Le 12 mai 2010 10:36, Romain <[email protected]> a écrit : > Le 12/05/2010 10:26, Clément OUDOT a écrit : >> >> 2010/5/12 Romain<[email protected]>: >> >>> >>> Le 12/05/2010 10:02, Romain a écrit : >>> >>>> >>>> Le 12/05/2010 09:51, Jonathan Clarke a écrit : >>>> >>>>> >>>>> Hi, >>>>> >>>>> Please keep replies on the list! :) >>>>> >>>>> Le 12/05/2010 09:45, Romain a écrit : >>>>> >>>>>>>> >>>>>>>> In the 1.2 version, i have make the lsc.properties file, but i don't >>>>>>>> know how to launch the synchronization ??? >>>>>>>> >>>>>>> >>>>>>> Run the bin/lsc command from the -dist archive with the same options >>>>>>> as lsc::synchronize. >>>>>>> >>>>>> >>>>>> I have try, it works, but now when i launch this command : bin/lsc -s >>>>>> all -c all, i obtain this message : >>>>>> ------------------------------------- >>>>>> mai 12 09:39:01 - INFO - Starting sync for user >>>>>> mai 12 09:39:01 - ERROR - java.lang.RuntimeException: Deprecated value >>>>>> specified in task user for object! Please read upgrade notes ! (Please >>>>>> take a look at upgrade notes at >>>>>> http://lsc-project.org/wiki/documentation/upgrade/1.1-1.2) >>>>>> Last log file line: mai 12 09:39:01 - ERROR - >>>>>> java.lang.RuntimeException: Deprecated value specified in task user >>>>>> for >>>>>> object! Please read upgrade notes ! (Please take a look at upgrade >>>>>> notes >>>>>> at http://lsc-project.org/wiki/documentation/upgrade/1.1-1.2) >>>>>> --------------------------------------- >>>>>> >>>>>> So its a problem with the object task user (something that), i have >>>>>> read >>>>>> the doc who are said, and i have understand that i have to modify the >>>>>> logback file ??? >>>>>> >>>>> >>>>> This error message means that you should delete the "object" property >>>>> for >>>>> the task "user". From the upgrade notes, follow this in particular: >>>>> >>>>> 3. Edit the new lsc.properties file: >>>>> - Delete taskType properties lines (like lsc.tasks.MyTask.taskType = >>>>> db2ldap) >>>>> - Delete object properties lines (like lsc.tasks.MyTask.object = >>>>> org.lsc.objects.pPerson) >>>>> - Replace all bean properties values (like lsc.tasks.MyTask.bean = >>>>> org.lsc.beans.inetOrgPersonBean) with the value >>>>> org.lsc.beans.SimpleBean. >>>>> >>>>> If you haven't changed your log4j.properties, you can just use the >>>>> default logback.xml provided. >>>>> >>>>> Jonathan >>>>> >>>> >>>> Yes i have succeded just after i have send my mail. So no, i have this >>>> lsc.properties file : >>>> ---------------------------------------- >>>> >>>> >>>> src.java.naming.security.principal=cn=admin,dc=openldap,dc=nomotech,dc=local >>>> src.java.naming.security.credentials=$ervSimu1 >>>> src.java.naming.security.authentication=simple >>>> src.java.naming.referral=ignore >>>> >>>> >>>> src.java.naming.provider.url=ldap://192.168.0.2:389/dc=openldap,dc=nomotech,dc=local >>>> src.java.naming.ldap.version=3 >>>> src.java.naming.ldap.derefAliases=never >>>> src.