Hi, I am trying a sync connection from OpenLDAP to AD. I am using LSC 1.2 and I have used the tutorial "Populating Active Directory from OpenLDAP". But now I am getting an error:
lsc -f c:\lsc-openldap2ad\etc -c all -s all Mai 10 10:51:38 - INFO - Starting sync for ADuser Mai 10 10:51:38 - INFO - Connecting to LDAP server ldap://141.69.121.114:389/dc =ldap,dc=test as cn=admin,dc=ldap,dc=test Mai 10 10:51:39 - INFO - Connecting to LDAP server ldap://141.69.121.117:389/dc =test,dc=local as CN=Administrator,CN=Users,DC=test,DC=local Mai 10 10:51:40 - ERROR - Error while adding entry cn=Pavel Chekov,ou=LSC in dir ectory :javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - 0000207B: UpdErr: DSID-030511CF, problem 6002 (OBJ_CLASS_VIOLATION), data 0 ]; remaining name 'cn=Pavel Chekov,ou=LSC' Mai 10 10:51:40 - ERROR - Error while synchronizing ID cn=Pavel Chekov,ou=LSC: j ava.lang.Exception: Technical problem while applying modifications to directory dn: cn=Pavel Chekov,ou=LSC,dc=test,dc=local changetype: add sn: Chekov cn: Pavel Chekov Btw.: Is it possible that there is an error in the Task section of the tutorial? Shouldn´t we read from OpenLDAP?? If we want to read from the source all Active Directory users with a sAMAccountName, and from the destination all inetOrgPerson entries from ou=People with a uid, we could do this: lsc.tasks.ADuser.srcService.baseDn = cn=Users lsc.tasks.ADuser.srcService.filterAll = (&(sAMAccountName=*)(objectClass=user)) lsc.tasks.ADuser.dstService.baseDn = ou=People lsc.tasks.ADuser.dstService.filterAll = (&(uid=*)(objectClass=inetOrgPerson)) Thank you for your help! Greets Gunter --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- This is my lsc.properties: ######################################################################### # LDAP Synchronization Connector (LSC) - http://lsc-project.org # # Main configuration file # ######################################################################### # Most configuration parameters for LSC are in this file. # All configuration files are located in this directory (etc) # # Configuration layout: # - etc/ (this directory) # - lsc.properties (this file) # main configuration file # - logback.xml # configure logging to console, files and CSV/LDIF output # - sql-map-config.xml # - sql-map-config.d/ # - <name>.xml # # For ldap2ldap connectors, you only need to configure this file and # logback.xml. ######################################################################### ################################################ # Destination LDAP directory (Active Directory)# ################################################ # This section is mandatory since all synchronizations currently go to an LDAP directory. # Connection URL. This must include a valid LDAP context. dst.java.naming.provider.url = ldap://141.69.121.117:389/dc=test,dc=local # Authentication type. # "none" causes an anonymous bind. "simple" performs a standard bind. dst.java.naming.security.authentication = simple # Bind DN to use if authentication type is "simple" dst.java.naming.security.principal = CN=Administrator,CN=Users,DC=test,DC=local # Bind password to use if authentication type is "simple" dst.java.naming.security.credentials = xxx # To manage Active Directory Paged Results Control (which enables to return more than 1000 entries) dst.java.naming.ldap.pageSize = 1000 # Follow referrals in searches? # Allowed values are "ignore", "follow". dst.java.naming.referral = ignore # Dereference aliases in searches? # Allowed values are "never", "search", "find", "always" dst.java.naming.ldap.derefAliases = never # Standard properties. These should not be changed. dst.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory dst.java.naming.ldap.version = 3 ################################### # Source LDAP directory (OpenLDAP)# ################################### # This section can safely be deleted if you are not using ldap2ldap synchronization. # Connection URL. This must include a valid LDAP context. src.java.naming.provider.url = ldap://141.69.121.114:389/dc=ldap,dc=test # Authentication type. # "none" causes an anonymous bind. "simple" performs a standard bind. src.java.naming.security.authentication = simple # Bind DN to use if authentication type is "simple" src.java.naming.security.principal = cn=admin,dc=ldap,dc=test # Bind password to use if authentication type is "simple" src.java.naming.security.credentials = xxx # Follow referrals in searches? # Allowed values are "ignore", "follow". src.java.naming.referral = ignore # Dereference aliases in searches? # Allowed values are "never", "search", "find", "always" src.java.naming.ldap.derefAliases = never # Standard properties. These should not be changed. src.