Re: [lsc-users] Options for Sync Users

Wed, 19 May 2010 10:33:49 -0700 

Hi,

Le 19/05/2010 09:46, Romain a écrit :

I have make with success a sync of users between OpenLDAP and AD. So my
user can connect with a Windows XP computer with his account.


Great news! :-)


But I want
that the user don't have to change his password in the first connection.
I have tried many configuration, but with no success, i am always oblige
to change.

I think that it is this line :
### pwdLastSet <- 0 to force user to change password on next connection
lsc.syncoptions.user.pwdLastSet.create_value = "0"

But if i take an other value for this (ex : 1), i obtain this error
-------------------------------------------
mai 19 09:38:16 - ERROR - Error while adding entry cn=Romain
Grante,cn=Users in directory :javax.naming.NamingException: [LDAP: error
code 80 - 00000057: SysErr: DSID-031A0FB2, problem 22 (Invalid
argument), data 0
]; remaining name 'cn=Romain Grante,cn=Users'
mai 19 09:38:16 - ERROR - Error while synchronizing ID cn=Romain
Grante,cn=Users: java.lang.Exception: Technical problem while applying
modifications to directory
dn: cn=Romain Grante,cn=Users,dc=nomotech,dc=local
changetype: add
userPrincipalName: [email protected]
sn: Grante
pwdLastSet: 1
cn: Romain Grante
sAMAccountName: rgrante
userAccountControl: 512
unicodePwd:: IgAkAGUAcgB2AFMAaQBtAHUAMQAiAA==
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
givenName: Romain
-------------------------------------------



This error seems pretty obvious to me: you set pwdLastSet to 1, and AD 
replies "Invalid argument". So 1 is not a valid value...



If you look up the definition of this attribute via Google, you'll soon 
find this page:

http://msdn.microsoft.com/en-us/library/ms679430(VS.85).aspx

Which says:

"The date and time that the password for this account was last changed. 
This value is stored as a large integer that represents the number of 
100 nanosecond intervals since January 1, 1601 (UTC)."


So 1, means 100 nanoseconds after January 1, 1601 - an unlikely value :-)


Basically, you need to put a valid value in this field. LSC has support 
for reading a field like this (getNumberOfWeeksSinceLastLogon in the 
org.lsc.utils.AD class), but not for writing. Maybe we should implement it.


Jonathan
--
--------------------------------------------------------------
Jonathan Clarke - [email protected]
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users






















					Reply via email to