Re: [lsc-users] Error sync OpenLDAP to AD

Wed, 12 May 2010 01:21:09 -0700 

Le 12/05/2010 10:02, Romain a écrit :


Le 12/05/2010 09:51, Jonathan Clarke a écrit :


Hi,

Please keep replies on the list! :)

Le 12/05/2010 09:45, Romain a écrit :

In the 1.2 version, i have make the lsc.properties file, but i don't
know how to launch the synchronization ???


Run the bin/lsc command from the -dist archive with the same options
as lsc::synchronize.


I have try, it works, but now when i launch this command : bin/lsc -s
all -c all, i obtain this message :
-------------------------------------
mai 12 09:39:01 - INFO - Starting sync for user
mai 12 09:39:01 - ERROR - java.lang.RuntimeException: Deprecated value
specified in task user for object! Please read upgrade notes ! (Please
take a look at upgrade notes at
http://lsc-project.org/wiki/documentation/upgrade/1.1-1.2)
Last log file line: mai 12 09:39:01 - ERROR -
java.lang.RuntimeException: Deprecated value specified in task user for

object! Please read upgrade notes ! (Please take a look at upgrade 
notes

at http://lsc-project.org/wiki/documentation/upgrade/1.1-1.2)
---------------------------------------


So its a problem with the object task user (something that), i have 
read

the doc who are said, and i have understand that i have to modify the
logback file ???



This error message means that you should delete the "object" property 
for the task "user". From the upgrade notes, follow this in particular:


3. Edit the new lsc.properties file:

    - Delete taskType properties lines (like 
lsc.tasks.MyTask.taskType = db2ldap)
    - Delete object properties lines (like lsc.tasks.MyTask.object = 
org.lsc.objects.pPerson)
    - Replace all bean properties values (like lsc.tasks.MyTask.bean 
= org.lsc.beans.inetOrgPersonBean) with the value 
org.lsc.beans.SimpleBean.



If you haven't changed your log4j.properties, you can just use the 
default logback.xml provided.


Jonathan



Yes i have succeded just after i have send my mail. So no, i have this 
lsc.properties file :

----------------------------------------

src.java.naming.security.principal=cn=admin,dc=openldap,dc=nomotech,dc=local 


src.java.naming.security.credentials=$ervSimu1
src.java.naming.security.authentication=simple
src.java.naming.referral=ignore

src.java.naming.provider.url=ldap://192.168.0.2:389/dc=openldap,dc=nomotech,dc=local 


src.java.naming.ldap.version=3
src.java.naming.ldap.derefAliases=never
src.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
#src.database.username=sa
#src.database.url=jdbc:hsqldb:file:hsqldb/lsc
#src.database.password=
#src.database.driver=org.hsqldb.jdbcDriver
#lsc.tasks=FirstTask, user

lsc.tasks=user

#lsc.tasks.user.type=ldap2ldap
lsc.tasks.user.srcService=org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.user.srcService.pivotAttrs=cn sn
lsc.tasks.user.srcService.filterId=(sn={sn})
lsc.tasks.user.srcService.filterAll=(&(sn=*)(objectClass=inetOrgPerson))
lsc.tasks.user.srcService.baseDn=ou=Users
lsc.tasks.user.srcService.attrs=description cn sn userPassword
#lsc.tasks.user.object=org.lsc.objects.inetOrgPerson
lsc.tasks.user.dstService=org.lsc.jndi.SimpleJndiDstService
lsc.tasks.user.dstService.pivotAttrs=cn sn
lsc.tasks.user.dstService.filterId=(sn={sn})
lsc.tasks.user.dstService.filterAll=(&(sn=*)(objectClass=user))
lsc.tasks.user.dstService.baseDn=cn=Users

lsc.tasks.user.dstService.attrs=description cn sn userPassword 
objectClass
lsc.tasks.user.dn="cn=" + srcBean.getAttributeValueById("cn") + 
",ou=Users"

lsc.tasks.user.bean=org.lsc.beans.SimpleBean

#lignes ajoutées

lsc.tasks.user.srcService.filterId = 
(&(objectClass=inetOrgPerson)(uid={uid}))

lsc.tasks.user.srcService.pivotAttrs = uid

lsc.tasks.user.dstService.filterId = 
(&(objectClass=user)(sAMAccountName={uid}))

