Can you take a look to see if any "Unable to get object for id=" is following a error like the following line ?
Too many entries returned (base: "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)([email protected]))") It this is the case, fix the last issue and you would not see any "Unable to get object..." error message. And you need to fix this error because the corresponding entry will not be synchronized otherwise. Regards, -- Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2011/9/24 Avatar <[email protected]> > There are a lot of records like this: > > Sep 24 08:42:41 - ERROR - Unable to get object for id=CN=ААААА_СТАНДАРТНЫЙ > ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian > > > On Sat, Sep 24, 2011 at 8:41 AM, Avatar <[email protected]> wrote: > >> Yea, but may be can I ignore it? >> >> >> On Sat, Sep 24, 2011 at 12:36 AM, Sébastien Bahloul < >> [email protected]> wrote: >> >>> Hi Pavel, >>> >>> The issue for this run is that the LDAP search >>> "(&(objectClass=organizationalPerson)([email protected]))" in >>> "ou=DIT,dc=msk,dc=rian" >>> is returning 2 or more entries. The LSC is not able to handle a >>> synchronization from one to many. It requires that the filter you provide to >>> find the destination object returns a unique entry. So check the filter or >>> use other attribute values to make a more precise filter to obtain a >>> one-to-one mapping. >>> >>> In your first try, the LSC was not able to found any entries from the >>> source service, that's why I suggest you check your search filter through a >>> LDAP browser and you modify either the base or the filter >>> > base: ou=DIT,dc=msk,dc=rian >>> > filter: (objectClass=organizationalPerson) >>> > requested attributes: mail >>> > and fix the corresponding parameter ! >>> >>> Regards. >>> >>> Le vendredi 23 septembre 2011, Avatar a écrit : >>> >>> Strange, but it is not synchronize anything. >>>> Sorry, but I don't comprehend from your last mail what I have to change >>>> in my config. >>>> >>>> >>>> I run: >>>> /usr/src/lsc-trunk-SNAPSHOT/bin/lsc -f /usr/src/lsc-trunk-SNAPSHOT/etc >>>> -n -s all >>>> >>>> 10:16:46.270 [main] INFO o.l.c.XmlConfigurationHelper - Loading plugins >>>> ... >>>> 10:16:57.030 [main] INFO o.l.c.XmlConfigurationHelper - Plugins loaded >>>> ... >>>> 10:16:57.210 [main] INFO org.lsc.jndi.JndiServices - Connecting to LDAP >>>> server ldap://ad0.rian.off:389/dc=msk,dc=rian as >>>> cn=SA_LDAP-Reader,ou=Test&ServiceUsers,dc=msk,dc=rian >>>> 10:16:57.330 [main] INFO org.lsc.jndi.JndiServices - Connecting to LDAP >>>> server ldap://127.0.0.1/dc=dmz,dc=rian as cn=Directory Manager >>>> 10:16:57.334 [main] WARN o.l.c.o.s.PropertiesBasedSyncOptions - Your >>>> main identifier will be used as a DN ("mail=" + >>>> srcBean.getAttributeFirstValueById("mail") + ",ou=DIT,dc=msk,dc=rian") in >>>> LDAP destination service and does not end with the context dn >>>> (dc=dmz,dc=rian). This is probably an error ! For LSC 1.X users, this is >>>> part of the changelog to 2.X. >>>> сен 23 10:16:57 - WARN - Starting sync for People >>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>> id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian >>>> сен 23 10:16:57 - ERROR - Too many entries returned (base: >>>> "ou=DIT,dc=msk,dc=rian", filter: >>>> "(&(objectClass=organizationalPerson)(mail= >>>> [email protected]))") >>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail= >>>> [email protected]}: org.lsc.exception.LscServiceException: >>>> javax.naming.SizeLimitExceededException: Too many entries returned (base: >>>> "ou=DIT,dc=msk,dc=rian", filter: >>>> "(&(objectClass=organizationalPerson)(mail= >>>> [email protected]))") >>>> сен 23 10:16:57 - ERROR - Too many entries returned (base: >>>> "ou=DIT,dc=msk,dc=rian", filter: >>>> "(&(objectClass=organizationalPerson)(mail= >>>> [email protected]))") >>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail= >>>> [email protected]}: org.lsc.exception.LscServiceException: >>>> javax.naming.SizeLimitExceededException: Too many entries returned (base: >>>> "ou=DIT,dc=msk,dc=rian", filter: >>>> "(&(objectClass=organizationalPerson)(mail= >>>> [email protected]))") >>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>> id=CN=КРОСС,OU=OSS,OU=DIT,DC=msk,DC=rian >>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>> id=CN=sa_presscenter,OU=OTOPC,OU=DIT,DC=msk,DC=rian >>>> сен 23 10:16:57 - ERROR - All entries: 46, to modify entries: 0, >>>> modified entries: 0, errors: 5 >>>> >>>> >>>> I understand: >>>> Too many entries returned - it's duplicate in mail field >>>> Unable to get object for id - there is no mail >>>> >>>> >>>> Here is my full configuration: >>>> <?xml version="1.0" ?