2010/5/12 Romain <[email protected]>: > Le 12/05/2010 10:02, Romain a écrit : >> >> Le 12/05/2010 09:51, Jonathan Clarke a écrit : >>> >>> Hi, >>> >>> Please keep replies on the list! :) >>> >>> Le 12/05/2010 09:45, Romain a écrit : >>>>>> >>>>>> In the 1.2 version, i have make the lsc.properties file, but i don't >>>>>> know how to launch the synchronization ??? >>>>> >>>>> Run the bin/lsc command from the -dist archive with the same options >>>>> as lsc::synchronize. >>>> >>>> I have try, it works, but now when i launch this command : bin/lsc -s >>>> all -c all, i obtain this message : >>>> ------------------------------------- >>>> mai 12 09:39:01 - INFO - Starting sync for user >>>> mai 12 09:39:01 - ERROR - java.lang.RuntimeException: Deprecated value >>>> specified in task user for object! Please read upgrade notes ! (Please >>>> take a look at upgrade notes at >>>> http://lsc-project.org/wiki/documentation/upgrade/1.1-1.2) >>>> Last log file line: mai 12 09:39:01 - ERROR - >>>> java.lang.RuntimeException: Deprecated value specified in task user for >>>> object! Please read upgrade notes ! (Please take a look at upgrade notes >>>> at http://lsc-project.org/wiki/documentation/upgrade/1.1-1.2) >>>> --------------------------------------- >>>> >>>> So its a problem with the object task user (something that), i have read >>>> the doc who are said, and i have understand that i have to modify the >>>> logback file ??? >>> >>> This error message means that you should delete the "object" property for >>> the task "user". From the upgrade notes, follow this in particular: >>> >>> 3. Edit the new lsc.properties file: >>> - Delete taskType properties lines (like lsc.tasks.MyTask.taskType = >>> db2ldap) >>> - Delete object properties lines (like lsc.tasks.MyTask.object = >>> org.lsc.objects.pPerson) >>> - Replace all bean properties values (like lsc.tasks.MyTask.bean = >>> org.lsc.beans.inetOrgPersonBean) with the value org.lsc.beans.SimpleBean. >>> >>> If you haven't changed your log4j.properties, you can just use the >>> default logback.xml provided. >>> >>> Jonathan >> >> Yes i have succeded just after i have send my mail. So no, i have this >> lsc.properties file : >> ---------------------------------------- >> >> src.java.naming.security.principal=cn=admin,dc=openldap,dc=nomotech,dc=local >> src.java.naming.security.credentials=$ervSimu1 >> src.java.naming.security.authentication=simple >> src.java.naming.referral=ignore >> >> src.java.naming.provider.url=ldap://192.168.0.2:389/dc=openldap,dc=nomotech,dc=local >> src.java.naming.ldap.version=3 >> src.java.naming.ldap.derefAliases=never >> src.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory >> #src.database.username=sa >> #src.database.url=jdbc:hsqldb:file:hsqldb/lsc >> #src.database.password= >> #src.database.driver=org.hsqldb.jdbcDriver >> #lsc.tasks=FirstTask, user >> >> lsc.tasks=user >> >> #lsc.tasks.user.type=ldap2ldap >> lsc.tasks.user.srcService=org.lsc.jndi.SimpleJndiSrcService >> lsc.tasks.user.srcService.pivotAttrs=cn sn >> lsc.tasks.user.srcService.filterId=(sn={sn}) >> lsc.tasks.user.srcService.filterAll=(&(sn=*)(objectClass=inetOrgPerson)) >> lsc.tasks.user.srcService.baseDn=ou=Users >> lsc.tasks.user.srcService.attrs=description cn sn userPassword >> #lsc.tasks.user.object=org.lsc.objects.inetOrgPerson >> lsc.tasks.user.dstService=org.lsc.jndi.SimpleJndiDstService >> lsc.tasks.user.dstService.pivotAttrs=cn sn >> lsc.tasks.user.dstService.filterId=(sn={sn}) >> lsc.tasks.user.dstService.filterAll=(&(sn=*)(objectClass=user)) >> lsc.tasks.user.dstService.baseDn=cn=Users >> lsc.tasks.user.dstService.attrs=description cn sn userPassword objectClass >> lsc.tasks.user.dn="cn=" + srcBean.getAttributeValueById("cn") + >> ",ou=Users" >> lsc.tasks.user.bean=org.lsc.beans.SimpleBean >> >> #lignes ajoutées >> lsc.tasks.user.srcService.filterId = >> (&(objectClass=inetOrgPerson)(uid={uid})) >> lsc.tasks.user.srcService.pivotAttrs = uid >> lsc.tasks.user.dstService.filterId = >> (&(objectClass=user)(sAMAccountName={uid})) >> lsc.tasks.user.dstService.pivotAttrs = uid >> lsc.tasks.user.dn = "cn=" + srcBean.getAttributeValueById("cn") + >> ",ou=Users" >> >> >> >> dst.java.naming.security.principal=cn=Administrateur,cn=Users,dc=nomotech,dc=local >> dst.java.naming.security.credentials=$ervSimu1 >> dst.java.naming.security.authentication=simple >> dst.java.naming.referral=ignore >> dst.java.naming.provider.url=ldap://192.168.0.1:389/dc=nomotech,dc=local >> dst.java.naming.ldap.version=3 >> dst.java.naming.ldap.derefAliases=never >> dst.