search

hlavki / g-suite-identity-sync

G Suite to LDAP identity synchronizer
Apache License 2.0
128 stars 29 forks source link

uid to cn mapping issue #10

Closed rsaple closed 6 years ago

rsaple commented 6 years ago

I finally installed this utility after some initial glitches. However, I get an LDAP error when I create an LDAP account. Here's the error


identity_1  | 2018-06-15T10:08:43,525 | INFO  | qtp86591752-77   | LoggingInInterceptor             | 41 - org.apache.cxf.cxf-core - 3.2.2 | Inbound Message
identity_1  | ----------------------------
identity_1  | ID: 39
identity_1  | Address: http://localhost:8181/cxf/identity/account
identity_1  | Encoding: UTF-8
identity_1  | Http-Method: POST
identity_1  | Content-Type: application/json;charset=UTF-8
identity_1  | Headers: {Accept=[application/json, text/plain, */*], accept-encoding=[gzip, deflate], Accept-Language=[en-GB,en;q=0.5], connection=[keep-alive], Content-Length=[118], content-type=[application/json;charset=UTF-8], Cookie=[JSESSIONID=11pr9xnyhx20y11lchk0tsikoa], Host=[localhost:8181], Referer=[http://localhost:8181/], User-Agent=[Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0]}
identity_1  | Payload: {"email":"rahul@agniinfosystems.co.in","password":"*********","confirmPassword":"*********","saveGSuitePassword":true}
identity_1  | --------------------------------------
identity_1  | 2018-06-15T10:08:44,096 | INFO  | qtp86591752-77   | LdapAccountServiceImpl           | 18 - eu.hlavki.identity.g-suite-identity-sync-services-ldap - 0.3.1 | Creating user with DN uid=rahul@agniinfosystems.co.in,cn=users,dc=agni,dc=loc
identity_1  | 2018-06-15T10:08:44,654 | ERROR | qtp86591752-77   | UserAccountService               | 19 - eu.hlavki.identity.g-suite-identity-sync-services-rest - 0.3.1 | Can't create account
identity_1  | eu.hlavki.identity.services.ldap.LdapSystemException: LDAPException(resultCode=64 (naming violation), errorMessage='00002037: objectclass: Invalid RDN 'UID' for objectclass 'inetOrgPerson'!', diagnosticMessage='00002037: objectclass: Invalid RDN 'UID' for objectclass 'inetOrgPerson'!', ldapSDKVersion=4.0.0, revision='25575')
identity_1  |   at eu.hlavki.identity.services.ldap.impl.LdapAccountServiceImpl.createAccount(LdapAccountServiceImpl.java:114) [18:eu.hlavki.identity.g-suite-identity-sync-services-ldap:0.3.1]
identity_1  |   at Proxyb4e87f66_9357_43c7_aea5_0ee903ade26f.createAccount(Unknown Source) [?:?]
identity_1  |   at eu.hlavki.identity.services.rest.account.UserAccountService.createAccount(UserAccountService.java:96) [19:eu.hlavki.identity.g-suite-identity-sync-services-rest:0.3.1]
identity_1  |   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
identity_1  |   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
identity_1  |   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
identity_1  |   at java.lang.reflect.Method.invoke(Method.java:498) ~[?:?]
identity_1  |   at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179) [41:org.apache.cxf.cxf-core:3.2.2]
identity_1  |   at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96) [41:org.apache.cxf.cxf-core:3.2.2]
identity_1  |   at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:192) [42:org.apache.cxf.cxf-rt-frontend-jaxrs:3.2.2]
identity_1  |   at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:103) [42:org.apache.cxf.cxf-rt-frontend-jaxrs:3.2.2]
identity_1  |   at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59) [41:org.apache.cxf.cxf-core:3.2.2]
identity_1  |   at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96) [41:org.apache.cxf.cxf-core:3.2.2]
identity_1  |   at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) [41:org.apache.cxf.cxf-core:3.2.2]
identity_1  |   at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [41:org.apache.cxf.cxf-core:3.2.2]
identity_1  |   at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267) [54:org.apache.cxf.cxf-rt-transports-http:3.2.2]
identity_1  |   at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) [54:org.apache.cxf.cxf-rt-transports-http:3.2.2]
identity_1  |   at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) [54:org.apache.cxf.cxf-rt-transports-http:3.2.2]
identity_1  |   at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) [54:org.apache.cxf.cxf-rt-transports-http:3.2.2]
identity_1  |   at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:191) [54:org.apache.cxf.cxf-rt-transports-http:3.2.2]
identity_1  |   at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301) [54:org.apache.cxf.cxf-rt-transports-http:3.2.2]
identity_1  |   at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220) [54:org.apache.cxf.cxf-rt-transports-http:3.2.2]
identity_1  |   at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) [26:javax.servlet-api:3.1.0]
identity_1  |   at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276) [54:org.apache.cxf.cxf-rt-transports-http:3.2.2]
