So, how is it doing? I have no idea what to do with this stuff below because new information has not been obtained.
On Mon, Sep 26, 2011 at 1:12 PM, Avatar <[email protected]> wrote: > Here is part of log > > Sep 26 11:50:52 - DEBUG - Queue Size before assigning the task..18 > Sep 26 11:50:52 - DEBUG - Queue Size after assigning the task: 19 > Sep 26 11:50:52 - DEBUG - Pool Size after assigning the task: 4 > Sep 26 11:50:52 - DEBUG - Task count: 23 > Sep 26 11:50:52 - DEBUG - Task count..23 > Sep 26 11:50:52 - DEBUG - Queue Size before assigning the task..19 > Sep 26 11:50:52 - DEBUG - Queue Size after assigning the task: 20 > Sep 26 11:50:52 - DEBUG - Pool Size after assigning the task: 4 > Sep 26 11:50:52 - DEBUG - Task count: 24 > Sep 26 11:50:52 - DEBUG - Task count..24 > Sep 26 11:50:52 - DEBUG - Queue Size before assigning the task..20 > Sep 26 11:50:52 - DEBUG - Queue Size after assigning the task: 21 > Sep 26 11:50:52 - DEBUG - Pool Size after assigning the task: 4 > Sep 26 11:50:52 - DEBUG - Task count: 25 > .... > Sep 26 11:50:52 - ERROR - Unable to get object for > id=CN=xxx,OU=DIT,DC=msk,DC=rian > Sep 26 11:50:52 - DEBUG - Synchronizing People for {[email protected]} > Sep 26 11:50:52 - DEBUG - Pool Size after assigning the task: 5 > Sep 26 11:50:52 - DEBUG - Task count: 39 > Sep 26 11:50:52 - DEBUG - Task count..39 > .... > Sep 26 11:50:52 - ERROR - Unable to get object for id=CN=ААААА_СТАНДАРТНЫЙ > ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian > Sep 26 11:50:52 - DEBUG - Synchronizing People for {[email protected]} > .... > Sep 26 11:50:52 - ERROR - All entries: 46, to modify entries: 0, modified > entries: 0, errors: 46 > > Nothing obvious. > > On Mon, Sep 26, 2011 at 11:34 AM, Sébastien Bahloul < > [email protected]> wrote: > >> Put DEBUG instead of INFO in logback.xml and try again >> >> Regards, >> >> -- >> Sebastien BAHLOUL >> IAM / Security specialist >> Ldap Synchronization Connector : http://lsc-project.org >> Blog : http://sbahloul.wordpress.com/ >> >> >> >> 2011/9/26 Avatar <[email protected]> >> >>> First of all it seems all object of this OU come with error. I took 2 >>> person to check their mail out and it is. And mails are different. Maybe >>> there is some debug output, is there? >>> >>> >>> On Mon, Sep 26, 2011 at 2:03 AM, Sébastien Bahloul < >>> [email protected]> wrote: >>> >>>> Can you take a look to see if any "Unable to get object for id=" is >>>> following a error like the following line ? >>>> >>>> Too many entries returned (base: "ou=DIT,dc=msk,dc=rian", filter: >>>> "(&(objectClass=organizationalPerson)([email protected]))") >>>> >>>> It this is the case, fix the last issue and you would not see any >>>> "Unable to get object..." error message. >>>> >>>> And you need to fix this error because the corresponding entry will not >>>> be synchronized otherwise. >>>> >>>> Regards, >>>> -- >>>> Sebastien BAHLOUL >>>> IAM / Security specialist >>>> Ldap Synchronization Connector : http://lsc-project.org >>>> Blog : http://sbahloul.wordpress.com/ >>>> >>>> >>>> >>>> 2011/9/24 Avatar <[email protected]> >>>> >>>>> There are a lot of records like this: >>>>> >>>>> Sep 24 08:42:41 - ERROR - Unable to get object for >>>>> id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian >>>>> >>>>> >>>>> On Sat, Sep 24, 2011 at 8:41 AM, Avatar <[email protected]> wrote: >>>>> >>>>>> Yea, but may be can I ignore it? >>>>>> >>>>>> >>>>>> On Sat, Sep 24, 2011 at 12:36 AM, Sébastien Bahloul < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi Pavel, >>>>>>> >>>>>>> The issue for this run is that the LDAP search >>>>>>> "(&(objectClass=organizationalPerson)([email protected]))" >>>>>>> in "ou=DIT,dc=msk,dc=rian" is returning 2 or more entries. The LSC >>>>>>> is not able to handle a synchronization from one to many. It requires >>>>>>> that >>>>>>> the filter you provide to find the destination object returns a unique >>>>>>> entry. So check the filter or use other attribute values to make a more >>>>>>> precise filter to obtain a one-to-one mapping. >>>>>>> >>>>>>> In your first try, the LSC was not able to found any entries from the >>>>>>> source service, that's why I suggest you check your search filter >>>>>>> through a >>>>>>> LDAP browser and you modify either the base or the filter >>>>>>> > base: ou=DIT,dc=msk,dc=rian >>>>>>> > filter: (objectClass=organizationalPerson) >>>>>>> > requested attributes: mail >>>>>>> > and fix the corresponding parameter ! >>>>>>> >>>>>>> Regards. >>>>>>> >>>>>>> Le vendredi 23 septembre 2011, Avatar a écrit : >>>>>>> >>>>>>> Strange, but it is not synchronize anything. >>>>>>>> Sorry, but I don't comprehend from your last mail what I have to >>>>>>>> change in my config. >>>>>>>> >>>>>>>> >>>>>>>> I run: >>>>>>>> /usr/src/lsc-trunk-SNAPSHOT/bin/lsc -f >>>>>>>> /usr/src/lsc-trunk-SNAPSHOT/etc -n -s all >>>>>>>> >>>>>>>> 10:16:46.270 [main] INFO o.l.c.XmlConfigurationHelper - Loading >>>>>>>> plugins ... >>>>>>>> 10:16:57.030 [main] INFO o.l.c.XmlConfigurationHelper - Plugins >>>>>>>> loaded ... >>>>>>>> 10:16:57.210 [main] INFO org.lsc.jndi.JndiServices - Connecting to >>>>>>>> LDAP server ldap://ad0.rian.off:389/dc=msk,dc=rian as >>>>>>>> cn=SA_LDAP-Reader,ou=Test&ServiceUsers,dc=msk,dc=rian >>>>>>>> 10:16:57.330 [main] INFO org.lsc.jndi.JndiServices - Connecting to >>>>>>>> LDAP server ldap://127.0.0.1/dc=dmz,dc=rian as cn=Directory Manager >>>>>>>> 10:16:57.334 [main] WARN o.l.c.o.s.PropertiesBasedSyncOptions - >>>>>>>> Your main identifier will be used as a DN ("mail=" + >>>>>>>> srcBean.getAttributeFirstValueById("mail") + ",ou=DIT,dc=msk,dc=rian") >>>>>>>> in >>>>>>>> LDAP destination service and does not end with the context dn >>>>>>>> (dc=dmz,dc=rian). This is probably an error ! For LSC 1.X users, this >>>>>>>> is >>>>>>>> part of the changelog to 2.X. >>>>>>>> сен 23 10:16:57 - WARN - Starting sync for People >>>>>>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>>>>>> id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для >>>>>>>> ДИТ_ААААА,OU=DIT,DC=msk,DC=rian >>>>>>>> сен 23 10:16:57 - ERROR - Too many entries returned (base: >>>>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>>>> [email protected]))") >>>>>>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail= >>>>>>>> [email protected]}: org.lsc.exception.LscServiceException: >>>>>>>> javax.naming.SizeLimitExceededException: Too many entries returned >>>>>>>> (base: >>>>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>>>> [email protected]))") >>>>>>>> сен 23 10:16:57 - ERROR - Too many entries returned (base: >>>>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>>>> [email protected]))") >>>>>>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail= >>>>>>>> [email protected]}: org.lsc.exception.LscServiceException: >>>>>>>> javax.naming.SizeLimitExceededException: Too many entries returned >>>>>>>> (base: >>>>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>>>> [email protected]))") >>>>>>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>>>>>> id=CN=КРОСС,OU=OSS,OU=DIT,DC=msk,DC=rian >>>>>>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>>>>>> id=CN=sa_presscenter,OU=OTOPC,OU=DIT,DC=msk,DC=rian >>>>>>>> сен 23 10:16:57 - ERROR - All entries: 46, to modify entries: 0, >>>>>>>> modified entries: 0, errors: 5 >>>>>>>> >>>>>>>> >>>>>>>> I understand: >>>>>>>> Too many entries returned - it's duplicate in mail field >>>>>>>> Unable to get object for id - there is no mail >>>>>>>> >>>>>>>> >>>>>>>> Here is my full configuration: >>>>>>>> <?xml version="1.0" ?> >>>>>>>> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-1.0.xsd"; id="1" >>>>>>>> revision="0"> >>>>>>>> <connections id="2"> >>>>>>>> <connection class="ldapConnection" id="3"> >>>>>>>> <id>ldap-src-conn</id> >>>>>>>> <url>ldap://ad0.rian.off:389/dc=msk,dc=rian</url> >>>>>>>> >>>>>>>> >>>>>>>> <username>cn=SA_LDAP-Reade,ou=Test&ServiceUsers,dc=msk,dc=rian</username> >>>>>>>> <password></password> >>>>>>>> <authentication>SIMPLE</authentication> >>>>>>>> <referral>IGNORE</referral> >>>>>>>> <derefAliases>NEVER</derefAliases> >>>>>>>> <version>VERSION_3</version> >>>>>>>> <pageSize>-1</pageSize> >>>>>>>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >>>>>>>> <tlsActivated>false</tlsActivated> >>>>>>>> </connection> >>>>>>>> <connection class="ldapConnection" id="4"> >>>>>>>> <id>ldap-dst-conn</id> >>>>>>>> <url>ldap://127.0.0.1/dc=dmz,dc=rian</url> >>>>>>>> <username>cn=Directory Manager</username> >>>>>>>> <password></password> >>>>>>>> <authentication>SIMPLE</authentication> >>>>>>>> <referral>IGNORE</referral> >>>>>>>> <derefAliases>NEVER</derefAliases> >>>>>>>> <version>VERSION_3</version> >>>>>>>> <pageSize>-1</pageSize> >>>>>>>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >>>>>>>> <tlsActivated>false</tlsActivated> >>>>>>>> </connection> >>>>>>>> </connections> >>>>>>>> <audits id="5"> >>>>>>>> <audit class="csvAudit"> >>>>>>>> <name>csv</name> >>>>>>>> <operations>create, delete</operations> >>>>>>>> <datasets>cn, dn</datasets> >>>>>>>> <separator>;</separator> >>>>>>>> <append>true</append> >>>>>>>> </audit> >>>>>>>> <audit class="ldifAudit"> >>>>>>>> <name>ldif</name> >>>>>>>> <append>false</append> >>>>>>>> </audit> >>>>>>>> </audits> >>>>>>>> <tasks id="6"> >>>>>>>> <task id="7"> >>>>>>>> <name>People</name> >>>>>>>> <bean>org.lsc.beans.SimpleBean</bean> >>>>>>>> <sourceService class="ldapSourceService" id="11"> >>>>>>>> <name>openldap-source-service</name> >>>>>>>> <connection