Reconcilation LDAPv3 Resource (OpenDS)

5 views
Skip to first unread message

coocooche

unread,
Mar 16, 2010, 10:11:26 AM3/16/10
to Velo
Hello,
here i'm back trying to set up velo to reconciliate a ldap3 resource.

I'm trying to test velo with the purpose to use Velo as an IDM
solution for our company.
As I said in the other thread, I installed OpenDS 2.2.0 and I created
a couple of simple HR users and then tried to reconciliate without
success. These are the steps:
1)I installed OpenDS and i created a ldap resource to test Velo
(ou=people,dc=example,dc=com)
2)I created the “Reconcile Policy”
3)I created a “Generic LDAP” called 'resource_ldap' , I set up
'admins' and create resource's attributes
4)I did all the maps needed
5)I implemented the 'Full Resource Identities Reconciliation' with the
follow groovy script action:

import org.apache.directory.groovyldap.LDAP

ldap = LDAP.newInstance('ldap://hostname:389', 'cn=Directory
Manager','password')
def username
def givenName
def lastName

String accountsQuery = ldap.eachEntry(filter:'(uid=*)') {
username = entry.uid
givenName = entry.givenName
lastName = entry.sn
}

I did a migration from the script for jdbc recociliation to the ldap
one but I don't know if this is right,do it?!
Here are some log errors:
2010-03-16 12:32:23,255 ERROR [velo.action.ResourceOperation] Failed
to execute resource action ID '4': javax.script.ScriptException:
javax.script.ScriptException: groovy.lang.MissingPropertyException: No
such property: entry for class: Script2

Thanks,
Gentjan

Dino Anzellotti

unread,
Mar 17, 2010, 10:46:53 AM3/17/10
to Velo
Hi guys,
I have the same problem with Velo and LDAP v3 products..
An our customer decided to choose an open source IDM solution and we
are trying to push Velo, but we are not able to integrate an LDAP
server..
No docs, no wiki...

Is there any way to grab clear information regarding this topic..
Thanks in advance..


--
Dino Anzellotti

Il giorno 16/mar/10, alle ore 15:11, coocooche ha scritto:

> --
> You received this message because you are subscribed to the Google
> Groups "Velo" group.
> To post to this group, send email to velo-...@googlegroups.com
> To unsubscribe from this group, send email to velo-users-...@googlegroups.com
> For more options, visit this group at http://groups.google.com/group/velo-users?hl=en

Trouby

unread,
Mar 17, 2010, 11:39:26 AM3/17/10
to Velo
Hey there,


Groovy actions are necessary only for JDBC resource type,
DB schemas are generic, you can't know a head how to reconcile/create/
delete/etc.. users since the queries can be different between
different DBs (sometimes queries sometimes its just an invocation of a
stored procedure),

In LDAP, the resource type knows how to create the user, as ldap
queries invocations are standards and known a head, thus, no script is
required,


Just define the attributes fields, add a role to a user, an account
task will be created and invoked directly on the defined LDAP,
Make sure under configuration to define the contexts, baseDN, etc...

Cheers.

Dino Anzellotti

unread,
Mar 18, 2010, 11:36:47 AM3/18/10
to Velo, Trouby
Hi,
I share all details in order to get help.. :-)

I'm using Velo 1.4 on Jboss (Running on Solaris 10 Sparc)

Resource LDAP (OpenDS - LDAP v3 compliant)
Adapter Class Name: velo.adapters.ActiveDirectoryAdapter

Specific-Type properties

LDAP account object class = inetorgperson
The filter to use when searching user objects:
(objectclass=inetorgperson)

There is field to fill in that has the follow description:
"This value is used in addition to the base DN
when searching and loading accounts, an example is ou=Users.
If no value is supplied, the subtree search will start from the base DN"

Actually I didn't find any way to define a base DN, so I decided to
put there "ou=people,dc=everett,dc=it", which is the complete dn for
user accounts.

I've done the same thing for the last property to set; "The value is
used in addition to base DN, this is the default account creation
container.."
I put there: "ou=people,dc=everett,dc=it"

Here you can find the attribute list for the resource

ATTRIBUTE 1
Name as in Resource: sn
Display Name: Surname
Resource: LDAPResource
Managed; YES
Required: NO

ATTRIBUTE 2
Name as in Resource: cn
Display Name: Common Name
Resource: LDAPResource
Managed; YES
Required: NO

ATTRIBUTE 3
Name as in Resource: givenName
Display Name: First Name
Resource: LDAPResource
Managed; YES
Required: NO

ATTRIBUTE 4
Name as in Resource: uid
Display Name: username
Resource: LDAPResource
Managed; YES
Required: YES


When I do the full reconciliation, I have Fatal Error: Not supported
Yet... I didn't have any specific ERROR in server.log and moreover, I
didn't see any access attempt on LDAP server side..

BTW, the test connectivity for the resource is OK..

Is there anything else missing??

Thanks for you help

Regards..

--
Dino

Il giorno 17/mar/10, alle ore 16:39, Trouby ha scritto:

coocooche

unread,
Apr 27, 2010, 10:07:44 AM4/27/10
to Velo
Any news about LDAP v3 reconciliation? And what about the release of
Velo 1.5?
Thx
Reply all
Reply to author
Forward
0 new messages