Hi Pavel, The issue for this run is that the LDAP search "(&(objectClass=organizationalPerson)([email protected]))" in "ou=DIT,dc=msk,dc=rian" is returning 2 or more entries. The LSC is not able to handle a synchronization from one to many. It requires that the filter you provide to find the destination object returns a unique entry. So check the filter or use other attribute values to make a more precise filter to obtain a one-to-one mapping.
In your first try, the LSC was not able to found any entries from the source service, that's why I suggest you check your search filter through a LDAP browser and you modify either the base or the filter > base: ou=DIT,dc=msk,dc=rian > filter: (objectClass=organizationalPerson) > requested attributes: mail > and fix the corresponding parameter ! Regards. Le vendredi 23 septembre 2011, Avatar a écrit : > Strange, but it is not synchronize anything. > Sorry, but I don't comprehend from your last mail what I have to change in > my config. > > > I run: > /usr/src/lsc-trunk-SNAPSHOT/bin/lsc -f /usr/src/lsc-trunk-SNAPSHOT/etc -n > -s all > > 10:16:46.270 [main] INFO o.l.c.XmlConfigurationHelper - Loading plugins > ... > 10:16:57.030 [main] INFO o.l.c.XmlConfigurationHelper - Plugins loaded ... > 10:16:57.210 [main] INFO org.lsc.jndi.JndiServices - Connecting to LDAP > server ldap://ad0.rian.off:389/dc=msk,dc=rian as > cn=SA_LDAP-Reader,ou=Test&ServiceUsers,dc=msk,dc=rian > 10:16:57.330 [main] INFO org.lsc.jndi.JndiServices - Connecting to LDAP > server ldap://127.0.0.1/dc=dmz,dc=rian as cn=Directory Manager > 10:16:57.334 [main] WARN o.l.c.o.s.PropertiesBasedSyncOptions - Your main > identifier will be used as a DN ("mail=" + > srcBean.getAttributeFirstValueById("mail") + ",ou=DIT,dc=msk,dc=rian") in > LDAP destination service and does not end with the context dn > (dc=dmz,dc=rian). This is probably an error ! For LSC 1.X users, this is > part of the changelog to 2.X. > сен 23 10:16:57 - WARN - Starting sync for People > сен 23 10:16:57 - ERROR - Unable to get object for id=CN=ААААА_СТАНДАРТНЫЙ > ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian > сен 23 10:16:57 - ERROR - Too many entries returned (base: > "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail= > [email protected] <javascript:_e({}, 'cvml', '[email protected]');> > ))") > сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail= > [email protected] <javascript:_e({}, 'cvml', '[email protected]');>}: > org.lsc.exception.LscServiceException: > javax.naming.SizeLimitExceededException: Too many entries returned (base: > "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail= > [email protected] <javascript:_e({}, 'cvml', '[email protected]');> > ))") > сен 23 10:16:57 - ERROR - Too many entries returned (base: > "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail= > [email protected] <javascript:_e({}, 'cvml', '[email protected]');> > ))") > сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail= > [email protected] <javascript:_e({}, 'cvml', '[email protected]');>}: > org.lsc.exception.LscServiceException: > javax.naming.SizeLimitExceededException: Too many entries returned (base: > "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail= > [email protected] <javascript:_e({}, 'cvml', '[email protected]');> > ))") > сен 23 10:16:57 - ERROR - Unable to get object for > id=CN=КРОСС,OU=OSS,OU=DIT,DC=msk,DC=rian > сен 23 10:16:57 - ERROR - Unable to get object for > id=CN=sa_presscenter,OU=OTOPC,OU=DIT,DC=msk,DC=rian > сен 23 10:16:57 - ERROR - All entries: 46, to modify entries: 0, modified > entries: 0, errors: 5 > > > I understand: > Too many entries returned - it's duplicate in mail field > Unable to get object for id - there is no mail > > > Here is my full configuration: > <?xml version="1.0" ?