> >>>> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-1.0.xsd"; id="1" >>>> revision="0"> >>>> <connections id="2"> >>>> <connection class="ldapConnection" id="3"> >>>> <id>ldap-src-conn</id> >>>> <url>ldap://ad0.rian.off:389/dc=msk,dc=rian</url> >>>> >>>> >>>> <username>cn=SA_LDAP-Reade,ou=Test&ServiceUsers,dc=msk,dc=rian</username> >>>> <password></password> >>>> <authentication>SIMPLE</authentication> >>>> <referral>IGNORE</referral> >>>> <derefAliases>NEVER</derefAliases> >>>> <version>VERSION_3</version> >>>> <pageSize>-1</pageSize> >>>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >>>> <tlsActivated>false</tlsActivated> >>>> </connection> >>>> <connection class="ldapConnection" id="4"> >>>> <id>ldap-dst-conn</id> >>>> <url>ldap://127.0.0.1/dc=dmz,dc=rian</url> >>>> <username>cn=Directory Manager</username> >>>> <password></password> >>>> <authentication>SIMPLE</authentication> >>>> <referral>IGNORE</referral> >>>> <derefAliases>NEVER</derefAliases> >>>> <version>VERSION_3</version> >>>> <pageSize>-1</pageSize> >>>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >>>> <tlsActivated>false</tlsActivated> >>>> </connection> >>>> </connections> >>>> <audits id="5"> >>>> <audit class="csvAudit"> >>>> <name>csv</name> >>>> <operations>create, delete</operations> >>>> <datasets>cn, dn</datasets> >>>> <separator>;</separator> >>>> <append>true</append> >>>> </audit> >>>> <audit class="ldifAudit"> >>>> <name>ldif</name> >>>> <append>false</append> >>>> </audit> >>>> </audits> >>>> <tasks id="6"> >>>> <task id="7"> >>>> <name>People</name> >>>> <bean>org.lsc.beans.SimpleBean</bean> >>>> <sourceService class="ldapSourceService" id="11"> >>>> <name>openldap-source-service</name> >>>> <connection reference="3" /> >>>> <baseDn>ou=DIT,dc=msk,dc=rian</baseDn> >>>> <pivotAttributes> >>>> <string>mail</string> >>>> </pivotAttributes> >>>> <fetchedAttributes> >>>> <string>description</string> >>>> <string>cn</string> >>>> <string>sn</string> >>>> <string>userPassword</string> >>>> <string>objectClass</string> >>>> <string>uid</string> >>>> <string>mail</string> >>>> </fetchedAttributes> >>>> <getAllFilter>(objectClass=organizationalPerson)</getAllFilter> >>>> >>>> >>>> <getOneFilter>(&(objectClass=organizationalPerson)(mail={mail}))</getOneFilter> >>>> </sourceService> >>>> <destinationService class="ldapDestinationService" id="8"> >>>> <name>opends-dst-service</name> >>>> <connection reference="4" /> >>>> <baseDn>ou=DIT,dc=dmz,dc=rian</baseDn> >>>> <pivotAttributes id="9"> >>>> <string>mail</string> >>>> </pivotAttributes> >>>> <fetchedAttributes id="10"> >>>> <string>description</string> >>>> <string>cn</string> >>>> <string>sn</string> >>>> <string>userPassword</string> >>>> <string>objectClass</string> >>>> <string>uid</string> >>>> <string>mail</string> >>>> </fetchedAttributes> >>>> <getAllFilter>(objectClass=inetorgperson)</getAllFilter> >>>> >>>> >>>> <getOneFilter>(&(objectClass=inetorgperson)(mail={mail}))</getOneFilter> >>>> </destinationService> >>>> <syncOptions class="propertiesBasedSyncOptions" id="12"> >>>> <conditions id="13"></conditions> >>>> <mainIdentifier>"mail=" + >>>> srcBean.getAttributeFirstValueById("mail") + >>>> ",ou=DIT,dc=msk,dc=rian"</mainIdentifier> >>>> <defaultDelimiter>;</defaultDelimiter> >>>> <defaultPolicy>FORCE</defaultPolicy> >>>> </syncOptions> >>>> </task> >>>> </tasks> >>>> </lsc> >>>> >>>> >>>> >>>> On Thu, Sep 22, 2011 at 6:21 PM, Sébastien Bahloul < >>>> [email protected]> wrote: >>>> > Oh ! I read the first error message to fast : the error is simply that >>>> the >>>> > first list request on the source directory has not returned any data. >>>> > Try an external search with the following parameter on your source >>>> directory >>>> > : >>>> > base: ou=DIT,dc=msk,dc=rian >>>> > filter: (objectClass=organizationalPerson) >>>> > requested attributes: mail >>>> > and fix the corresponding parameter ! >>>> > Regards >>>> > >>>> > -- >>>> > Sebastien BAHLOUL >>>> > IAM / Security specialist >>>> > Ldap Synchronization Connector : http://lsc-project.org >>>> > Blog : http://sbahloul.wordpress.com/ >>>> > >>>> >>>> >>>> -- >>>> Rgrds, Pavel Morozov >>>> >>>> >>> >>> -- >>> Sebastien BAHLOUL >>> IAM / Security specialist >>> Ldap Synchronization Connector : http://lsc-project.org >>> Blog : http://sbahloul.wordpress.com/ >>> >>> >> >> >> -- >> Rgrds, Pavel Morozov >> > > > > -- > Rgrds, Pavel Morozov >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
