First of all it seems all object of this OU come with error. I took 2 person to check their mail out and it is. And mails are different. Maybe there is some debug output, is there?
On Mon, Sep 26, 2011 at 2:03 AM, Sébastien Bahloul < [email protected]> wrote: > Can you take a look to see if any "Unable to get object for id=" is > following a error like the following line ? > > Too many entries returned (base: "ou=DIT,dc=msk,dc=rian", filter: > "(&(objectClass=organizationalPerson)([email protected]))") > > It this is the case, fix the last issue and you would not see any "Unable > to get object..." error message. > > And you need to fix this error because the corresponding entry will not be > synchronized otherwise. > > Regards, > -- > Sebastien BAHLOUL > IAM / Security specialist > Ldap Synchronization Connector : http://lsc-project.org > Blog : http://sbahloul.wordpress.com/ > > > > 2011/9/24 Avatar <[email protected]> > >> There are a lot of records like this: >> >> Sep 24 08:42:41 - ERROR - Unable to get object for id=CN=ААААА_СТАНДАРТНЫЙ >> ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian >> >> >> On Sat, Sep 24, 2011 at 8:41 AM, Avatar <[email protected]> wrote: >> >>> Yea, but may be can I ignore it? >>> >>> >>> On Sat, Sep 24, 2011 at 12:36 AM, Sébastien Bahloul < >>> [email protected]> wrote: >>> >>>> Hi Pavel, >>>> >>>> The issue for this run is that the LDAP search >>>> "(&(objectClass=organizationalPerson)([email protected]))" in >>>> "ou=DIT,dc=msk,dc=rian" >>>> is returning 2 or more entries. The LSC is not able to handle a >>>> synchronization from one to many. It requires that the filter you provide >>>> to >>>> find the destination object returns a unique entry. So check the filter or >>>> use other attribute values to make a more precise filter to obtain a >>>> one-to-one mapping. >>>> >>>> In your first try, the LSC was not able to found any entries from the >>>> source service, that's why I suggest you check your search filter through a >>>> LDAP browser and you modify either the base or the filter >>>> > base: ou=DIT,dc=msk,dc=rian >>>> > filter: (objectClass=organizationalPerson) >>>> > requested attributes: mail >>>> > and fix the corresponding parameter ! >>>> >>>> Regards. >>>> >>>> Le vendredi 23 septembre 2011, Avatar a écrit : >>>> >>>> Strange, but it is not synchronize anything. >>>>> Sorry, but I don't comprehend from your last mail what I have to change >>>>> in my config. >>>>> >>>>> >>>>> I run: >>>>> /usr/src/lsc-trunk-SNAPSHOT/bin/lsc -f /usr/src/lsc-trunk-SNAPSHOT/etc >>>>> -n -s all >>>>> >>>>> 10:16:46.270 [main] INFO o.l.c.XmlConfigurationHelper - Loading >>>>> plugins ... >>>>> 10:16:57.030 [main] INFO o.l.c.XmlConfigurationHelper - Plugins loaded >>>>> ... >>>>> 10:16:57.210 [main] INFO org.lsc.jndi.JndiServices - Connecting to >>>>> LDAP server ldap://ad0.rian.off:389/dc=msk,dc=rian as >>>>> cn=SA_LDAP-Reader,ou=Test&ServiceUsers,dc=msk,dc=rian >>>>> 10:16:57.330 [main] INFO org.lsc.jndi.JndiServices - Connecting to >>>>> LDAP server ldap://127.0.0.1/dc=dmz,dc=rian as cn=Directory Manager >>>>> 10:16:57.334 [main] WARN o.l.c.o.s.PropertiesBasedSyncOptions - Your >>>>> main identifier will be used as a DN ("mail=" + >>>>> srcBean.getAttributeFirstValueById("mail") + ",ou=DIT,dc=msk,dc=rian") in >>>>> LDAP destination service and does not end with the context dn >>>>> (dc=dmz,dc=rian). This is probably an error ! For LSC 1.X users, this is >>>>> part of the changelog to 2.X. >>>>> сен 23 10:16:57 - WARN - Starting sync for People >>>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>>> id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian >>>>> сен 23 10:16:57 - ERROR - Too many entries returned (base: >>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>> "(&(objectClass=organizationalPerson)(mail= >>>>> [email protected]))") >>>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail= >>>>> [email protected]}: org.lsc.exception.LscServiceException: >>>>> javax.naming.SizeLimitExceededException: Too many entries returned (base: >>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>> "(&(objectClass=organizationalPerson)(mail= >>>>> [email protected]))") >>>>> сен 23 10:16:57 - ERROR - Too many entries returned (base: >>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>> "(&(objectClass=organizationalPerson)(mail= >>>>> [email protected]))") >>>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail= >>>>> [email protected]}: org.lsc.exception.LscServiceException: >>>>> javax.naming.SizeLimitExceededException: Too many entries returned (base: >>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>> "(&(objectClass=organizationalPerson)(mail= >>>>> [email protected]))") >>>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>>> id=CN=КРОСС,OU=OSS,OU=DIT,DC=msk,DC=rian >>>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>>> id=CN=sa_presscenter,OU=OTOPC,OU=DIT,DC=msk,DC=rian >>>>> сен 23 10:16:57 - ERROR - All entries: 46, to modify entries: 0, >>>>> modified entries: 0, errors: 5 >>>>> >>>>> >>>>> I understand: >>>>> Too many entries returned - it's duplicate in mail field >>>>> Unable to get object for id - there is no mail >>>>> >>>>> >>>>> Here is my full configuration: >>>>> <?xml version="1.0" ?