Hello All, I am trying to sync contact info between our Lotus Domino and AD ldap directories. I am able to bind to and apparently read both directories. I am using mail as a pivot attr. I want to sync and never delete or create new objects. However, when attempting to use an ldap.search in the DST directory (AD) to find the corresponding user, I am getting the following errors due to what seems a space between CN and BaseDN:
Jul 09 11:38:15 - INFO - Starting sync for MySyncTask Jul 09 11:38:15 - INFO - Connecting to LDAP server ldap://<domino domain>:38 9/ o=our company as cn=<domino-admin> Jul 09 11:38:16 - INFO - Connecting to LDAP server ldap://WINDOWS-DOMAIN-CONTROLLER1:389/dc=windowsdomain,dc=com as CN=WindowsAdmin,OU=Blah,OU=Blah,DC=WindowsDomain,DC=com Jul 09 11:38:16 - ERROR - Error while adding entry CN=John Doe,OU=Users,O U=Country, in directory :javax.naming.InvalidNameException: Invalid name: CN=John Doe,OU=Users,OU=Country,,dc=WindowsDomain,dc=com; remaining name ' CN=John Doe,OU=Users,OU=Country,' Jul 09 11:38:16 - ERROR - Error while synchronizing ID CN=John Doe,OU=Use rs,OU=Country,: java.lang.Exception: Technical problem while applying modifica tions to directory dn: CN=John Doe,OU=Users,OU=Country,,dc=WindowsDomain,dc=com <---Note the null space between commas changetype: add mail: [email protected] cn: John Doe telephonenumber: +11 123 4567 --- Below is my scrubbed lsc.properties file. Any ideas? Many many thanks in advance! Also...to confirm, is it the ' -c ' switch that causes entries to be deleted? For some reason I think I have nuked a few active directory machine accounts while testing (I have tried using cn instead of mail), whereas I thought condition.delete = false would have overridden... -------- ######################################################################### # LDAP Synchronization Connector (LSC) - http://lsc-project.org # # Main configuration file # ######################################################################### # Most configuration parameters for LSC are in this file. # All configuration files are located in this directory (etc) # # Configuration layout: # - etc/ (this directory) # - lsc.properties (this file) # main configuration file # - logback.xml # configure logging to console, files and CSV/LDIF output # - sql-map-config.xml # - sql-map-config.d/ # - <name>.xml # # For ldap2ldap connectors, you only need to configure this file and # logback.xml. ######################################################################### ############################## # Source LDAP directory # ############################## # This section is mandatory since all synchronizations currently go to an LDAP directory. # Connection URL. This must include a valid LDAP context. src.java.naming.provider.url = ldap://DOMINOSERVER:389/ o=<DOMINO DOMAIN> # Authentication type. # "none" causes an anonymous bind. "simple" performs a standard bind. src.java.naming.security.authentication = simple # Bind DN to use if authentication type is "simple" src.java.naming.security.principal = cn=DOMINO-ADMIN # Bind password to use if authentication type is "simple" src.java.naming.security.credentials = secretpassword # Follow referrals in searches? # Allowed values are "ignore", "follow". src.java.naming.referral = ignore # Dereference aliases in searches? # Allowed values are "never", "search", "find", "always" src.java.naming.ldap.derefAliases = never # Standard properties. These should not be changed. src.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory src.java.naming.ldap.version = 3 ############################## # Destination LDAP directory # ############################## # This section is mandatory since all synchronizations currently go to an LDAP directory. # Connection URL. This must include a valid LDAP context. dst.java.naming.provider.url = ldap://WINDOWS-DOMAIN-CONTROLLER:389/dc=WINDOWS,dc=COM # Authentication type. # "none" causes an anonymous bind. "simple" performs a standard bind. dst.java.naming.security.authentication = simple # Bind DN to use if authentication type is "simple" dst.java.naming.security.principal = CN=WINDOWSADMIN,OU=BLAH,OU=BLAH,DC=WINDOWSDOMAIN,DC=COM # Bind password to use if authentication type is "simple" dst.java.naming.security.credentials = windows-password # Follow referrals in searches? # Allowed values are "ignore", "follow". dst.java.naming.referral = ignore # Dereference aliases in searches? # Allowed values are "never", "search", "find", "always" dst.java.naming.ldap.derefAliases = never # Standard properties. These should not be changed. dst.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory dst.java.naming.ldap.version = 3 ####################### # Tasks configuration # ####################### # This section defines the synchronization tasks for LSC. # List of defined tasks, seperated by commas lsc.tasks = MySyncTask lsc.tasks.MySyncTask.srcService = org.lsc.jndi.SimpleJndiSrcService lsc.tasks.MySyncTask.dstService = org.lsc.jndi.SimpleJndiDstService ########## lsc.tasks.MySyncTask.condition.create = false lsc.tasks.MySyncTask.condition.update = true lsc.tasks.MySyncTask.condition.delete = false lsc.tasks.MySyncTask.condition.modrdn = false lsc.tasks.MySyncTask.bean = org.lsc.beans.SimpleBean ### SOURCE ######### # Base DN for searches in the directory #lsc.tasks.MySyncTask.srcService.baseDn = o=<domino domain> lsc.tasks.MySyncTask.srcService.filterAll = (objectClass=inetOrgPerson) lsc.tasks.MySyncTask.srcService.pivotAttrs = mail lsc.tasks.MySyncTask.srcService.filterId = (&(objectClass=inetOrgPerson)(mail={mail})) lsc.tasks.MySyncTask.srcService.attrs = telephonenumber mail cn ### DESTINATION ######### # Base DN for searches in the directory #lsc.tasks.MySyncTask.dstService.baseDn=DC=WINDOWSDOMAIN,DC=COM lsc.tasks.MySyncTask.dstService.filterAll = (objectClass=person) lsc.tasks.MySyncTask.dstService.pivotAttrs = mail lsc.tasks.MySyncTask.dstService.filterId = (&(objectClass=Person)(mail={mail})) #lsc.tasks.MySyncTask.dstService.attrs = telephonenumber mail lsc.tasks.MySyncTask.dn = ldap.search("","(mail=" + srcBean.getAttributeValueById("mail") + ")").get(0) #lsc.tasks.MySyncTask.dn = ldap.search(&(objectClass=Person)(mail={mail})) #lsc.tasks.MySyncTask.dn = "(cn=" + srcBean.getAttributeValueById("cn") ### END of SimpleJndiDstService parameters # Construct a DN for new entries in the destination directory # This is a JavaScript expression, and can access any utility functions and the srcBean. # It should be relative to the LDAP context specified in dst.java.naming.provider.url #lsc.tasks.MySyncTask.dn = "cn=" + srcBean.getAttributeValueById(&(objectClass=person)(mail={mail})) #lsc.tasks.MySyncTask.condition.update = srcBean.getAttr('mail') > dstBean.getAttr('mail')
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
