user added, but email is empty and gluuStatus is "true" instead of "active"

By: Carl Buxbaum user 10 May 2016 at 2:15 p.m. CDT

7 Responses
Carl Buxbaum gravatar
Hi, when I use the Scim2Client to add a user, using this json below, the user is added, but the email (ldap mail attribute) is not created, and the gluuStatus ends up being "true" instead of "active" resulting in an empty Status in the gui. As you see in my json, I also tried adding a "mail" json attribute, but that is ignored. When I use the json that is in your Test client example, I get the same result. I also upgraded the SCIM client and server libraries to 2.4.3.Final Please see my input json below. Thanks, Carl { "entitlements": [ ], "adresses": [ { "primary": "true", "country": "US", "formatted": null, "locality": "Gloucester", "postalCode": "01930", "region": "MA", "streetAddress": "17 Rogers Street", "type": null } ], "userName": "cbuxbaum8", "displayName": "Carlos Buxbaumus", "nickName": null, "profileUrl": null, "title": null, "userType": null, "preferredLanguage": null, "locale": null, "timezone": null, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], "mail": "cbuxbaum8@bamboorose.com", "active": "true", "password": "abcde", "emails": [ { "primary": "true", "type": "work", "value": "cbuxbaum1@bamboorose.com" }, { "primary": null, "type": "home", "value": "buxbaums1@verizon.net" } ], "name": { "formatted": null, "familyName": "Buxbaum", "givenName": "Carl", "middleName": null, "honorificPrefix": null, "honorificSuffix": null }, "addresses": [ { "primary": "true", "country": "US", "formatted": null, "locality": "Gloucester", "postalCode": "01930", "region": "MA", "streetAddress": "17 Rogers Street", "type": null } ], "externalId": "cbuxbaum8", "id": null, "customAttributes": [ ] }
closed

Answers

By Valentino Pecaoco user 11 May 2016 at 12:53 a.m. CDT

Copy
Valentino Pecaoco gravatar
Hi Carl, The `gluuStatus` issue has been fixed [here](https://github.com/GluuFederation/oxTrust/issues/240). There is no `mail` attribute, only `emails`, and it actually goes into the `oxTrustEmail` attribute in LDAP but is not shown in the oxTrust GUI. Regards, Val

By Carl Buxbaum user 11 May 2016 at 10:10 a.m. CDT

Copy
Carl Buxbaum gravatar
Hi, When you create a user in gluu, there is a Gluuperson mail attribute, and that is where the confusion arises. We assumed that that is the ldap attribute that would be populated. Given that certain oxtrust attributes are the ones that are populated, is there a custom script that can be called when a user is created via the ScimClient that we could use to populate other ldap attributes if we chose to? Thanks, Carl

By Valentino Pecaoco user 12 May 2016 at 12:33 a.m. CDT

Copy
Valentino Pecaoco gravatar
Hi Carl, We have noted the discrepancy on the email and we'll be fixing this issue. There is no provided custom script that can be called to populate the other LDAP attributes. This could only be done manually via the oxTrust GUI or programmatically via SCIM. Also, using real objects is preferred rather than supplying a JSON string, e.g.: [https://github.com/GluuFederation/SCIM-Client/blob/master/src/test/java/gluu/scim2/client/UserExtensionsPersonTest.java#L63](https://github.com/GluuFederation/SCIM-Client/blob/master/src/test/java/gluu/scim2/client/UserExtensionsPersonTest.java#L63) [https://github.com/GluuFederation/SCIM-Client/blob/master/src/test/java/gluu/scim2/client/UserExtensionsPersonTest.java#L158](https://github.com/GluuFederation/SCIM-Client/blob/master/src/test/java/gluu/scim2/client/UserExtensionsPersonTest.java#L158) Thanks, Val

By Carl Buxbaum user 12 May 2016 at 9:48 a.m. CDT

Copy
Carl Buxbaum gravatar
Thank you for your answer. Can you explain briefly how to use Scim Objects to create any particular LDAP entry (GluuPerson mail attribute for example)? Thanks, Carl

By Valentino Pecaoco user 12 May 2016 at 10:19 a.m. CDT

Copy
Valentino Pecaoco gravatar
The SCIM objects are already specifically mapped one-to-one to LDAP attributes; there is no way to update just any arbitrary LDAP attribute. However, in SCIM 2.0 spec you can add an "extension" attribute and use it. Currently in Gluu only User extensions are supported. [https://github.com/GluuFederation/SCIM-Client/blob/master/src/test/java/gluu/scim2/client/UserExtensionsPersonTest.java#L100 ](https://github.com/GluuFederation/SCIM-Client/blob/master/src/test/java/gluu/scim2/client/UserExtensionsPersonTest.java#L100) You need to do these steps first before you can use an extension attribute: 1. Add the extension attribute in oxTrust GUI. 2. Set its "SCIM Attribute = True". Email is populated here: [ https://github.com/GluuFederation/SCIM-Client/blob/master/src/test/java/gluu/scim2/client/UserExtensionsPersonTest.java#L70](https://github.com/GluuFederation/SCIM-Client/blob/master/src/test/java/gluu/scim2/client/UserExtensionsPersonTest.java#L70)

By Carl Buxbaum user 12 May 2016 at 10:35 a.m. CDT

Copy
Carl Buxbaum gravatar
OK, thanks again, and I do understand how to use the custom scim attributes now. However, you are not understanding my initial issue/question. If you do a search on Gluu users from the admin gui, you will see that there is an attribute displayed in the results with a display name of "Email". That is populated by the ldap GluuPerson "mail" attribute. I expected to be able to create a user with the SCIM API and have the email show up there, but since the SCIM Email populates "oxTrustEmail" instead of GluuPerson.mail, you have not provided a way to populate the email displayed in the User search from the SCIM Client API. Hence the confusion. We need to use an email address as an alternate login, by adding a custom basic authentication script, which is why I have been asking. We can create and populate our own custom attribute, which will be fine, but seemed unnecessary since you seem to have two places for email already, or we could use the oxTrustEmail attribute, but then we have the added complexity of looking up a user within the script by their oxTrustEmail primary email, which will involve parsing the json that attribute is stored in in the ldap database. Thanks, Carl

By Valentino Pecaoco user 25 May 2016 at 2:34 a.m. CDT

Copy
Valentino Pecaoco gravatar
Hi, syncing of mail will be available in CE v2.4.4: [Sync "oxTrustEmail" and "mail" LDAP attributes via SCIM or update from oxTrust GUI](https://github.com/GluuFederation/oxTrust/issues/251) Please feel free to open another ticket if you have other concerns. Thanks.

Post an answer