Good point! I will do that instead...btw I did get it working correctly using the mailing list information that Sebastien sent me... -Edward Beuerlein
From: [email protected] [mailto:[email protected]] On Behalf Of Sébastien Bahloul Sent: Wednesday, April 27, 2011 7:33 AM To: lsc-users Subject: Re: [lsc-users] Auto-discard notification I just forward Pelgrim message. Regards, ---------- Message transféré ---------- From: "Pelgrim, T. (ICT)" <[email protected]<mailto:[email protected]>> To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Wed, 27 Apr 2011 13:27:50 +0200 Subject: RE: [lsc-users] Issue with commas in DN Hello Edward, I also started out this way but found out that using the "uid" attribute for the user RDN is much more practical. I still use the "cn" attribute for the group RDN. Regards, TeunJan -----Original message----- To: [email protected]<mailto:[email protected]>; From: Beuerlein, Edward <[email protected]<mailto:[email protected]>> Sent: Fri 22-04-2011 17:04 Subject: Re: [lsc-users] Issue with commas in DN Attachment: inline.txt Sébastien, Thank you, I will give that a try... -Edward Beuerlein From: Sébastien Bahloul [mailto:[email protected]<mailto:[email protected]>] Sent: Friday, April 22, 2011 2:25 AM To: Beuerlein, Edward Cc: [email protected]<mailto:[email protected]> Subject: Re: [lsc-users] Issue with commas in DN Edward, I finally find the link : you will find a contributed sample configuration with correct comma handling : http://lists.lsc-project.org/pipermail/lsc-users/2010-August/000440.html Regards, 2011/4/22 Sébastien Bahloul <[email protected]<mailto:[email protected]>> Hi Edward, This issue is related to the fact that RDN value can not contain unescaped comma. I suggest you try something like : lsc.tasks.ADsync.dn = "cn=" + srcBean.getAttributeValueById("cn").replaceAll(",", "\\\\,") + ",ou=users" I'm not sure about the number of backslash you must use (JavaScript/Java mix), but by escaping the comma with the backslash, the RDN value must be correct. Regards, 2011/4/21 Beuerlein, Edward <[email protected]<mailto:[email protected]>> Hi, I am using lsc-1.2.1-0.el5 and I am trying to sync Active Directory to OpenLDAP. I am having issues with commas in the CN section of the AD users. I have read through the mailing lists and all documentation on the website and I see other's having similar issue but I haven't seen a solution posted. Here is the error I get when I try to run lsc against both ldap servers: Apr 15 14:45:14 - ERROR - Error while adding entry cn=Plante, Marc,ou=users in directory :javax.naming.InvalidNameException: Invalid name: cn=Plante, Marc,ou=users Apr 15 14:45:14 - ERROR - Error while synchronizing ID cn=Plante, Marc,ou=users: java.lang.Exception: Technical problem while applying modifications to directory dn: cn=Plante, Marc,ou=users,dc=example,dc=com Please let me know the best way to handle this issue-I am just trying to sync users. Thanks! -Eddie B. Here's my lsc.properties file: # This section is mandatory since all synchronizations currently go to an LDAP d irectory. # Connection URL. This must include a valid LDAP context. dst.java.naming.provider.url = ldap://localhost:389/dc=example,dc=com # Authentication type. # "none" causes an anonymous bind. "simple" performs a standard bind. dst.java.naming.security.authentication = simple # Bind DN to use if authentication type is "simple" dst.java.naming.security.principal = cn=Manager,dc=example,dc=com # Bind password to use if authentication type is "simple" dst.java.naming.security.credentials = secret # Follow referrals in searches? # Allowed values are "ignore", "follow". dst.java.naming.referral = ignore # Dereference aliases in searches? # Allowed values are "never", "search", "find", "always" dst.java.naming.ldap.derefAliases = never # Standard properties. These should not be changed. dst.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory dst.java.naming.ldap.version = 3 ######################### # Source LDAP directory # ######################### # This section can safely be deleted if you are not using ldap2ldap synchronizat ion. # Connection URL. This must include a valid LDAP context. src.java.naming.provider.url = ldap://test01.neustar.com:389/dc=neu star,dc=com<http://test01.neustar.com:389/dc=neustar,dc=com> # Authentication type. # "none" causes an anonymous bind. "simple" performs a standard bind. src.java.naming.security.authentication = simple # Bind DN to use if authentication type is "simple" src.java.naming.security.principal = [email protected]<mailto:[email protected]> # Bind password to use if authentication type is "simple" src.java.naming.security.credentials = password # Follow referrals in searches? # Allowed values are "ignore", "follow". src.java.naming.referral = ignore # Dereference aliases in searches? # Allowed values are "never", "search", "find", "always" src.java.naming.ldap.derefAliases = never # Standard properties. These should not be changed. src.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory src.java.naming.ldap.version = 3 # AD requires paging and won't allow queries over 1000 without it. src.java.naming.ldap.pageSize = 1000 lsc.tasks = ADsync lsc.tasks.ADsync.srcService = org.lsc.jndi.SimpleJndiSrcService ### SimpleJndiSrcService parameters lsc.tasks.ADsync.srcService.baseDn = ou=Employee,ou=User-Accounts lsc.tasks.ADsync.srcService.filterAll = (&(objectClass=user)(!(objectClass=computer))(cn=*)) lsc.tasks.ADsync.srcService.pivotAttrs = sAMAccountName lsc.tasks.ADsync.srcService.filterId = (|(sAMAccountName={sAMAccountName})(sAMAccountName={uid})) lsc.tasks.ADsync.srcService.attrs = description cn sn givenName postofficebox mail sAMAccountName ### END of SimpleJndiSrcService parameters lsc.tasks.ADsync.dstService = org.lsc.jndi.SimpleJndiDstService lsc.tasks.ADsync.dstService.baseDn = ou=users lsc.tasks.ADsync.dstService.filterAll = (objectClass=inetOrgPerson) lsc.tasks.ADsync.dstService.pivotAttrs = uid lsc.tasks.ADsync.dstService.filterId = (|(uid={sAMAccountName})(uid={uid})) lsc.tasks.ADsync.dstService.attrs = description cn sn uid mail givenName employeenumber objectClass ### END of SimpleJndiDstService parameters lsc.tasks.ADsync.bean = org.lsc.beans.SimpleBean lsc.tasks.ADsync.dn = "cn=" + srcBean.getAttributeValueById("cn") + ",ou=users" dn.real_root = dc=example,dc=com ############################# # Syncoptions configuration # ############################# lsc.syncoptions.ADsync = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions lsc.syncoptions.ADsync.default.action = K lsc.syncoptions.ADsync.default.delimiter = $ lsc.syncoptions.ADsync.uid.create_value = srcBean.getAttributeValueById("sAMAccountName") lsc.syncoptions.ADsync.employeenumber.create_value = srcBean.getAttributeValueById("postofficebox") lsc.syncoptions.ADsync.objectClass.action = F lsc.syncoptions.ADsync.objectClass.force_value = "top";"person";"organizationalPerson" _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected]<mailto:[email protected]> http://lists.lsc-project.org/listinfo/lsc-users -- Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ -- Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ -- Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
