There are a lot of records like this: Sep 24 08:42:41 - ERROR - Unable to get object for id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian
On Sat, Sep 24, 2011 at 8:41 AM, Avatar <[email protected]> wrote: > Yea, but may be can I ignore it? > > > On Sat, Sep 24, 2011 at 12:36 AM, Sébastien Bahloul < > [email protected]> wrote: > >> Hi Pavel, >> >> The issue for this run is that the LDAP search >> "(&(objectClass=organizationalPerson)([email protected]))" in >> "ou=DIT,dc=msk,dc=rian" >> is returning 2 or more entries. The LSC is not able to handle a >> synchronization from one to many. It requires that the filter you provide to >> find the destination object returns a unique entry. So check the filter or >> use other attribute values to make a more precise filter to obtain a >> one-to-one mapping. >> >> In your first try, the LSC was not able to found any entries from the >> source service, that's why I suggest you check your search filter through a >> LDAP browser and you modify either the base or the filter >> > base: ou=DIT,dc=msk,dc=rian >> > filter: (objectClass=organizationalPerson) >> > requested attributes: mail >> > and fix the corresponding parameter ! >> >> Regards. >> >> Le vendredi 23 septembre 2011, Avatar a écrit : >> >> Strange, but it is not synchronize anything. >>> Sorry, but I don't comprehend from your last mail what I have to change >>> in my config. >>> >>> >>> I run: >>> /usr/src/lsc-trunk-SNAPSHOT/bin/lsc -f /usr/src/lsc-trunk-SNAPSHOT/etc -n >>> -s all >>> >>> 10:16:46.270 [main] INFO o.l.c.XmlConfigurationHelper - Loading plugins >>> ... >>> 10:16:57.030 [main] INFO o.l.c.XmlConfigurationHelper - Plugins loaded >>> ... >>> 10:16:57.210 [main] INFO org.lsc.jndi.JndiServices - Connecting to LDAP >>> server ldap://ad0.rian.off:389/dc=msk,dc=rian as >>> cn=SA_LDAP-Reader,ou=Test&ServiceUsers,dc=msk,dc=rian >>> 10:16:57.330 [main] INFO org.lsc.jndi.JndiServices - Connecting to LDAP >>> server ldap://127.0.0.1/dc=dmz,dc=rian as cn=Directory Manager >>> 10:16:57.334 [main] WARN o.l.c.o.s.PropertiesBasedSyncOptions - Your >>> main identifier will be used as a DN ("mail=" + >>> srcBean.getAttributeFirstValueById("mail") + ",ou=DIT,dc=msk,dc=rian") in >>> LDAP destination service and does not end with the context dn >>> (dc=dmz,dc=rian). This is probably an error ! For LSC 1.X users, this is >>> part of the changelog to 2.X. >>> сен 23 10:16:57 - WARN - Starting sync for People >>> сен 23 10:16:57 - ERROR - Unable to get object for >>> id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian >>> сен 23 10:16:57 - ERROR - Too many entries returned (base: >>> "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail= >>> [email protected]))") >>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail= >>> [email protected]}: org.lsc.exception.LscServiceException: >>> javax.naming.SizeLimitExceededException: Too many entries returned (base: >>> "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail= >>> [email protected]))") >>> сен 23 10:16:57 - ERROR - Too many entries returned (base: >>> "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail= >>> [email protected]))") >>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail= >>> [email protected]}: org.lsc.exception.LscServiceException: >>> javax.naming.SizeLimitExceededException: Too many entries returned (base: >>> "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail= >>> [email protected]))") >>> сен 23 10:16:57 - ERROR - Unable to get object for >>> id=CN=КРОСС,OU=OSS,OU=DIT,DC=msk,DC=rian >>> сен 23 10:16:57 - ERROR - Unable to get object for >>> id=CN=sa_presscenter,OU=OTOPC,OU=DIT,DC=msk,DC=rian >>> сен 23 10:16:57 - ERROR - All entries: 46, to modify entries: 0, modified >>> entries: 0, errors: 5 >>> >>> >>> I understand: >>> Too many entries returned - it's duplicate in mail field >>> Unable to get object for id - there is no mail >>> >>> >>> Here is my full configuration: >>> <?xml version="1.0" ?