lsc.tasks.user.dstService.pivotAttrs = uid

lsc.tasks.user.dn = "cn=" + srcBean.getAttributeValueById("cn") + 
",ou=Users"




dst.java.naming.security.principal=cn=Administrateur,cn=Users,dc=nomotech,dc=local 


dst.java.naming.security.credentials=$ervSimu1
dst.java.naming.security.authentication=simple
dst.java.naming.referral=ignore
dst.java.naming.provider.url=ldap://192.168.0.1:389/dc=nomotech,dc=local
dst.java.naming.ldap.version=3
dst.java.naming.ldap.derefAliases=never
dst.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

#mod
dst.java.naming.ldap.pageSize = 1000

dn.real_root=cn=Users,dc=nomotech,dc=local
#Tue Oct 20 16:34:13 CEST 2009
#Re/set the Source LDAP properties



# Synchronization options

lsc.syncoptions.user = 
org.lsc.beans.syncoptions.PropertiesBasedSyncOptions

lsc.syncoptions.user.default.action = F

# Direct link - no need to specify syncoptions
# uid <- uid
# cn <- cn (done with DN generation)
# sn <- sn

# objectClass <- top/user/person/organizationalperson
lsc.syncoptions.user.objectClass.action = F

lsc.syncoptions.user.objectClass.force_value = 
"top";"user";"person";"organizationalPerson"


# sAMAccountName <- uid

lsc.syncoptions.user.sAMAccountName.create_value = 
srcBean.getAttributeValueById("uid")


# userPrincipalName <- uid + "@nomotech.local"

lsc.syncoptions.user.userPrincipalName.force_value = 
srcBean.getAttributeValueById("uid") + "@nomotech.com"


# userAccountControl

lsc.syncoptions.user.userAccountControl.create_value = 
AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT])


# pwdLastSet <- 0 to force user to change password on next connection
lsc.syncoptions.user.pwdLastset.create_value = "0"

# unicodePwd <- "changeit" at creation (requires SSL connection to AD)

lsc.syncoptions.user.unicodePwd.create_value = 
AD.getUnicodePwd("changeit")

--------------------------------------------------------------


But when i launch this command :  bin/lsc -s all -c all, i have this 
error message :

--------------------------------------------
mai 12 09:52:03 - INFO  - Starting sync for user

mai 12 09:52:04 - INFO  - Connecting to LDAP server 
ldap://192.168.0.2:389/dc=openldap,dc=nomotech,dc=local as 
cn=admin,dc=openldap,dc=nomotech,dc=local
mai 12 09:52:04 - ERROR - Unable to get object for 
[email protected],ou=Users,dc=openldap,dc=nomotech,dc=local
mai 12 09:52:04 - ERROR - Unable to get object for 
[email protected],ou=Users,dc=openldap,dc=nomotech,dc=local 

mai 12 09:52:04 - ERROR - Unable to get object for 
[email protected],ou=Users,dc=openldap,dc=nomotech,dc=local 

mai 12 09:52:04 - ERROR - Unable to get object for 
[email protected],ou=Users,dc=openldap,dc=nomotech,dc=local
mai 12 09:52:04 - ERROR - Unable to get object for 
[email protected],ou=Users,dc=openldap,dc=nomotech,dc=local
mai 12 09:52:04 - ERROR - Unable to get object for 
[email protected],ou=Users,dc=openldap,dc=nomotech,dc=local
mai 12 09:52:04 - ERROR - Unable to get object for 
[email protected],ou=Users,dc=openldap,dc=nomotech,dc=local 

mai 12 09:52:04 - ERROR - Unable to get object for 
[email protected],ou=Users,dc=openldap,dc=nomotech,dc=local
mai 12 09:52:04 - ERROR - Unable to get object for 
[email protected],ou=Users,dc=openldap,dc=nomotech,dc=local
mai 12 09:52:04 - ERROR - Unable to get object for 
id=cn=toto,ou=Users,dc=openldap,dc=nomotech,dc=local
mai 12 09:52:04 - ERROR - Unable to get object for 
[email protected],ou=Users,dc=openldap,dc=nomotech,dc=local
mai 12 09:52:04 - ERROR - Unable to get object for 
[email protected],ou=Users,dc=openldap,dc=nomotech,dc=local 

