This topic has 1 reply, 2 voices, and was last updated 6 years, 10 months ago by ssripathy.

  • Author
    Posts
  • #6275
     Matt Mencel
    Participant

    I have a managed object in OpenIDM. I’ve setup a mapping between it and an LDAP server.

    When I attempt to reconcile I get this error.

    
    Nov 11, 2015 2:43:31 PM org.forgerock.openidm.sync.impl.ObjectMapping$2 recon
    WARNING: Unexpected failure during source reconciliation 62e48796-ba90-4638-ba62-cd75ad17c719
    org.forgerock.openidm.sync.impl.SynchronizationException: Create operations are not supported on ObjectClass: __ACCOUNT__
    

    I’m not sure if it’s trying to create an LDAP user with objectClass account? I don’t see any connections or errors in the logs on the LDAP server. Any help or ideas?

    From sync.json….

    
    {
                "source" : "managed/wiu_user",
                "targetQuery" : {
                    "_queryFilter" : "(sn sw \"\")"
                },
                "name" : "managedWiu_user_sourceDs01WiuPerson",
                "target" : "system/ds01/wiuPerson",
                "properties" : [
                    {
                        "target" : "sn",
                        "source" : "sn"
                    },
                    {
                        "target" : "uid",
                        "source" : "uid"
                    }
                ],
    ...
    

    from the provisioner json…

    
    "objectTypes" : {
            "wiuPerson" : {
                "id" : "__ACCOUNT__",
                "properties" : {
                    "uid" : {
                        "nativeName" : "uid",
                        "type" : "array",
                        "required" : false,
                        "items" : {
                            "type" : "string",
                            "nativeType" : "string"
                        },
                        "nativeType" : "string"
                    },
                    "sn" : {
                        "nativeName" : "sn",
                        "type" : "array",
                        "required" : true,
                        "items" : {
                            "type" : "string",
                            "nativeType" : "string"
                        },
                        "nativeType" : "string"
                    },
    ...
    
    • This topic was modified 6 years, 10 months ago by Matt Mencel.
    #6279
     ssripathy
    Participant

    Do you have onCreate() trigger in your sync mapping for LDAP that sets the target dn? Something like this

    “onCreate” : {
    “type” : “text/javascript”,
    “source” : “target.dn = ‘cn=’ + source.cn + ‘ou=people,dc=example,dc=com’;”
    },

    What do you operationOptions on that provisioner file look like? Is CREATE with “denied” flag set to false?

    “operationOptions” : {
    “DELETE” : {
    “denied” : false,
    “onDeny” : “DO_NOTHING”
    },
    “UPDATE” : {
    “denied” : false,
    “onDeny” : “DO_NOTHING”
    },
    “CREATE” : {
    “denied” : false,
    “onDeny” : “DO_NOTHING”
    }
    },

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?