Edward, I finally find the link : you will find a contributed sample configuration with correct comma handling :
http://lists.lsc-project.org/pipermail/lsc-users/2010-August/000440.html Regards, 2011/4/22 Sébastien Bahloul <[email protected]> > Hi Edward, > > This issue is related to the fact that RDN value can not contain unescaped > comma. I suggest you try something like : > > lsc.tasks.ADsync.dn = "cn=" + > srcBean.getAttributeValueById("cn").replaceAll(",", "\\\\,") + ",ou=users" > > I'm not sure about the number of backslash you must use (JavaScript/Java > mix), but by escaping the comma with the backslash, the RDN value must be > correct. > > Regards, > > 2011/4/21 Beuerlein, Edward <[email protected]> > > Hi, >> I am using lsc-1.2.1-0.el5 and I am trying to sync Active Directory to >> OpenLDAP. I am having issues with commas in the CN section of the AD users. >> I have read through the mailing lists and all documentation on the website >> and I see other's having similar issue but I haven't seen a solution posted. >> Here is the error I get when I try to run lsc against both ldap servers: >> >> Apr 15 14:45:14 - ERROR - Error while adding entry cn=Plante, >> Marc,ou=users in directory :javax.naming.InvalidNameException: Invalid name: >> cn=Plante, Marc,ou=users >> Apr 15 14:45:14 - ERROR - Error while synchronizing ID cn=Plante, >> Marc,ou=users: java.lang.Exception: Technical problem while applying >> modifications to directory >> dn: cn=Plante, Marc,ou=users,dc=example,dc=com >> >> Please let me know the best way to handle this issue-I am just trying to >> sync users. >> >> >> Thanks! >> -Eddie B. >> >> Here's my lsc.properties file: >> # This section is mandatory since all synchronizations currently go to an >> LDAP d >> irectory. >> >> # Connection URL. This must include a valid LDAP context. >> dst.java.naming.provider.url = ldap://localhost:389/dc=example,dc=com >> >> # Authentication type. >> # "none" causes an anonymous bind. "simple" performs a standard bind. >> dst.java.naming.security.authentication = simple >> >> # Bind DN to use if authentication type is "simple" >> dst.java.naming.security.principal = cn=Manager,dc=example,dc=com >> >> # Bind password to use if authentication type is "simple" >> dst.java.naming.security.credentials = secret >> >> # Follow referrals in searches? >> # Allowed values are "ignore", "follow". >> dst.java.naming.referral = ignore >> >> # Dereference aliases in searches? >> # Allowed values are "never", "search", "find", "always" >> dst.java.naming.ldap.derefAliases = never >> >> # Standard properties. These should not be changed. >> dst.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory >> dst.java.naming.ldap.version = 3 >> >> ######################### >> # Source LDAP directory # >> ######################### >> # This section can safely be deleted if you are not using ldap2ldap >> synchronizat >> ion. >> >> # Connection URL. This must include a valid LDAP context. >> src.java.naming.provider.url = ldap://test01.neustar.com:389/dc=neu >> star,dc=com <http://test01.neustar.com:389/dc=neustar,dc=com> >> >> # Authentication type. >> # "none" causes an anonymous bind. "simple" performs a standard bind. >> src.java.naming.security.authentication = simple >> >> # Bind DN to use if authentication type is "simple" >> src.java.naming.security.principal = [email protected] >> >> # Bind password to use if authentication type is "simple" >> src.java.naming.security.credentials = password >> >> # Follow referrals in searches? >> # Allowed values are "ignore", "follow". >> src.java.naming.referral = ignore >> >> # Dereference aliases in searches? >> # Allowed values are "never", "search", "find", "always" >> src.java.naming.ldap.derefAliases = never >> >> # Standard properties. These should not be changed. >> src.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory >> src.java.naming.ldap.version = 3 >> >> # AD requires paging and won't allow queries over 1000 without it. >> src.java.naming.ldap.pageSize = 1000 >> >> lsc.tasks = ADsync >> >> lsc.tasks.ADsync.srcService = org.lsc.jndi.SimpleJndiSrcService >> >> >> ### SimpleJndiSrcService parameters >> >> lsc.tasks.ADsync.srcService.baseDn = ou=Employee,ou=User-Accounts >> >> lsc.tasks.ADsync.srcService.filterAll = >> (&(objectClass=user)(!(objectClass=computer))(cn=*)) >> >> lsc.tasks.ADsync.srcService.pivotAttrs = sAMAccountName >> >> lsc.tasks.ADsync.srcService.filterId = >> (|(sAMAccountName={sAMAccountName})(sAMAccountName={uid})) >> >> lsc.tasks.ADsync.srcService.attrs = description cn sn givenName >> postofficebox mail sAMAccountName >> ### END of SimpleJndiSrcService parameters >> >> >> lsc.tasks.ADsync.dstService = org.lsc.jndi.SimpleJndiDstService >> >> >> lsc.tasks.ADsync.dstService.baseDn = ou=users >> >> lsc.tasks.ADsync.dstService.filterAll = (objectClass=inetOrgPerson) >> >> lsc.tasks.ADsync.dstService.pivotAttrs = uid >> >> lsc.tasks.ADsync.dstService.filterId = >> (|(uid={sAMAccountName})(uid={uid})) >> >> lsc.tasks.ADsync.dstService.attrs = description cn sn uid mail givenName >> employeenumber objectClass >> ### END of SimpleJndiDstService parameters >> >> >> lsc.tasks.ADsync.bean = org.lsc.beans.SimpleBean >> >> lsc.tasks.ADsync.dn = "cn=" + srcBean.getAttributeValueById("cn") + >> ",ou=users" >> >> dn.real_root = dc=example,dc=com >> >> ############################# >> # Syncoptions configuration # >> ############################# >> lsc.syncoptions.ADsync = >> org.lsc.beans.syncoptions.PropertiesBasedSyncOptions >> >> lsc.syncoptions.ADsync.default.action = K >> >> lsc.syncoptions.ADsync.default.delimiter = $ >> >> lsc.syncoptions.ADsync.uid.create_value = >> srcBean.getAttributeValueById("sAMAccountName") >> >> lsc.syncoptions.ADsync.employeenumber.create_value = >> srcBean.getAttributeValueById("postofficebox") >> >> lsc.syncoptions.ADsync.objectClass.action = F >> lsc.syncoptions.ADsync.objectClass.force_value = >> "top";"person";"organizationalPerson" >> _______________________________________________________________ >> Ldap Synchronization Connector (LSC) - http://lsc-project.org >> >> lsc-users mailing list >> [email protected] >> http://lists.lsc-project.org/listinfo/lsc-users >> > > > > -- > Sebastien BAHLOUL > IAM / Security specialist > Ldap Synchronization Connector : http://lsc-project.org > Blog : http://sbahloul.wordpress.com/ > > -- Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