identity_1  |   at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:848) [123:org.eclipse.jetty.servlet:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1772) [123:org.eclipse.jetty.servlet:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:205) [133:org.eclipse.jetty.websocket.server:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [123:org.eclipse.jetty.servlet:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) [123:org.eclipse.jetty.servlet:9.3.21.v20170918]
identity_1  |   at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:71) [152:org.ops4j.pax.web.pax-web-jetty:6.0.9]
identity_1  |   at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [122:org.eclipse.jetty.server:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [120:org.eclipse.jetty.security:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) [122:org.eclipse.jetty.server:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) [122:org.eclipse.jetty.server:9.3.21.v20170918]
identity_1  |   at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:284) [152:org.ops4j.pax.web.pax-web-jetty:6.0.9]
identity_1  |   at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) [123:org.eclipse.jetty.servlet:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [122:org.eclipse.jetty.server:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) [122:org.eclipse.jetty.server:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [122:org.eclipse.jetty.server:9.3.21.v20170918]
identity_1  |   at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:80) [152:org.ops4j.pax.web.pax-web-jetty:6.0.9]
identity_1  |   at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) [122:org.eclipse.jetty.server:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.server.Server.handle(Server.java:534) [122:org.eclipse.jetty.server:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:333) [122:org.eclipse.jetty.server:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) [122:org.eclipse.jetty.server:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) [114:org.eclipse.jetty.io:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108) [114:org.eclipse.jetty.io:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) [114:org.eclipse.jetty.io:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) [125:org.eclipse.jetty.util:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) [125:org.eclipse.jetty.util:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) [125:org.eclipse.jetty.util:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) [125:org.eclipse.jetty.util:9.3.21.v20170918]
identity_1  |   at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) [125:org.eclipse.jetty.util:9.3.21.v20170918]
identity_1  |   at java.lang.Thread.run(Thread.java:748) [?:?]
identity_1  | Caused by: com.unboundid.ldap.sdk.LDAPException: 00002037: objectclass: Invalid RDN 'UID' for objectclass 'inetOrgPerson'!
identity_1  |   at com.unboundid.ldap.sdk.LDAPConnection.add(LDAPConnection.java:1971) ~[?:?]
identity_1  |   at com.unboundid.ldap.sdk.LDAPConnection.add(LDAPConnection.java:1917) ~[?:?]
identity_1  |   at eu.hlavki.identity.services.ldap.impl.LdapAccountServiceImpl.createAccount(LdapAccountServiceImpl.java:112) ~[?:?]
identity_1  |   ... 52 more
identity_1  | 2018-06-15T10:08:44,693 | INFO  | qtp86591752-77   | LoggingOutInterceptor            | 41 - org.apache.cxf.cxf-core - 3.2.2 | Outbound Message
identity_1  | ---------------------------
identity_1  | ID: 39
identity_1  | Response-Code: 500
identity_1  | Content-Type: application/json
identity_1  | Headers: {Content-Type=[application/json], Date=[Fri, 15 Jun 2018 10:08:44 GMT]}
identity_1  | Payload: {"code":"LDAP_ERR","message":"LDAPException(resultCode=64 (naming violation), errorMessage='00002037: objectclass: Invalid RDN 'UID' for objectclass 'inetOrgPerson'!', diagnosticMessage='00002037: objectclass: Invalid RDN 'UID' for objectclass 'inetOrgPerson'!', ldapSDKVersion=4.0.0, revision='25575')"}
identity_1  | --------------------------------------

Guess it's because I'm using Samba as my LDAP Server which uses a Windows LDAP Schema(CN and not uid as for Unix systems) for interoperability reasons. Is there a way I can map uid to cn when making an entry into the ldap. Also CN stores usernames instead of email-ids. How do I make this app reflect this change? Thanks.

hlavki commented 6 years ago

@rsaple, can you please test it with docker image hlavki/g-suite-identity-sync:issue-10. It should create user entry with CN=email instead of UID=email

hlavki commented 6 years ago

I will close this issue due inactivity. If you have any questions feel free to reopen or add new issue.

dimasdjs commented 4 years ago

Hi @hlavki, i meet same issue , any solution for this case? i cant register my gsuite to ldap because its cn not uid format.

hlavki commented 4 years ago

@dimasdjs, @rsaple could you please have a look on issue #53