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory >> >> #mod >> dst.java.naming.ldap.pageSize = 1000 >> >> dn.real_root=cn=Users,dc=nomotech,dc=local >> #Tue Oct 20 16:34:13 CEST 2009 >> #Re/set the Source LDAP properties >> >> >> >> # Synchronization options >> lsc.syncoptions.user = >> org.lsc.beans.syncoptions.PropertiesBasedSyncOptions >> lsc.syncoptions.user.default.action = F >> >> # Direct link - no need to specify syncoptions >> # uid <- uid >> # cn <- cn (done with DN generation) >> # sn <- sn >> >> # objectClass <- top/user/person/organizationalperson >> lsc.syncoptions.user.objectClass.action = F >> lsc.syncoptions.user.objectClass.force_value = >> "top";"user";"person";"organizationalPerson" >> >> # sAMAccountName <- uid >> lsc.syncoptions.user.sAMAccountName.create_value = >> srcBean.getAttributeValueById("uid") >> >> # userPrincipalName <- uid + "@nomotech.local" >> lsc.syncoptions.user.userPrincipalName.force_value = >> srcBean.getAttributeValueById("uid") + "@nomotech.com" >> >> # userAccountControl >> lsc.syncoptions.user.userAccountControl.create_value = >> AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT]) >> >> # pwdLastSet <- 0 to force user to change password on next connection >> lsc.syncoptions.user.pwdLastset.create_value = "0" >> >> # unicodePwd <- "changeit" at creation (requires SSL connection to AD) >> lsc.syncoptions.user.unicodePwd.create_value = >> AD.getUnicodePwd("changeit") >> -------------------------------------------------------------- >> >> But when i launch this command : bin/lsc -s all -c all, i have this error >> message : >> -------------------------------------------- >> mai 12 09:52:03 - INFO - Starting sync for user >> mai 12 09:52:04 - INFO - Connecting to LDAP server >> ldap://192.168.0.2:389/dc=openldap,dc=nomotech,dc=local as >> cn=admin,dc=openldap,dc=nomotech,dc=local >> mai 12 09:52:04 - ERROR - Unable to get object for >> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >> mai 12 09:52:04 - ERROR - Unable to get object for >> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >> mai 12 09:52:04 - ERROR - Unable to get object for >> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >> mai 12 09:52:04 - ERROR - Unable to get object for >> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >> mai 12 09:52:04 - ERROR - Unable to get object for >> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >> mai 12 09:52:04 - ERROR - Unable to get object for >> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >> mai 12 09:52:04 - ERROR - Unable to get object for >> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >> mai 12 09:52:04 - ERROR - Unable to get object for >> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >> mai 12 09:52:04 - ERROR - Unable to get object for >> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >> mai 12 09:52:04 - ERROR - Unable to get object for >> id=cn=toto,ou=Users,dc=openldap,dc=nomotech,dc=local >> mai 12 09:52:04 - ERROR - Unable to get object for >> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >> mai 12 09:52:04 - ERROR - Unable to get object for >> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >> mai 12 09:52:04 - ERROR - All entries: 12, to modify entries: 0, modified >> entries: 0, errors: 12 >> mai 12 09:52:04 - INFO - Starting clean for user >> mai 12 09:52:04 - INFO - Connecting to LDAP server >> ldap://192.168.0.1:389/dc=nomotech,dc=local