> >>>>> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-1.0.xsd"; id="1" >>>>> revision="0"> >>>>> <connections id="2"> >>>>> <connection class="ldapConnection" id="3"> >>>>> <id>ldap-src-conn</id> >>>>> <url>ldap://ad0.rian.off:389/dc=msk,dc=rian</url> >>>>> >>>>> >>>>> <username>cn=SA_LDAP-Reade,ou=Test&ServiceUsers,dc=msk,dc=rian</username> >>>>> <password></password> >>>>> <authentication>SIMPLE</authentication> >>>>> <referral>IGNORE</referral> >>>>> <derefAliases>NEVER</derefAliases> >>>>> <version>VERSION_3</version> >>>>> <pageSize>-1</pageSize> >>>>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >>>>> <tlsActivated>false</tlsActivated> >>>>> </connection> >>>>> <connection class="ldapConnection" id="4"> >>>>> <id>ldap-dst-conn</id> >>>>> <url>ldap://127.0.0.1/dc=dmz,dc=rian</url> >>>>> <username>cn=Directory Manager</username> >>>>> <password></password> >>>>> <authentication>SIMPLE</authentication> >>>>> <referral>IGNORE</referral> >>>>> <derefAliases>NEVER</derefAliases> >>>>> <version>VERSION_3</version> >>>>> <pageSize>-1</pageSize> >>>>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >>>>> <tlsActivated>false</tlsActivated> >>>>> </connection> >>>>> </connections> >>>>> <audits id="5"> >>>>> <audit class="csvAudit"> >>>>> <name>csv</name> >>>>> <operations>create, delete</operations> >>>>> <datasets>cn, dn</datasets> >>>>> <separator>;</separator> >>>>> <append>true</append> >>>>> </audit> >>>>> <audit class="ldifAudit"> >>>>> <name>ldif</name> >>>>> <append>false</append> >>>>> </audit> >>>>> </audits> >>>>> <tasks id="6"> >>>>> <task id="7"> >>>>> <name>People</name> >>>>> <bean>org.lsc.beans.SimpleBean</bean> >>>>> <sourceService class="ldapSourceService" id="11"> >>>>> <name>openldap-source-service</name> >>>>> <connection reference="3" /> >>>>> <baseDn>ou=DIT,dc=msk,dc=rian</baseDn> >>>>> <pivotAttributes> >>>>> <string>mail</string> >>>>> </pivotAttributes> >>>>> <fetchedAttributes> >>>>> <string>description</string> >>>>> <string>cn</string> >>>>> <string>sn</string> >>>>> <string>userPassword</string> >>>>> <string>objectClass</string> >>>>> <string>uid</string> >>>>> <string>mail</string> >>>>> </fetchedAttributes> >>>>> <getAllFilter>(objectClass=organizationalPerson)</getAllFilter> >>>>> >>>>> >>>>> <getOneFilter>(&(objectClass=organizationalPerson)(mail={mail}))</getOneFilter> >>>>> </sourceService> >>>>> <destinationService class="ldapDestinationService" id="8"> >>>>> <name>opends-dst-service</name> >>>>> <connection reference="4" /> >>>>> <baseDn>ou=DIT,dc=dmz,dc=rian</baseDn> >>>>> <pivotAttributes id="9"> >>>>> <string>mail</string> >>>>> </pivotAttributes> >>>>> <fetchedAttributes id="10"> >>>>> <string>description</string> >>>>> <string>cn</string> >>>>> <string>sn</string> >>>>> <string>userPassword</string> >>>>> <string>objectClass</string> >>>>> <string>uid</string> >>>>> <string>mail</string> >>>>> </fetchedAttributes> >>>>> <getAllFilter>(objectClass=inetorgperson)</getAllFilter> >>>>> >>>>> >>>>> <getOneFilter>(&(objectClass=inetorgperson)(mail={mail}))</getOneFilter> >>>>> </destinationService> >>>>> <syncOptions class="propertiesBasedSyncOptions" id="12"> >>>>> <conditions id="13"></conditions> >>>>> <mainIdentifier>"mail=" + >>>>> srcBean.getAttributeFirstValueById("mail") + >>>>> ",ou=DIT,dc=msk,dc=rian"</mainIdentifier> >>>>> <defaultDelimiter>;</defaultDelimiter> >>>>> <defaultPolicy>FORCE</defaultPolicy> >>>>> </syncOptions> >>>>> </task> >>>>> </tasks> >>>>> </lsc> >>>>> >>>>> >>>>> >>>>> On Thu, Sep 22, 2011 at 6:21 PM, Sébastien Bahloul < >>>>> [email protected]> wrote: >>>>> > Oh ! I read the first error message to fast : the error is simply >>>>> that the >>>>> > first list request on the source directory has not returned any data. >>>>> > Try an external search with the following parameter on your source >>>>> directory >>>>> > : >>>>> > base: ou=DIT,dc=msk,dc=rian >>>>> > filter: (objectClass=organizationalPerson) >>>>> > requested attributes: mail >>>>> > and fix the corresponding parameter ! >>>>> > Regards >>>>> > >>>>> > -- >>>>> > Sebastien BAHLOUL >>>>> > IAM / Security specialist >>>>> > Ldap Synchronization Connector : http://lsc-project.org >>>>> > Blog : http://sbahloul.wordpress.com/ >>>>> > >>>>> >>>>> >>>>> -- >>>>> Rgrds, Pavel Morozov >>>>> >>>>> >>>> >>>> -- >>>> Sebastien BAHLOUL >>>> IAM / Security specialist >>>> Ldap Synchronization Connector : http://lsc-project.org >>>> Blog : http://sbahloul.wordpress.com/ >>>> >>>> >>> >>> >>> -- >>> Rgrds, Pavel Morozov >>> >> >> >> >> -- >> Rgrds, Pavel Morozov >> > > -- Rgrds, Pavel Morozov
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