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory src.java.naming.ldap.version = 3 ####################### # Tasks configuration # ####################### # This section defines the synchronization tasks for LSC. # List of defined tasks, seperated by commas lsc.tasks = ADuser # Java class name for the service to read objects from the source # Either "org.lsc.jndi.SimpleJndiSrcService" for ldap2ldap, or # "org.lsc.service.SimpleJdbcSrcService" for db2ldap # According to which service you use here, you only need *one* of the following sections lsc.tasks.ADuser.srcService = org.lsc.jndi.SimpleJndiSrcService ### SimpleJndiSrcService parameters # The parameters in this section only apply to the SimpleJndiSrcService # This section can safely be deleted if you are not using ldap2ldap synchronization. # Base DN for searches in the directory lsc.tasks.ADuser.srcService.baseDn = ou=People # Filter to list all entries to synchronize lsc.tasks.ADuser.srcService.filterAll = (&(uid=*)(objectClass=inetOrgPerson)) # Attributes to read from all entries used to match objects between source and destination lsc.tasks.ADuser.srcService.pivotAttrs = uid # Filter to read one entry to synchronize, based on pivotAttrs above # This filter may contain one or several pivotAttrs defined above, like "{attributeName}" lsc.tasks.ADuser.srcService.filterId = (&(objectClass=inetOrgPerson)(uid={uid})) # Attributes to read from each entry used to read and write data lsc.tasks.ADuser.srcService.attrs = description cn sn uid ### END of SimpleJndiSrcService parameters # Java class name for the service to read and write objects in the destination # Usually "org.lsc.jndi.SimpleJndiDstService". lsc.tasks.ADuser.dstService = org.lsc.jndi.SimpleJndiDstService ### SimpleJndiDstService parameters # The parameters in this section only apply to the SimpleJndiDstService # Base DN for searches in the directory lsc.tasks.ADuser.dstService.baseDn = ou=LSC # Filter to list all entries to synchronize lsc.tasks.ADuser.dstService.filterAll = (&(sAMAccountName=*)(objectClass=user)) # Attributes to read from all entries used to match objects between source and destination lsc.tasks.ADuser.dstService.pivotAttrs = uid # Filter to read one entry to synchronize, based on pivotAttrs above # This filter may contain one or several pivotAttrs defined above, like "{attributeName}" lsc.tasks.ADuser.dstService.filterId = (&(objectClass=user)(sAMAccountName={uid})) # Attributes to read from each entry used to read and write data lsc.tasks.ADuser.dstService.attrs = description cn sn objectClass ### END of SimpleJndiDstService parameters # Java class name for the LDAP objectClass to compare source and destination objects # This should be the LDAP objectClass of entries in the destination directory lsc.tasks.ADuser.bean = org.lsc.beans.SimpleBean # Construct a DN for new entries in the destination directory # This is a JavaScript expression, and can access any utility functions and the srcBean. # It should be relative to the LDAP context specified in dst.java.naming.provider.url lsc.tasks.ADuser.dn = "cn=" + srcBean.getAttributeValueById("cn") + ",ou=LSC" dn.real_root = dc=lsc-project,dc=org ############################# # Syncoptions configuration # ############################# # This section defines synchronization rules for each task, attribute by attribute # Define the implementation to use. PropertiesBasedSyncOptions is usually what you want. # The only current alternative is ForceSyncOptions, which don't take any configuration. lsc.syncoptions.FirstTask = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions # Set default behavior for all attributes not explicitly specified below # Available actions are: # - K for Keep: don't change existing values in the destination # (create and default values from syncoptions may be applied, though) # - F for Force: replace values in the destination with our values # (from source, or force values in syncoptions) # - M for Merge: add values to multi-valued attributes # (from source, or create/default/force values in syncoptions) # See documentation at http://lsc-project.org/wiki/documentation/1.2/configuration/syncoptions lsc.syncoptions.ADuser.default.action = F # objectClass <- top/user/person/organizationalperson lsc.syncoptions.ADuser.objectClass.action = F lsc.syncoptions.ADuser.objectClass.force_value = "top";"user";"person";"organizationalPerson" # sAMAccountName <- uid lsc.syncoptions.ADuser.sAMAccountName.create_value = srcBean.getAttributeValueById("uid") # userPrincipalName <- uid + "@test.local" lsc.syncoptions.ADuser.userPrincipalName.force_value = srcBean.getAttributeValueById("uid") + "@test.local" # userAccountControl lsc.syncoptions.ADuser.userAccountControl.create_value = AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT]) # Set default delimiter for multiple values for an attribute. # This is normally a semi-colon (;) but can be problematic when writing complex JavaScript lsc.syncoptions.ADuser.default.delimiter = $ # Sample syncoption for the SN attribute: force update, and put value from source in capitals lsc.syncoptions.ADuser.sn.action = F lsc.syncoptions.ADuser.sn.force_value = srcBean.getAttributeValueById("sn").toUpperCase() # Sample syncoption for the userPassword attribute: provide a default password, # if there isn't one in the destination, and hash it in SHA # lsc.syncoptions.FirstTask.userPassword.default_value = SecurityUtils.hash(SecurityUtils.HASH_SHA1, "defaultPassword") # Many other possibilities are available in SyncOptions. # You can write any JavaScript code in a default_value, force_value or create_value. # See http://lsc-project.org/wiki/documentation/1.2/configuration/start for more. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
