Put DEBUG instead of INFO in logback.xml and try again Regards,
-- Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2011/9/26 Avatar <[email protected]> > First of all it seems all object of this OU come with error. I took 2 > person to check their mail out and it is. And mails are different. Maybe > there is some debug output, is there? > > > On Mon, Sep 26, 2011 at 2:03 AM, Sébastien Bahloul < > [email protected]> wrote: > >> Can you take a look to see if any "Unable to get object for id=" is >> following a error like the following line ? >> >> Too many entries returned (base: "ou=DIT,dc=msk,dc=rian", filter: >> "(&(objectClass=organizationalPerson)([email protected]))") >> >> It this is the case, fix the last issue and you would not see any "Unable >> to get object..." error message. >> >> And you need to fix this error because the corresponding entry will not be >> synchronized otherwise. >> >> Regards, >> -- >> Sebastien BAHLOUL >> IAM / Security specialist >> Ldap Synchronization Connector : http://lsc-project.org >> Blog : http://sbahloul.wordpress.com/ >> >> >> >> 2011/9/24 Avatar <[email protected]> >> >>> There are a lot of records like this: >>> >>> Sep 24 08:42:41 - ERROR - Unable to get object for >>> id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian >>> >>> >>> On Sat, Sep 24, 2011 at 8:41 AM, Avatar <[email protected]> wrote: >>> >>>> Yea, but may be can I ignore it? >>>> >>>> >>>> On Sat, Sep 24, 2011 at 12:36 AM, Sébastien Bahloul < >>>> [email protected]> wrote: >>>> >>>>> Hi Pavel, >>>>> >>>>> The issue for this run is that the LDAP search >>>>> "(&(objectClass=organizationalPerson)([email protected]))" in >>>>> "ou=DIT,dc=msk,dc=rian" >>>>> is returning 2 or more entries. The LSC is not able to handle a >>>>> synchronization from one to many. It requires that the filter you provide >>>>> to >>>>> find the destination object returns a unique entry. So check the filter or >>>>> use other attribute values to make a more precise filter to obtain a >>>>> one-to-one mapping. >>>>> >>>>> In your first try, the LSC was not able to found any entries from the >>>>> source service, that's why I suggest you check your search filter through >>>>> a >>>>> LDAP browser and you modify either the base or the filter >>>>> > base: ou=DIT,dc=msk,dc=rian >>>>> > filter: (objectClass=organizationalPerson) >>>>> > requested attributes: mail >>>>> > and fix the corresponding parameter ! >>>>> >>>>> Regards. >>>>> >>>>> Le vendredi 23 septembre 2011, Avatar a écrit : >>>>> >>>>> Strange, but it is not synchronize anything. >>>>>> Sorry, but I don't comprehend from your last mail what I have to >>>>>> change in my config. >>>>>> >>>>>> >>>>>> I run: >>>>>> /usr/src/lsc-trunk-SNAPSHOT/bin/lsc -f /usr/src/lsc-trunk-SNAPSHOT/etc >>>>>> -n -s all >>>>>> >>>>>> 10:16:46.270 [main] INFO o.l.c.XmlConfigurationHelper - Loading >>>>>> plugins ... >>>>>> 10:16:57.030 [main] INFO o.l.c.XmlConfigurationHelper - Plugins >>>>>> loaded ... >>>>>> 10:16:57.210 [main] INFO org.lsc.jndi.JndiServices - Connecting to >>>>>> LDAP server ldap://ad0.rian.off:389/dc=msk,dc=rian as >>>>>> cn=SA_LDAP-Reader,ou=Test&ServiceUsers,dc=msk,dc=rian >>>>>> 10:16:57.330 [main] INFO org.lsc.jndi.JndiServices - Connecting to >>>>>> LDAP server ldap://127.0.0.1/dc=dmz,dc=rian as cn=Directory Manager >>>>>> 10:16:57.334 [main] WARN o.l.c.o.s.PropertiesBasedSyncOptions - Your >>>>>> main identifier will be used as a DN ("mail=" + >>>>>> srcBean.getAttributeFirstValueById("mail") + ",ou=DIT,dc=msk,dc=rian") in >>>>>> LDAP destination service and does not end with the context dn >>>>>> (dc=dmz,dc=rian). This is probably an error ! For LSC 1.X users, this is >>>>>> part of the changelog to 2.X. >>>>>> сен 23 10:16:57 - WARN - Starting sync for People >>>>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>>>> id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian >>>>>> сен 23 10:16:57 - ERROR - Too many entries returned (base: >>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>> [email protected]))") >>>>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail= >>>>>> [email protected]}: org.lsc.exception.LscServiceException: >>>>>> javax.naming.SizeLimitExceededException: Too many entries returned (base: >>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>> [email protected]))") >>>>>> сен 23 10:16:57 - ERROR - Too many entries returned (base: >>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>> [email protected]))") >>>>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail= >>>>>> [email protected]}: org.lsc.exception.LscServiceException: >>>>>> javax.naming.SizeLimitExceededException: Too many entries returned (base: >>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>> [email protected]))") >>>>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>>>> id=CN=КРОСС,OU=OSS,OU=DIT,DC=msk,DC=rian >>>>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>>>> id=CN=sa_presscenter,OU=OTOPC,OU=DIT,DC=msk,DC=rian >>>>>> сен 23 10:16:57 - ERROR - All entries: 46, to modify entries: 0, >>>>>> modified entries: 0, errors: 5 >>>>>> >>>>>> >>>>>> I understand: >>>>>> Too many entries returned - it's duplicate in mail field >>>>>> Unable to get object for id - there is no mail >>>>>> >>>>>> >>>>>> Here is my full configuration: >>>>>> <?xml version="1.0" ?> >>>>>> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-1.0.xsd"; id="1" >>>>>> revision="0"> >>>>>> <connections id="2"> >>>>>> <connection class="ldapConnection" id="3"> >>>>>> <id>ldap-src-conn</id> >>>>>> <url>ldap://ad0.rian.off:389/dc=msk,dc=rian</url> >>>>>> >>>>>> >>>>>> <username>cn=SA_LDAP-Reade,ou=Test&ServiceUsers,dc=msk,dc=rian</username> >>>>>> <password></password> >>>>>> <authentication>SIMPLE</authentication> >>>>>> <referral>IGNORE</referral> >>>>>> <derefAliases>NEVER</derefAliases> >>>>>> <version>VERSION_3</version> >>>>>> <pageSize>-1</pageSize> >>>>>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >>>>>> <tlsActivated>false</tlsActivated> >>>>>> </connection> >>>>>> <connection class="ldapConnection" id="4"> >>>>>> <id>ldap-dst-conn</id> >>>>>> <url>ldap://127.0.0.1/dc=dmz,dc=rian</url> >>>>>> <username>cn=Directory Manager</username> >>>>>> <password></password> >>>>>> <authentication>SIMPLE</authentication> >>>>>> <referral>IGNORE</referral> >>>>>> <derefAliases>NEVER</derefAliases> >>>>>> <version>VERSION_3</version> >>>>>> <pageSize>-1</pageSize> >>>>>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >>>>>> <tlsActivated>false</tlsActivated> >>>>>> </connection> >>>>>> </connections> >>>>>> <audits id="5"> >>>>>> <audit class="csvAudit"> >>>>>> <name>csv</name> >>>>>> <operations>create, delete</operations> >>>>>> <datasets>cn, dn</datasets> >>>>>> <separator>;</separator> >>>>>> <append>true</append> >>>>>> </audit> >>>>>> <audit