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory >>>> #src.database.username=sa >>>> #src.database.url=jdbc:hsqldb:file:hsqldb/lsc >>>> #src.database.password= >>>> #src.database.driver=org.hsqldb.jdbcDriver >>>> #lsc.tasks=FirstTask, user >>>> >>>> lsc.tasks=user >>>> >>>> #lsc.tasks.user.type=ldap2ldap >>>> lsc.tasks.user.srcService=org.lsc.jndi.SimpleJndiSrcService >>>> lsc.tasks.user.srcService.pivotAttrs=cn sn >>>> lsc.tasks.user.srcService.filterId=(sn={sn}) >>>> lsc.tasks.user.srcService.filterAll=(&(sn=*)(objectClass=inetOrgPerson)) >>>> lsc.tasks.user.srcService.baseDn=ou=Users >>>> lsc.tasks.user.srcService.attrs=description cn sn userPassword >>>> #lsc.tasks.user.object=org.lsc.objects.inetOrgPerson >>>> lsc.tasks.user.dstService=org.lsc.jndi.SimpleJndiDstService >>>> lsc.tasks.user.dstService.pivotAttrs=cn sn >>>> lsc.tasks.user.dstService.filterId=(sn={sn}) >>>> lsc.tasks.user.dstService.filterAll=(&(sn=*)(objectClass=user)) >>>> lsc.tasks.user.dstService.baseDn=cn=Users >>>> lsc.tasks.user.dstService.attrs=description cn sn userPassword >>>> objectClass >>>> lsc.tasks.user.dn="cn=" + srcBean.getAttributeValueById("cn") + >>>> ",ou=Users" >>>> lsc.tasks.user.bean=org.lsc.beans.SimpleBean >>>> >>>> #lignes ajoutées >>>> lsc.tasks.user.srcService.filterId = >>>> (&(objectClass=inetOrgPerson)(uid={uid})) >>>> lsc.tasks.user.srcService.pivotAttrs = uid >>>> lsc.tasks.user.dstService.filterId = >>>> (&(objectClass=user)(sAMAccountName={uid})) >>>> lsc.tasks.user.dstService.pivotAttrs = uid >>>> lsc.tasks.user.dn = "cn=" + srcBean.getAttributeValueById("cn") + >>>> ",ou=Users" >>>> >>>> >>>> >>>> >>>> dst.java.naming.security.principal=cn=Administrateur,cn=Users,dc=nomotech,dc=local >>>> dst.java.naming.security.credentials=$ervSimu1 >>>> dst.java.naming.security.authentication=simple >>>> dst.java.naming.referral=ignore >>>> dst.java.naming.provider.url=ldap://192.168.0.1:389/dc=nomotech,dc=local >>>> dst.java.naming.ldap.version=3 >>>> dst.java.naming.ldap.derefAliases=never >>>> dst.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory >>>> >>>> #mod >>>> dst.java.naming.ldap.pageSize = 1000 >>>> >>>> dn.real_root=cn=Users,dc=nomotech,dc=local >>>> #Tue Oct 20 16:34:13 CEST 2009 >>>> #Re/set the Source LDAP properties >>>> >>>> >>>> >>>> # Synchronization options >>>> lsc.syncoptions.user = >>>> org.lsc.beans.syncoptions.PropertiesBasedSyncOptions >>>> lsc.syncoptions.user.default.action = F >>>> >>>> # Direct link - no need to specify syncoptions >>>> # uid<- uid >>>> # cn<- cn (done with DN generation) >>>> # sn<- sn >>>> >>>> # objectClass<- top/user/person/organizationalperson >>>> lsc.syncoptions.user.objectClass.action = F >>>> lsc.syncoptions.user.objectClass.force_value = >>>> "top";"user";"person";"organizationalPerson" >>>> >>>> # sAMAccountName<- uid >>>> lsc.syncoptions.user.sAMAccountName.create_value = >>>> srcBean.getAttributeValueById("uid") >>>> >>>> # userPrincipalName<- uid + "@nomotech.local" >>>> lsc.syncoptions.user.userPrincipalName.force_value = >>>> srcBean.getAttributeValueById("uid") + "@nomotech.com" >>>> >>>> # userAccountControl >>>> lsc.syncoptions.user.userAccountControl.create_value = >>>> AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT]) >>>> >>>> # pwdLastSet<- 0 to force user to change password on next connection >>>> lsc.syncoptions.user.pwdLastset.create_value = "0" >>>> >>>> # unicodePwd<- "changeit" at creation (requires SSL connection to AD) >>>> lsc.syncoptions.user.unicodePwd.create_value = >>>> AD.getUnicodePwd("changeit") >>>> -------------------------------------------------------------- >>>> >>>> But when i launch this command : bin/lsc -s all -c all, i have this >>>> error >>>> message : >>>> -------------------------------------------- >>>> mai 12 09:52:03 - INFO - Starting sync for user >>>> mai 12 09:52:04 - INFO - Connecting to LDAP server >>>> ldap://192.168.0.2:389/dc=openldap,dc=nomotech,dc=local as >>>> cn=admin,dc=openldap,dc=nomotech,dc=local >>>> mai 12 09:52:04 - ERROR - Unable to get object for >>>> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >>>> mai 12 09:52:04 - ERROR - Unable to get object for >>>> >>>> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >>>> mai 12 09:52:04 - ERROR - Unable to get object for >>>> >>>> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >>>> mai 12 09:52:04 - ERROR - Unable to get object for >>>> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >>>> mai 12 09:52:04 - ERROR - Unable to get object for >>>> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >>>> mai 12 09:52:04 - ERROR - Unable to get object for >>>> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >>>> mai 12 09:52:04 - ERROR - Unable to get object for >>>> >>>> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >>>> mai 12 09:52:04 - ERROR - Unable to get object for >>>> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >>>> mai 12 09:52:04 - ERROR - Unable to get object for >>>> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >>>> mai 12 09:52:04 - ERROR - Unable to get object for >>>> id=cn=toto,ou=Users,dc=openldap,dc=nomotech,dc=local >>>> mai 12 09:52:04 - ERROR - Unable to get object for >>>> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >>>> mai 12 09:52:04 - ERROR - Unable to get object for >>>> >>>> [email protected],ou=Users,dc=openldap,dc=nomotech,dc=local >>>> mai 12 09:52:04 - ERROR - All entries: 12, to modify entries: 0, >>>> modified >>>> entries: 0, errors: 12 >>>> mai 12 09:52:04 - INFO - Starting clean for user >>>> mai 12 09:52:04 - INFO - Connecting to LDAP server >>>> ldap://192.168.0.1:389/dc=nomotech,dc=local as >>>> cn=Administrateur,cn=Users,dc=nomotech,dc=local >>>> mai 12 09:52:04 - INFO - # Removing entry >>>> CN=test,CN=Users,DC=nomotech,DC=local for user >>>> dn: CN=test,CN=Users,DC=nomotech,DC=local,dc=nomotech,dc=local >>>> changetype: delete >>>> >>>> mai 12 09:52:04 - INFO - # Removing entry >>>> CN=test1,CN=Users,DC=nomotech,DC=local for user >>>> dn: CN=test1,CN=Users,DC=nomotech,DC=local,dc=nomotech,dc=local >>>> changetype: delete >>>> >>>> mai 12 09:52:04 - INFO - All entries: 2, to modify entries: 2, modified >>>> entries: 2, errors: 0 >>>> -------------------------------------------------- >>>> >>>> So the result is better than yesterday, but now i have error to get the >>>> user ??? >>>> The good point are that user are not in openldap directory, are delete >>>> in >>>> the ad. >>>> >>>> Thanks for your quickly answer, its very nice ;-) >>>> >>>> >>>> >>>> >>>> _______________________________________________________________ >>>> Ldap Synchronization Connector (LSC) - http://lsc-project.org >>>> >>>> lsc-users mailing list >>>> [email protected] >>>> http://lists.lsc-project.org/listinfo/lsc-users >>>> >>>> >>>> >>> >>> Its now better, i have modify my lsc properties a little, and now i >>> launch >>> this command : bin/lsc -s all. >>> So now, i don't launch with this argument : -c all, because otherwise, my >>> user are delete in AD like that : >>> ----------------------------------------------- >>> mai 12 10:13:13 - INFO - Starting sync for user >>> mai 12 10:13:13 - INFO - Connecting to LDAP server >>> ldap://192.168.0.2:389/dc=openldap,dc=nomotech,dc=local as >>> cn=admin,dc=openldap,dc=nomotech,dc=local >>> mai 12 10:13:13 - INFO - Connecting to LDAP server >>> ldap://192.168.0.1:389/dc=nomotech,dc=local as >>> cn=Administrateur,cn=Users,dc=nomotech,dc=local >>> mai 12 10:13:14 - INFO - # Adding new entry cn=toto,cn=Users for user >>> dn: cn=toto,cn=Users,dc=nomotech,dc=local >>> changetype: add >>> sn: toto >>> cn: toto >>> userPassword: {MD5}E0xHX+Rnx1Qw2N/Nw+rz3Q== >>> objectClass: organizationalPerson >>> objectClass: person >>> objectClass: user >>> objectClass: top >>> >>> mai 12 10:13:14 - INFO - All entries: 1, to modify entries: 1, modified >>> entries: 1, errors: 0 >>> mai 12 10:13:14 - INFO - Starting clean for user >>> mai 12 10:13:14 - INFO - # Removing entry >>> CN=toto,CN=Users,DC=nomotech,DC=local for user >>> dn: CN=toto,CN=Users,DC=nomotech,DC=local,dc=nomotech,dc=local >>> changetype: delete >>> >>> mai 12 10:13:14 - INFO - All entries: 1, to modify entries: 1, modified >>> entries: 1, errors: 0 >>> ---------------------------------------- >>> >>> So with this command : bin/lsc -s all, i have this : >>> ---------------------------------------------- >>> mai 12 10:14:02 - INFO - Starting sync for user >>> mai 12 10:14:02 - INFO - Connecting to LDAP server >>> ldap://192.168.0.2:389/dc=openldap,dc=nomotech,dc=local as >>> cn=admin,dc=openldap,dc=nomotech,dc=local >>> mai 12 10:14:02 - INFO - Connecting to LDAP server >>> ldap://192.168.0.1:389/dc=nomotech,dc=local as >>> cn=Administrateur,cn=Users,dc=nomotech,dc=local >>> mai 12 10:14:02 - INFO - # Adding new entry cn=toto,cn=Users for user >>> dn: cn=toto,cn=Users,dc=nomotech,dc=local >>> changetype: add >>> sn: toto >>> cn: toto >>> userPassword: {MD5}E0xHX+Rnx1Qw2N/Nw+rz3Q== >>> objectClass: organizationalPerson >>> objectClass: person >>> objectClass: user >>> objectClass: top >>> >>> mai 12 10:14:02 - INFO - All entries: 1, to modify entries: 1, modified >>> entries: 1, errors: 0 >>> ------------------------------ >>> >>> Now, i see my user "toto" in my AD, but he is no active. I think that i >>> have >>> to use a securate communication between AD and Openldap ??? >>> >>> But, have i to modify my user in OpenLDAP to success ?? >>> >>> >> >> Hi Romain, >> >> you cannot use userPassword to store password in AD. Password in AD is >> stored in unicodePwd. LSC provides methods to set the value in this >> attribute. AD will allow you to write on unicodePwd only if you use a >> secure connection, that means TLS or LDAPS. This requires AD to have a >> server certificate, and to import this certificate in jvm running LSC. >> >> Clément. >> >> >> > > Yes i think that it is my problem, so i had to save my conf and try to make > a certifcate to have an SSL connection. But i have a problem ... when my > user are import in AD, i look his properties, and i see that he has no "name > open session user" ... "Nom d'ouverture de session d'utilisateur" in > french. > > So i think that my lsc.properties are not completly good ??
You need to set sAMAccountName attribute in user entry. This is the AD login. Clément. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