as >> cn=Administrateur,cn=Users,dc=nomotech,dc=local >> mai 12 09:52:04 - INFO - # Removing entry >> CN=test,CN=Users,DC=nomotech,DC=local for user >> dn: CN=test,CN=Users,DC=nomotech,DC=local,dc=nomotech,dc=local >> changetype: delete >> >> mai 12 09:52:04 - INFO - # Removing entry >> CN=test1,CN=Users,DC=nomotech,DC=local for user >> dn: CN=test1,CN=Users,DC=nomotech,DC=local,dc=nomotech,dc=local >> changetype: delete >> >> mai 12 09:52:04 - INFO - All entries: 2, to modify entries: 2, modified >> entries: 2, errors: 0 >> -------------------------------------------------- >> >> So the result is better than yesterday, but now i have error to get the >> user ??? >> The good point are that user are not in openldap directory, are delete in >> the ad. >> >> Thanks for your quickly answer, its very nice ;-) >> >> >> >> >> _______________________________________________________________ >> Ldap Synchronization Connector (LSC) - http://lsc-project.org >> >> lsc-users mailing list >> [email protected] >> http://lists.lsc-project.org/listinfo/lsc-users >> >> > Its now better, i have modify my lsc properties a little, and now i launch > this command : bin/lsc -s all. > So now, i don't launch with this argument : -c all, because otherwise, my > user are delete in AD like that : > ----------------------------------------------- > mai 12 10:13:13 - INFO - Starting sync for user > mai 12 10:13:13 - INFO - Connecting to LDAP server > ldap://192.168.0.2:389/dc=openldap,dc=nomotech,dc=local as > cn=admin,dc=openldap,dc=nomotech,dc=local > mai 12 10:13:13 - INFO - Connecting to LDAP server > ldap://192.168.0.1:389/dc=nomotech,dc=local as > cn=Administrateur,cn=Users,dc=nomotech,dc=local > mai 12 10:13:14 - INFO - # Adding new entry cn=toto,cn=Users for user > dn: cn=toto,cn=Users,dc=nomotech,dc=local > changetype: add > sn: toto > cn: toto > userPassword: {MD5}E0xHX+Rnx1Qw2N/Nw+rz3Q== > objectClass: organizationalPerson > objectClass: person > objectClass: user > objectClass: top > > mai 12 10:13:14 - INFO - All entries: 1, to modify entries: 1, modified > entries: 1, errors: 0 > mai 12 10:13:14 - INFO - Starting clean for user > mai 12 10:13:14 - INFO - # Removing entry > CN=toto,CN=Users,DC=nomotech,DC=local for user > dn: CN=toto,CN=Users,DC=nomotech,DC=local,dc=nomotech,dc=local > changetype: delete > > mai 12 10:13:14 - INFO - All entries: 1, to modify entries: 1, modified > entries: 1, errors: 0 > ---------------------------------------- > > So with this command : bin/lsc -s all, i have this : > ---------------------------------------------- > mai 12 10:14:02 - INFO - Starting sync for user > mai 12 10:14:02 - INFO - Connecting to LDAP server > ldap://192.168.0.2:389/dc=openldap,dc=nomotech,dc=local as > cn=admin,dc=openldap,dc=nomotech,dc=local > mai 12 10:14:02 - INFO - Connecting to LDAP server > ldap://192.168.0.1:389/dc=nomotech,dc=local as > cn=Administrateur,cn=Users,dc=nomotech,dc=local > mai 12 10:14:02 - INFO - # Adding new entry cn=toto,cn=Users for user > dn: cn=toto,cn=Users,dc=nomotech,dc=local > changetype: add > sn: toto > cn: toto > userPassword: {MD5}E0xHX+Rnx1Qw2N/Nw+rz3Q== > objectClass: organizationalPerson > objectClass: person > objectClass: user > objectClass: top > > mai 12 10:14:02 - INFO - All entries: 1, to modify entries: 1, modified > entries: 1, errors: 0 > ------------------------------ > > Now, i see my user "toto" in my AD, but he is no active. I think that i have > to use a securate communication between AD and Openldap ??? > > But, have i to modify my user in OpenLDAP to success ?? >
Hi Romain, you cannot use userPassword to store password in AD. Password in AD is stored in unicodePwd. LSC provides methods to set the value in this attribute. AD will allow you to write on unicodePwd only if you use a secure connection, that means TLS or LDAPS. This requires AD to have a server certificate, and to import this certificate in jvm running LSC. Clément. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