class="ldifAudit"> >>>>>> <name>ldif</name> >>>>>> <append>false</append> >>>>>> </audit> >>>>>> </audits> >>>>>> <tasks id="6"> >>>>>> <task id="7"> >>>>>> <name>People</name> >>>>>> <bean>org.lsc.beans.SimpleBean</bean> >>>>>> <sourceService class="ldapSourceService" id="11"> >>>>>> <name>openldap-source-service</name> >>>>>> <connection reference="3" /> >>>>>> <baseDn>ou=DIT,dc=msk,dc=rian</baseDn> >>>>>> <pivotAttributes> >>>>>> <string>mail</string> >>>>>> </pivotAttributes> >>>>>> <fetchedAttributes> >>>>>> <string>description</string> >>>>>> <string>cn</string> >>>>>> <string>sn</string> >>>>>> <string>userPassword</string> >>>>>> <string>objectClass</string> >>>>>> <string>uid</string> >>>>>> <string>mail</string> >>>>>> </fetchedAttributes> >>>>>> <getAllFilter>(objectClass=organizationalPerson)</getAllFilter> >>>>>> >>>>>> >>>>>> <getOneFilter>(&(objectClass=organizationalPerson)(mail={mail}))</getOneFilter> >>>>>> </sourceService> >>>>>> <destinationService class="ldapDestinationService" id="8"> >>>>>> <name>opends-dst-service</name> >>>>>> <connection reference="4" /> >>>>>> <baseDn>ou=DIT,dc=dmz,dc=rian</baseDn> >>>>>> <pivotAttributes id="9"> >>>>>> <string>mail</string> >>>>>> </pivotAttributes> >>>>>> <fetchedAttributes id="10"> >>>>>> <string>description</string> >>>>>> <string>cn</string> >>>>>> <string>sn</string> >>>>>> <string>userPassword</string> >>>>>> <string>objectClass</string> >>>>>> <string>uid</string> >>>>>> <string>mail</string> >>>>>> </fetchedAttributes> >>>>>> <getAllFilter>(objectClass=inetorgperson)</getAllFilter> >>>>>> >>>>>> >>>>>> <getOneFilter>(&(objectClass=inetorgperson)(mail={mail}))</getOneFilter> >>>>>> </destinationService> >>>>>> <syncOptions class="propertiesBasedSyncOptions" id="12"> >>>>>> <conditions id="13"></conditions> >>>>>> <mainIdentifier>"mail=" + >>>>>> srcBean.getAttributeFirstValueById("mail") + >>>>>> ",ou=DIT,dc=msk,dc=rian"</mainIdentifier> >>>>>> <defaultDelimiter>;</defaultDelimiter> >>>>>> <defaultPolicy>FORCE</defaultPolicy> >>>>>> </syncOptions> >>>>>> </task> >>>>>> </tasks> >>>>>> </lsc> >>>>>> >>>>>> >>>>>> >>>>>> On Thu, Sep 22, 2011 at 6:21 PM, Sébastien Bahloul < >>>>>> [email protected]> wrote: >>>>>> > Oh ! I read the first error message to fast : the error is simply >>>>>> that the >>>>>> > first list request on the source directory has not returned any >>>>>> data. >>>>>> > Try an external search with the following parameter on your source >>>>>> directory >>>>>> > : >>>>>> > base: ou=DIT,dc=msk,dc=rian >>>>>> > filter: (objectClass=organizationalPerson) >>>>>> > requested attributes: mail >>>>>> > and fix the corresponding parameter ! >>>>>> > Regards >>>>>> > >>>>>> > -- >>>>>> > Sebastien BAHLOUL >>>>>> > IAM / Security specialist >>>>>> > Ldap Synchronization Connector : http://lsc-project.org >>>>>> > Blog : http://sbahloul.wordpress.com/ >>>>>> > >>>>>> >>>>>> >>>>>> -- >>>>>> Rgrds, Pavel Morozov >>>>>> >>>>>> >>>>> >>>>> -- >>>>> Sebastien BAHLOUL >>>>> IAM / Security specialist >>>>> Ldap Synchronization Connector : http://lsc-project.org >>>>> Blog : http://sbahloul.wordpress.com/ >>>>> >>>>> >>>> >>>> >>>> -- >>>> Rgrds, Pavel Morozov >>>> >>> >>> >>> >>> -- >>> Rgrds, Pavel Morozov >>> >> >> > > > -- > Rgrds, Pavel Morozov >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
