Hi Edward,
This issue is related to the fact that RDN value can not contain unescaped
comma. I suggest you try something like :
lsc.tasks.ADsync.dn = "cn=" +
srcBean.getAttributeValueById("cn").replaceAll(",", "\\\\,") + ",ou=users"
I'm not sure about the number of backslash you must use (JavaScript/Java
mix), but by escaping the comma with the backslash, the RDN value must be
correct.
Regards,
2011/4/21 Beuerlein, Edward <[email protected]>
> Hi,
> I am using lsc-1.2.1-0.el5 and I am trying to sync Active Directory to
> OpenLDAP. I am having issues with commas in the CN section of the AD users.
> I have read through the mailing lists and all documentation on the website
> and I see other's having similar issue but I haven't seen a solution posted.
> Here is the error I get when I try to run lsc against both ldap servers:
>
> Apr 15 14:45:14 - ERROR - Error while adding entry cn=Plante, Marc,ou=users
> in directory :javax.naming.InvalidNameException: Invalid name: cn=Plante,
> Marc,ou=users
> Apr 15 14:45:14 - ERROR - Error while synchronizing ID cn=Plante,
> Marc,ou=users: java.lang.Exception: Technical problem while applying
> modifications to directory
> dn: cn=Plante, Marc,ou=users,dc=example,dc=com
>
> Please let me know the best way to handle this issue-I am just trying to
> sync users.
>
>
> Thanks!
> -Eddie B.
>
> Here's my lsc.properties file:
> # This section is mandatory since all synchronizations currently go to an
> LDAP d
> irectory.
>
> # Connection URL. This must include a valid LDAP context.
> dst.java.naming.provider.url = ldap://localhost:389/dc=example,dc=com
>
> # Authentication type.
> # "none" causes an anonymous bind. "simple" performs a standard bind.
> dst.java.naming.security.authentication = simple
>
> # Bind DN to use if authentication type is "simple"
> dst.java.naming.security.principal = cn=Manager,dc=example,dc=com
>
> # Bind password to use if authentication type is "simple"
> dst.java.naming.security.credentials = secret
>
> # Follow referrals in searches?
> # Allowed values are "ignore", "follow".
> dst.java.naming.referral = ignore
>
> # Dereference aliases in searches?
> # Allowed values are "never", "search", "find", "always"
> dst.java.naming.ldap.derefAliases = never
>
> # Standard properties. These should not be changed.
> dst.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory
> dst.java.naming.ldap.version = 3
>
> #########################
> # Source LDAP directory #
> #########################
> # This section can safely be deleted if you are not using ldap2ldap
> synchronizat
> ion.
>
> # Connection URL. This must include a valid LDAP context.
> src.java.naming.provider.url = ldap://test01.neustar.com:389/dc=neu
> star,dc=com
>
> # Authentication type.
> # "none" causes an anonymous bind. "simple" performs a standard bind.
> src.java.naming.security.authentication = simple
>
> # Bind DN to use if authentication type is "simple"
> src.java.naming.security.principal = [email protected]
>
> # Bind password to use if authentication type is "simple"
> src.java.naming.security.credentials = password
>
> # Follow referrals in searches?
> # Allowed values are "ignore", "follow".
> src.java.naming.referral = ignore
>
> # Dereference aliases in searches?
> # Allowed values are "never", "search", "find", "always"
> src.java.naming.ldap.derefAliases = never
>
> # Standard properties. These should not be changed.
> src.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory
> src.java.naming.ldap.version = 3
>
> # AD requires paging and won't allow queries over 1000 without it.
> src.java.naming.ldap.pageSize = 1000
>
> lsc.tasks = ADsync
>
> lsc.tasks.ADsync.srcService = org.lsc.jndi.SimpleJndiSrcService
>
>
> ### SimpleJndiSrcService parameters
>
> lsc.tasks.ADsync.srcService.baseDn = ou=Employee,ou=User-Accounts
>
> lsc.tasks.ADsync.srcService.filterAll =
> (&(objectClass=user)(!(objectClass=computer))(cn=*))
>
> lsc.tasks.ADsync.srcService.pivotAttrs = sAMAccountName
>
> lsc.tasks.ADsync.srcService.filterId =
> (|(sAMAccountName={sAMAccountName})(sAMAccountName={uid}))
>
> lsc.tasks.ADsync.srcService.attrs = description cn sn givenName
> postofficebox mail sAMAccountName
> ### END of SimpleJndiSrcService parameters
>
>
> lsc.tasks.ADsync.dstService = org.lsc.jndi.SimpleJndiDstService
>
>
> lsc.tasks.ADsync.dstService.baseDn = ou=users
>
> lsc.tasks.ADsync.dstService.filterAll = (objectClass=inetOrgPerson)
>
> lsc.tasks.ADsync.dstService.pivotAttrs = uid
>
> lsc.tasks.ADsync.dstService.filterId = (|(uid={sAMAccountName})(uid={uid}))
>
> lsc.tasks.ADsync.dstService.attrs = description cn sn uid mail givenName
> employeenumber objectClass
> ### END of SimpleJndiDstService parameters
>
>
> lsc.tasks.ADsync.bean = org.lsc.beans.SimpleBean
>
> lsc.tasks.ADsync.dn = "cn=" + srcBean.getAttributeValueById("cn") +
> ",ou=users"
>
> dn.real_root = dc=example,dc=com
>
> #############################
> # Syncoptions configuration #
> #############################
> lsc.syncoptions.ADsync =
> org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
>
> lsc.syncoptions.ADsync.default.action = K
>
> lsc.syncoptions.ADsync.default.delimiter = $
>
> lsc.syncoptions.ADsync.uid.create_value =
> srcBean.getAttributeValueById("sAMAccountName")
>
> lsc.syncoptions.ADsync.employeenumber.create_value =
> srcBean.getAttributeValueById("postofficebox")
>
> lsc.syncoptions.ADsync.objectClass.action = F
> lsc.syncoptions.ADsync.objectClass.force_value =
> "top";"person";"organizationalPerson"
> _______________________________________________________________
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>
> lsc-users mailing list
> [email protected]
> http://lists.lsc-project.org/listinfo/lsc-users
>
--
Sebastien BAHLOUL
IAM / Security specialist
Ldap Synchronization Connector : http://lsc-project.org
Blog : http://sbahloul.wordpress.com/
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
