Le 18/05/2010 13:32, Jonathan Clarke a écrit :
Le 18/05/2010 09:21, Romain a écrit :
Here is my error :
--------------------------------
mai 18 09:18:51 - ERROR - Error while adding entry
cn=Commercial,ou=Services in directory
:javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 -
00000057: LdapErr: DSID-0C090A75, comment: Error in attribute conversion
operation, data 0, vece]; remaining name 'cn=Commercial,ou=Services'
mai 18 09:18:51 - ERROR - Error while synchronizing ID
cn=Commercial,ou=Services: java.lang.Exception: Technical problem while
applying modifications to directory
dn: cn=Commercial,ou=Services,dc=nomotech,dc=local
changetype: add
cn: Commercial
gidNumber: 1000
objectClass: group
objectClass: top
The error message: "LDAP: error code 16", "Error in attribute
conversion operation" means that the value of an attribute you're
trying to write is not correct.
I cannot tell you exactly what is wrong with your setup, since the
problem here is Active Directory refusing your changes, and not a
problem in LSC. You have to play around with the settings until they
work.
A few ideas that may help:
- Are you sure gidNumber is a valid attribute in AD with the
objectClass group?
- Does the objectClass group require any more attributes?
- Have you tried creating the objectClass with just the value "group"
(and not "top")?
OK thanks, your first idea is good :-) . So I have to delete gidNumber
in my configuration for group in lsc.properties.
This morning, I have tried to take a connection SSL to synchronized also
passwords. But i have a question, i have this two line in my
lsc.properties :
src.java.naming.provider.url=ldap://192.168.0.2/dc=openldap,dc=nomotech,dc=local
dst.java.naming.provider.url=ldaps://server.nomotech.local/dc=nomotech,dc=local
So my source donc use the SSL (port 636), i use only this port for the
destination (AD). So it works with this configuration or not ?
Otherwise, i have to use "ldaps" in the to server ?
When i launch this command : bin/lsc -s user -f etc , i have no error if
i don't use 'unicodePwd' so my configuration is like that :
--------------------------------------------------
### User ###
lsc.tasks.user.bean=org.lsc.beans.SimpleBean
lsc.tasks.user.dn = "cn=" + srcBean.getAttributeValueById("cn") +
",cn=Users"
# Source
lsc.tasks.user.srcService=org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.user.srcService.filterAll=(&(sn=*)(objectClass=inetOrgPerson))
lsc.tasks.user.srcService.baseDn=ou=Users
lsc.tasks.user.srcService.attrs= cn sn uid givenName mail userPassword
lsc.tasks.user.srcService.filterId =
(&(objectClass=inetOrgPerson)(uid={uid}))
lsc.tasks.user.srcService.pivotAttrs = uid
# Destination
lsc.tasks.user.dstService=org.lsc.jndi.SimpleJndiDstService
lsc.tasks.user.dstService.filterAll=(&(sn=*)(objectClass=user))
lsc.tasks.user.dstService.baseDn=cn=Users
lsc.tasks.user.dstService.attrs = cn sn sAMAccountName objectClass
userPrincipalName userPassword
lsc.tasks.user.dstService.filterId =
(&(objectClass=user)(sAMAccountName={uid}))
lsc.tasks.user.dstService.pivotAttrs = uid
-----------------------------------
But when i look in my AD, users are inactive ???
Moreover, when i use 'unicodePwd' like that :
------------------------------------
lsc.syncoptions.user.unicodePwd.create_value = AD.getUnicodePwd("changeit")
lsc.syncoptions.user.unicodePwd.action = F
------------------------------------
And my user conf :
-------------------------------------
### User ###
lsc.tasks.user.bean=org.lsc.beans.SimpleBean
lsc.tasks.user.dn = "cn=" + srcBean.getAttributeValueById("cn") +
",cn=Users"
# Source
lsc.tasks.user.srcService=org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.user.srcService.filterAll=(&(sn=*)(objectClass=inetOrgPerson))
lsc.tasks.user.srcService.baseDn=ou=Users
lsc.tasks.user.srcService.attrs= cn sn uid givenName mail
lsc.tasks.user.srcService.filterId =
(&(objectClass=inetOrgPerson)(uid={uid}))
lsc.tasks.user.srcService.pivotAttrs = uid
# Destination
lsc.tasks.user.dstService=org.lsc.jndi.SimpleJndiDstService
lsc.tasks.user.dstService.filterAll=(&(sn=*)(objectClass=user))
lsc.tasks.user.dstService.baseDn=cn=Users
lsc.tasks.user.dstService.attrs = cn sn sAMAccountName objectClass
userPrincipalName mail unicodePwd
lsc.tasks.user.dstService.filterId =
(&(objectClass=user)(sAMAccountName={uid}))
lsc.tasks.user.dstService.pivotAttrs = uid
----------------------------------------
I obtain this error, and i have no users import in my AD
--------------------------------------
mai 18 14:10:31 - INFO - Starting sync for user
mai 18 14:10:31 - INFO - Connecting to LDAP server
ldap://192.168.0.2/dc=openldap,dc=nomotech,dc=local as
cn=admin,dc=openldap,dc=nomotech,dc=local
mai 18 14:10:31 - INFO - Connecting to LDAP server
ldaps://server.nomotech.local/dc=nomotech,dc=local as
cn=Administrateur,cn=Users,dc=nomotech,dc=local
mai 18 14:10:32 - ERROR - Error while adding entry cn=romain
romain,cn=Users in directory
:javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
0000052D: SvcErr: DSID-031A0FBC, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'cn=romain romain,cn=Users'
mai 18 14:10:32 - ERROR - Error while synchronizing ID cn=romain
romain,cn=Users: java.lang.Exception: Technical problem while applying
modifications to directory
dn: cn=romain romain,cn=Users,dc=nomotech,dc=local
changetype: add
userPrincipalName: [email protected]
mail: [email protected]
sn: romain
cn: romain romain
sAMAccountName: romain
unicodePwd:: IgBjAGgAYQBuAGcAZQBpAHQAIgA=
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
----------------------------------------
I don't understand really ...
Thanks for your daily help ;-)
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