> >>> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-1.0.xsd"; id="1" >>> revision="0"> >>> <connections id="2"> >>> <connection class="ldapConnection" id="3"> >>> <id>ldap-src-conn</id> >>> <url>ldap://ad0.rian.off:389/dc=msk,dc=rian</url> >>> >>> >>> <username>cn=SA_LDAP-Reade,ou=Test&ServiceUsers,dc=msk,dc=rian</username> >>> <password></password> >>> <authentication>SIMPLE</authentication> >>> <referral>IGNORE</referral> >>> <derefAliases>NEVER</derefAliases> >>> <version>VERSION_3</version> >>> <pageSize>-1</pageSize> >>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >>> <tlsActivated>false</tlsActivated> >>> </connection> >>> <connection class="ldapConnection" id="4"> >>> <id>ldap-dst-conn</id> >>> <url>ldap://127.0.0.1/dc=dmz,dc=rian</url> >>> <username>cn=Directory Manager</username> >>> <password></password> >>> <authentication>SIMPLE</authentication> >>> <referral>IGNORE</referral> >>> <derefAliases>NEVER</derefAliases> >>> <version>VERSION_3</version> >>> <pageSize>-1</pageSize> >>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >>> <tlsActivated>false</tlsActivated> >>> </connection> >>> </connections> >>> <audits id="5"> >>> <audit class="csvAudit"> >>> <name>csv</name> >>> <operations>create, delete</operations> >>> <datasets>cn, dn</datasets> >>> <separator>;</separator> >>> <append>true</append> >>> </audit> >>> <audit class="ldifAudit"> >>> <name>ldif</name> >>> <append>false</append> >>> </audit> >>> </audits> >>> <tasks id="6"> >>> <task id="7"> >>> <name>People</name> >>> <bean>org.lsc.beans.SimpleBean</bean> >>> <sourceService class="ldapSourceService" id="11"> >>> <name>openldap-source-service</name> >>> <connection reference="3" /> >>> <baseDn>ou=DIT,dc=msk,dc=rian</baseDn> >>> <pivotAttributes> >>> <string>mail</string> >>> </pivotAttributes> >>> <fetchedAttributes> >>> <string>description</string> >>> <string>cn</string> >>> <string>sn</string> >>> <string>userPassword</string> >>> <string>objectClass</string> >>> <string>uid</string> >>> <string>mail</string> >>> </fetchedAttributes> >>> <getAllFilter>(objectClass=organizationalPerson)</getAllFilter> >>> >>> >>> <getOneFilter>(&(objectClass=organizationalPerson)(mail={mail}))</getOneFilter> >>> </sourceService> >>> <destinationService class="ldapDestinationService" id="8"> >>> <name>opends-dst-service</name> >>> <connection reference="4" /> >>> <baseDn>ou=DIT,dc=dmz,dc=rian</baseDn> >>> <pivotAttributes id="9"> >>> <string>mail</string> >>> </pivotAttributes> >>> <fetchedAttributes id="10"> >>> <string>description</string> >>> <string>cn</string> >>> <string>sn</string> >>> <string>userPassword</string> >>> <string>objectClass</string> >>> <string>uid</string> >>> <string>mail</string> >>> </fetchedAttributes> >>> <getAllFilter>(objectClass=inetorgperson)</getAllFilter> >>> >>> >>> <getOneFilter>(&(objectClass=inetorgperson)(mail={mail}))</getOneFilter> >>> </destinationService> >>> <syncOptions class="propertiesBasedSyncOptions" id="12"> >>> <conditions id="13"></conditions> >>> <mainIdentifier>"mail=" + >>> srcBean.getAttributeFirstValueById("mail") + >>> ",ou=DIT,dc=msk,dc=rian"</mainIdentifier> >>> <defaultDelimiter>;</defaultDelimiter> >>> <defaultPolicy>FORCE</defaultPolicy> >>> </syncOptions> >>> </task> >>> </tasks> >>> </lsc> >>> >>> >>> >>> On Thu, Sep 22, 2011 at 6:21 PM, Sébastien Bahloul < >>> [email protected]> wrote: >>> > Oh ! I read the first error message to fast : the error is simply that >>> the >>> > first list request on the source directory has not returned any data. >>> > Try an external search with the following parameter on your source >>> directory >>> > : >>> > base: ou=DIT,dc=msk,dc=rian >>> > filter: (objectClass=organizationalPerson) >>> > requested attributes: mail >>> > and fix the corresponding parameter ! >>> > Regards >>> > >>> > -- >>> > Sebastien BAHLOUL >>> > IAM / Security specialist >>> > Ldap Synchronization Connector : http://lsc-project.org >>> > Blog : http://sbahloul.wordpress.com/ >>> > >>> >>> >>> -- >>> Rgrds, Pavel Morozov >>> >>> >> >> -- >> Sebastien BAHLOUL >> IAM / Security specialist >> Ldap Synchronization Connector : http://lsc-project.org >> Blog : http://sbahloul.wordpress.com/ >> >> > > > -- > Rgrds, Pavel Morozov > -- Rgrds, Pavel Morozov
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
