Hi!
Le 13/07/2010 01:19, [email protected] a écrit :
I've been trying to configure lsc-1.2.0 to sync from Active Directory
to OpenLDAP and have been running into problems.
Specifically, lsc seems to connect (and Wireshark confirms) ok to AD
and starts sucking out user records with:
lsc.tasks.FirstTask.srcService.filterAll =
(&(sn=*)(objectcategory=person)(objectcategory=user))
Isc is configured to operate in paging mode:
src.java.naming.ldap.pageSize = 1000
However, it immediately starts printing:
ERROR - Too many entries returned (base: "", filter: "(sn=somelastname)")
ERROR - Error while synchronizing ID cn=some full name,ou=People:
javax.naming.SizeLimitExceededException: Too many entries returned
(base: "", filter: "(sn=somelastname)")
where "somelastname" and "some full name" are different.
This is because your filter to return one entry is returning more than
one. Presumably several accounts in your AD have the same sn.
To better understand, here's a quick description of how LSC handles entries:
1) It gets a list of all entries to consider in the source by running a
search using the filter lsc.tasks.FirstTask.srcService.filterAll, and
reading only the pivot attributes (looks like "sn" in your case).
2) It reads each entry from the source one by one, by doing a search
using the filter lsc.tasks.FirstTask.srcService.filterId, and replacing
individual pivot values to form a valid search filter.
Simply put: you need to use a unique attribute (or set of attributes) as
your pivotAttrs. If "sn" is not unique, don't use it as a pivot. Since
you're syncing with AD, I suggest using "sAMAccountName". Other common
pivots are "mail", "cn" or a combination of "sn" and "givenName".
This is briefly described in:
http://lsc-project.org/wiki/documentation/1.2/configuration/service#simplejndisrcservice_simplejndidstservice_and_fulldnjndidstservice
Regards,
Jonathan
It looks like (from Wireshark) that a query is made for a page, then
multiple chunks (something like 2-3 users per chunk) are coming back
from AD until the page is complete. Then lsc makes the request for
the next page until all records are successfully retrieved.
Any pointers at all where to start debugging would be greatly appreciated.
Thanks in advance,
Jeff Katcher
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
--
--------------------------------------------------------------
Jonathan Clarke - [email protected]
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