> > <lsc xmlns="http://lsc-project.org/XSD/lsc-core-1.0.xsd"; id="1" > revision="0"> > <connections id="2"> > <connection class="ldapConnection" id="3"> > <id>ldap-src-conn</id> > <url>ldap://ad0.rian.off:389/dc=msk,dc=rian</url> > > <username>cn=SA_LDAP-Reade,ou=Test&ServiceUsers,dc=msk,dc=rian</username> > <password></password> > <authentication>SIMPLE</authentication> > <referral>IGNORE</referral> > <derefAliases>NEVER</derefAliases> > <version>VERSION_3</version> > <pageSize>-1</pageSize> > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > <tlsActivated>false</tlsActivated> > </connection> > <connection class="ldapConnection" id="4"> > <id>ldap-dst-conn</id> > <url>ldap://127.0.0.1/dc=dmz,dc=rian</url> > <username>cn=Directory Manager</username> > <password></password> > <authentication>SIMPLE</authentication> > <referral>IGNORE</referral> > <derefAliases>NEVER</derefAliases> > <version>VERSION_3</version> > <pageSize>-1</pageSize> > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > <tlsActivated>false</tlsActivated> > </connection> > </connections> > <audits id="5"> > <audit class="csvAudit"> > <name>csv</name> > <operations>create, delete</operations> > <datasets>cn, dn</datasets> > <separator>;</separator> > <append>true</append> > </audit> > <audit class="ldifAudit"> > <name>ldif</name> > <append>false</append> > </audit> > </audits> > <tasks id="6"> > <task id="7"> > <name>People</name> > <bean>org.lsc.beans.SimpleBean</bean> > <sourceService class="ldapSourceService" id="11"> > <name>openldap-source-service</name> > <connection reference="3" /> > <baseDn>ou=DIT,dc=msk,dc=rian</baseDn> > <pivotAttributes> > <string>mail</string> > </pivotAttributes> > <fetchedAttributes> > <string>description</string> > <string>cn</string> > <string>sn</string> > <string>userPassword</string> > <string>objectClass</string> > <string>uid</string> > <string>mail</string> > </fetchedAttributes> > <getAllFilter>(objectClass=organizationalPerson)</getAllFilter> > > > <getOneFilter>(&(objectClass=organizationalPerson)(mail={mail}))</getOneFilter> > </sourceService> > <destinationService class="ldapDestinationService" id="8"> > <name>opends-dst-service</name> > <connection reference="4" /> > <baseDn>ou=DIT,dc=dmz,dc=rian</baseDn> > <pivotAttributes id="9"> > <string>mail</string> > </pivotAttributes> > <fetchedAttributes id="10"> > <string>description</string> > <string>cn</string> > <string>sn</string> > <string>userPassword</string> > <string>objectClass</string> > <string>uid</string> > <string>mail</string> > </fetchedAttributes> > <getAllFilter>(objectClass=inetorgperson)</getAllFilter> > > <getOneFilter>(&(objectClass=inetorgperson)(mail={mail}))</getOneFilter> > </destinationService> > <syncOptions class="propertiesBasedSyncOptions" id="12"> > <conditions id="13"></conditions> > <mainIdentifier>"mail=" + srcBean.getAttributeFirstValueById("mail") > + ",ou=DIT,dc=msk,dc=rian"</mainIdentifier> > <defaultDelimiter>;</defaultDelimiter> > <defaultPolicy>FORCE</defaultPolicy> > </syncOptions> > </task> > </tasks> > </lsc> > > > > On Thu, Sep 22, 2011 at 6:21 PM, Sébastien Bahloul < > [email protected] <javascript:_e({}, 'cvml', > '[email protected]');>> wrote: > > Oh ! I read the first error message to fast : the error is simply that > the > > first list request on the source directory has not returned any data. > > Try an external search with the following parameter on your source > directory > > : > > base: ou=DIT,dc=msk,dc=rian > > filter: (objectClass=organizationalPerson) > > requested attributes: mail > > and fix the corresponding parameter ! > > Regards > > > > -- > > Sebastien BAHLOUL > > IAM / Security specialist > > Ldap Synchronization Connector : http://lsc-project.org > > Blog : http://sbahloul.wordpress.com/ > > > > > -- > Rgrds, Pavel Morozov > > -- Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