mai 12 09:52:04 - ERROR - All entries: 12, to modify entries: 0, 
modified entries: 0, errors: 12

mai 12 09:52:04 - INFO  - Starting clean for user

mai 12 09:52:04 - INFO  - Connecting to LDAP server 
ldap://192.168.0.1:389/dc=nomotech,dc=local as 
cn=Administrateur,cn=Users,dc=nomotech,dc=local
mai 12 09:52:04 - INFO  - # Removing entry 
CN=test,CN=Users,DC=nomotech,DC=local for user

dn: CN=test,CN=Users,DC=nomotech,DC=local,dc=nomotech,dc=local
changetype: delete


mai 12 09:52:04 - INFO  - # Removing entry 
CN=test1,CN=Users,DC=nomotech,DC=local for user

dn: CN=test1,CN=Users,DC=nomotech,DC=local,dc=nomotech,dc=local
changetype: delete


mai 12 09:52:04 - INFO  - All entries: 2, to modify entries: 2, 
modified entries: 2, errors: 0

--------------------------------------------------


So the result is better than yesterday, but now i have error to get 
the user ???
The good point are that user are not in openldap directory, are delete 
in the ad.


Thanks for your quickly answer, its very nice ;-)




_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users



Its now better, i have modify my lsc properties a little, and now i 
launch this command : bin/lsc -s all.
So now, i don't launch with this argument : -c all, because otherwise, 
my user are delete in AD like that :

-----------------------------------------------
mai 12 10:13:13 - INFO  - Starting sync for user

mai 12 10:13:13 - INFO  - Connecting to LDAP server 
ldap://192.168.0.2:389/dc=openldap,dc=nomotech,dc=local as 
cn=admin,dc=openldap,dc=nomotech,dc=local
mai 12 10:13:13 - INFO  - Connecting to LDAP server 
ldap://192.168.0.1:389/dc=nomotech,dc=local as 
cn=Administrateur,cn=Users,dc=nomotech,dc=local

mai 12 10:13:14 - INFO  - # Adding new entry cn=toto,cn=Users for user
dn: cn=toto,cn=Users,dc=nomotech,dc=local
changetype: add
sn: toto
cn: toto
userPassword: {MD5}E0xHX+Rnx1Qw2N/Nw+rz3Q==
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top


mai 12 10:13:14 - INFO  - All entries: 1, to modify entries: 1, modified 
entries: 1, errors: 0

mai 12 10:13:14 - INFO  - Starting clean for user

mai 12 10:13:14 - INFO  - # Removing entry 
CN=toto,CN=Users,DC=nomotech,DC=local for user

dn: CN=toto,CN=Users,DC=nomotech,DC=local,dc=nomotech,dc=local
changetype: delete


mai 12 10:13:14 - INFO  - All entries: 1, to modify entries: 1, modified 
entries: 1, errors: 0

----------------------------------------

So with this command : bin/lsc -s all, i have this :
----------------------------------------------
mai 12 10:14:02 - INFO  - Starting sync for user

mai 12 10:14:02 - INFO  - Connecting to LDAP server 
ldap://192.168.0.2:389/dc=openldap,dc=nomotech,dc=local as 
cn=admin,dc=openldap,dc=nomotech,dc=local
mai 12 10:14:02 - INFO  - Connecting to LDAP server 
ldap://192.168.0.1:389/dc=nomotech,dc=local as 
cn=Administrateur,cn=Users,dc=nomotech,dc=local

mai 12 10:14:02 - INFO  - # Adding new entry cn=toto,cn=Users for user
dn: cn=toto,cn=Users,dc=nomotech,dc=local
changetype: add
sn: toto
cn: toto
userPassword: {MD5}E0xHX+Rnx1Qw2N/Nw+rz3Q==
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top


mai 12 10:14:02 - INFO  - All entries: 1, to modify entries: 1, modified 
entries: 1, errors: 0

------------------------------


Now, i see my user "toto" in my AD, but he is no active. I think that i 
have to use a securate communication between AD and Openldap ???


But, have i to modify my user in OpenLDAP to success ??

Sorry for my english

Thanks



_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users






















					Reply via email to