reference="3" /> >>>>>>>> <baseDn>ou=DIT,dc=msk,dc=rian</baseDn> >>>>>>>> <pivotAttributes> >>>>>>>> <string>mail</string> >>>>>>>> </pivotAttributes> >>>>>>>> <fetchedAttributes> >>>>>>>> <string>description</string> >>>>>>>> <string>cn</string> >>>>>>>> <string>sn</string> >>>>>>>> <string>userPassword</string> >>>>>>>> <string>objectClass</string> >>>>>>>> <string>uid</string> >>>>>>>> <string>mail</string> >>>>>>>> </fetchedAttributes> >>>>>>>> >>>>>>>> <getAllFilter>(objectClass=organizationalPerson)</getAllFilter> >>>>>>>> >>>>>>>> >>>>>>>> <getOneFilter>(&(objectClass=organizationalPerson)(mail={mail}))</getOneFilter> >>>>>>>> </sourceService> >>>>>>>> <destinationService class="ldapDestinationService" id="8"> >>>>>>>> <name>opends-dst-service</name> >>>>>>>> <connection reference="4" /> >>>>>>>> <baseDn>ou=DIT,dc=dmz,dc=rian</baseDn> >>>>>>>> <pivotAttributes id="9"> >>>>>>>> <string>mail</string> >>>>>>>> </pivotAttributes> >>>>>>>> <fetchedAttributes id="10"> >>>>>>>> <string>description</string> >>>>>>>> <string>cn</string> >>>>>>>> <string>sn</string> >>>>>>>> <string>userPassword</string> >>>>>>>> <string>objectClass</string> >>>>>>>> <string>uid</string> >>>>>>>> <string>mail</string> >>>>>>>> </fetchedAttributes> >>>>>>>> <getAllFilter>(objectClass=inetorgperson)</getAllFilter> >>>>>>>> >>>>>>>> >>>>>>>> <getOneFilter>(&(objectClass=inetorgperson)(mail={mail}))</getOneFilter> >>>>>>>> </destinationService> >>>>>>>> <syncOptions class="propertiesBasedSyncOptions" id="12"> >>>>>>>> <conditions id="13"></conditions> >>>>>>>> <mainIdentifier>"mail=" + >>>>>>>> srcBean.getAttributeFirstValueById("mail") + >>>>>>>> ",ou=DIT,dc=msk,dc=rian"</mainIdentifier> >>>>>>>> <defaultDelimiter>;</defaultDelimiter> >>>>>>>> <defaultPolicy>FORCE</defaultPolicy> >>>>>>>> </syncOptions> >>>>>>>> </task> >>>>>>>> </tasks> >>>>>>>> </lsc> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Thu, Sep 22, 2011 at 6:21 PM, Sébastien Bahloul < >>>>>>>> [email protected]> wrote: >>>>>>>> > Oh ! I read the first error message to fast : the error is simply >>>>>>>> that the >>>>>>>> > first list request on the source directory has not returned any >>>>>>>> data. >>>>>>>> > Try an external search with the following parameter on your source >>>>>>>> directory >>>>>>>> > : >>>>>>>> > base: ou=DIT,dc=msk,dc=rian >>>>>>>> > filter: (objectClass=organizationalPerson) >>>>>>>> > requested attributes: mail >>>>>>>> > and fix the corresponding parameter ! >>>>>>>> > Regards >>>>>>>> > >>>>>>>> > -- >>>>>>>> > Sebastien BAHLOUL >>>>>>>> > IAM / Security specialist >>>>>>>> > Ldap Synchronization Connector : http://lsc-project.org >>>>>>>> > Blog : http://sbahloul.wordpress.com/ >>>>>>>> > >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Rgrds, Pavel Morozov >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Sebastien BAHLOUL >>>>>>> IAM / Security specialist >>>>>>> Ldap Synchronization Connector : http://lsc-project.org >>>>>>> Blog : http://sbahloul.wordpress.com/ >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Rgrds, Pavel Morozov >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Rgrds, Pavel Morozov >>>>> >>>> >>>> >>> >>> >>> -- >>> Rgrds, Pavel Morozov >>> >> >> > > > -- > Rgrds, Pavel Morozov > -- Rgrds, Pavel Morozov
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
