
Thanks and regards,
Antony.
I'm getting 'javax.naming.OperationNotSupportedException' error when I check the 'Verify memberships in OR' flag. If I don't enable it, then I can see the delta being picked up by the connector, but change won't get propagated to syncope. Please find attached the screenshots of the AD connector configuration, AD resource mapping and the log files for your reference. Please let us know your suggestions as early as possible
Thanks and regards,
Antony.
Fabio Martelli
Dec 19, 2011, 10:49:49 AM12/19/11
to syncop...@googlegroups.com
Il giorno 19/dic/2011, alle ore 15.33, Antony Pulicken ha scritto:
Hi Fabio,
I'm getting 'javax.naming.OperationNotSupportedException' error when I check the 'Verify memberships in OR' flag. If I don't enable it, then I can see the delta being picked up by the connector, but change won't get propagated to syncope. Please find attached the screenshots of the AD connector configuration, AD resource mapping and the log files for your reference. Please let us know your suggestions as early as possible
Hi Antony,
I have replicated your configuration and it seems to work fine.
This is my schema list (userId and fullname removed; uid added)
AD connector configuration is ...
Resource configuration is ....
And at the end, the SyncJob ....
Please, check your configuration and let me know what I (or you) missed.
Best regards,
F.
<Screen Shot 2011-12-19 at 7.56.06 PM.png><Screen Shot 2011-12-19 at 7.56.30 PM.png><core-connid.log>
Antony Pulicken
Dec 19, 2011, 12:16:35 PM12/19/11
to syncop...@googlegroups.com
Thank a lot Fabio. Create (sync from AD) is working now !! Some of the changes I made based on your configuration is
1) Unchecked Initial loading
2) I had only Sync capability checked. I have checked all now, but guess that is not required
3) made the propogation mode 'one_phase' and unchecked 'propagation primary'
4) I deleted my sync task and created one based on what you specified
How ever, when I tried updating the user details (first name, last name , email) and the group details (removed the user from one of the registered group 'TelnetClients'), that doesn't seem to get synched. Same is the case with the delete. I will continue this tomorrow. In the mean time, please let me know in case you have any suggestions about update and delete.
Thanks again for all the help.
Thanks and Regards,
Antony.
1) Unchecked Initial loading
2) I had only Sync capability checked. I have checked all now, but guess that is not required
3) made the propogation mode 'one_phase' and unchecked 'propagation primary'
4) I deleted my sync task and created one based on what you specified
How ever, when I tried updating the user details (first name, last name , email) and the group details (removed the user from one of the registered group 'TelnetClients'), that doesn't seem to get synched. Same is the case with the delete. I will continue this tomorrow. In the mean time, please let me know in case you have any suggestions about update and delete.
Thanks again for all the help.
Thanks and Regards,
Antony.
Reply all
Reply to author
Forward
0 new messages