Have you try to give a look at the LDAP logs ? Regards,
-- Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2011/9/29 Avatar <[email protected]> > So, how is it doing? > I have no idea what to do with this stuff below because new information has > not been obtained. > > > On Mon, Sep 26, 2011 at 1:12 PM, Avatar <[email protected]> wrote: > >> Here is part of log >> >> Sep 26 11:50:52 - DEBUG - Queue Size before assigning the task..18 >> Sep 26 11:50:52 - DEBUG - Queue Size after assigning the task: 19 >> Sep 26 11:50:52 - DEBUG - Pool Size after assigning the task: 4 >> Sep 26 11:50:52 - DEBUG - Task count: 23 >> Sep 26 11:50:52 - DEBUG - Task count..23 >> Sep 26 11:50:52 - DEBUG - Queue Size before assigning the task..19 >> Sep 26 11:50:52 - DEBUG - Queue Size after assigning the task: 20 >> Sep 26 11:50:52 - DEBUG - Pool Size after assigning the task: 4 >> Sep 26 11:50:52 - DEBUG - Task count: 24 >> Sep 26 11:50:52 - DEBUG - Task count..24 >> Sep 26 11:50:52 - DEBUG - Queue Size before assigning the task..20 >> Sep 26 11:50:52 - DEBUG - Queue Size after assigning the task: 21 >> Sep 26 11:50:52 - DEBUG - Pool Size after assigning the task: 4 >> Sep 26 11:50:52 - DEBUG - Task count: 25 >> .... >> Sep 26 11:50:52 - ERROR - Unable to get object for >> id=CN=xxx,OU=DIT,DC=msk,DC=rian >> Sep 26 11:50:52 - DEBUG - Synchronizing People for {[email protected]} >> Sep 26 11:50:52 - DEBUG - Pool Size after assigning the task: 5 >> Sep 26 11:50:52 - DEBUG - Task count: 39 >> Sep 26 11:50:52 - DEBUG - Task count..39 >> .... >> Sep 26 11:50:52 - ERROR - Unable to get object for id=CN=ААААА_СТАНДАРТНЫЙ >> ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian >> Sep 26 11:50:52 - DEBUG - Synchronizing People for {[email protected]} >> .... >> Sep 26 11:50:52 - ERROR - All entries: 46, to modify entries: 0, modified >> entries: 0, errors: 46 >> >> Nothing obvious. >> >> On Mon, Sep 26, 2011 at 11:34 AM, Sébastien Bahloul < >> [email protected]> wrote: >> >>> Put DEBUG instead of INFO in logback.xml and try again >>> >>> Regards, >>> >>> -- >>> Sebastien BAHLOUL >>> IAM / Security specialist >>> Ldap Synchronization Connector : http://lsc-project.org >>> Blog : http://sbahloul.wordpress.com/ >>> >>> >>> >>> 2011/9/26 Avatar <[email protected]> >>> >>>> First of all it seems all object of this OU come with error. I took 2 >>>> person to check their mail out and it is. And mails are different. Maybe >>>> there is some debug output, is there? >>>> >>>> >>>> On Mon, Sep 26, 2011 at 2:03 AM, Sébastien Bahloul < >>>> [email protected]> wrote: >>>> >>>>> Can you take a look to see if any "Unable to get object for id=" is >>>>> following a error like the following line ? >>>>> >>>>> Too many entries returned (base: "ou=DIT,dc=msk,dc=rian", filter: >>>>> "(&(objectClass=organizationalPerson)([email protected]))") >>>>> >>>>> It this is the case, fix the last issue and you would not see any >>>>> "Unable to get object..." error message. >>>>> >>>>> And you need to fix this error because the corresponding entry will not >>>>> be synchronized otherwise. >>>>> >>>>> Regards, >>>>> -- >>>>> Sebastien BAHLOUL >>>>> IAM / Security specialist >>>>> Ldap Synchronization Connector : http://lsc-project.org >>>>> Blog : http://sbahloul.wordpress.com/ >>>>> >>>>> >>>>> >>>>> 2011/9/24 Avatar <[email protected]> >>>>> >>>>>> There are a lot of records like this: >>>>>> >>>>>> Sep 24 08:42:41 - ERROR - Unable to get object for >>>>>> id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian >>>>>> >>>>>> >>>>>> On Sat, Sep 24, 2011 at 8:41 AM, Avatar <[email protected]> wrote: >>>>>> >>>>>>> Yea, but may be can I ignore it? >>>>>>> >>>>>>> >>>>>>> On Sat, Sep 24, 2011 at 12:36 AM, Sébastien Bahloul < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi Pavel, >>>>>>>> >>>>>>>> The issue for this run is that the LDAP search >>>>>>>> "(&(objectClass=organizationalPerson)([email protected]))" >>>>>>>> in "ou=DIT,dc=msk,dc=rian" is returning 2 or more entries. The LSC >>>>>>>> is not able to handle a synchronization from one to many. It requires >>>>>>>> that >>>>>>>> the filter you provide to find the destination object returns a unique >>>>>>>> entry. So check the filter or use other attribute values to make a more >>>>>>>> precise filter to obtain a one-to-one mapping. >>>>>>>> >>>>>>>> In your first try, the LSC was not able to found any entries from >>>>>>>> the source service, that's why I suggest you check your search filter >>>>>>>> through a LDAP browser and you modify either the base or the filter >>>>>>>> > base: ou=DIT,dc=msk,dc=rian >>>>>>>> > filter: (objectClass=organizationalPerson) >>>>>>>> > requested attributes: mail >>>>>>>> > and fix the corresponding parameter ! >>>>>>>> >>>>>>>> Regards. >>>>>>>> >>>>>>>> Le vendredi 23 septembre 2011, Avatar a écrit : >>>>>>>> >>>>>>>> Strange, but it is not synchronize anything. >>>>>>>>> Sorry, but I don't comprehend from your last mail what I have to >>>>>>>>> change in my config. >>>>>>>>> >>>>>>>>> >>>>>>>>> I run: >>>>>>>>> /usr/src/lsc-trunk-SNAPSHOT/bin/lsc -f >>>>>>>>> /usr/src/lsc-trunk-SNAPSHOT/etc -n -s all >>>>>>>>> >>>>>>>>> 10:16:46.270 [main] INFO o.l.c.XmlConfigurationHelper - Loading >>>>>>>>> plugins ... >>>>>>>>> 10:16:57.030 [main] INFO o.l.c.XmlConfigurationHelper - Plugins >>>>>>>>> loaded ... >>>>>>>>> 10:16:57.210 [main] INFO org.lsc.jndi.JndiServices - Connecting to >>>>>>>>> LDAP server ldap://ad0.rian.off:389/dc=msk,dc=rian as >>>>>>>>> cn=SA_LDAP-Reader,ou=Test&ServiceUsers,dc=msk,dc=rian >>>>>>>>> 10:16:57.330 [main] INFO org.lsc.jndi.JndiServices - Connecting to >>>>>>>>> LDAP server ldap://127.0.0.1/dc=dmz,dc=rian as cn=Directory >>>>>>>>> Manager >>>>>>>>> 10:16:57.334 [main] WARN o.l.c.o.s.PropertiesBasedSyncOptions - >>>>>>>>> Your main identifier will be used as a DN ("mail=" + >>>>>>>>> srcBean.getAttributeFirstValueById("mail") + >>>>>>>>> ",ou=DIT,dc=msk,dc=rian") in >>>>>>>>> LDAP destination service and does not end with the context dn >>>>>>>>> (dc=dmz,dc=rian). This is probably an error ! For LSC 1.X users, this >>>>>>>>> is >>>>>>>>> part of the changelog to 2.X. >>>>>>>>> сен 23 10:16:57 - WARN - Starting sync for People >>>>>>>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>>>>>>> id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для >>>>>>>>> ДИТ_ААААА,OU=DIT,DC=msk,DC=rian >>>>>>>>> сен 23 10:16:57 - ERROR - Too many entries returned (base: >>>>>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>>>>> [email protected]))") >>>>>>>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail= >>>>>>>>> [email protected]}: org.lsc.exception.LscServiceException: >>>>>>>>> javax.naming.SizeLimitExceededException: Too many entries returned >>>>>>>>> (base: >>>>>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>>>>> [email protected]))") >>>>>>>>> сен 23 10:16:57 - ERROR - Too many entries returned (base: >>>>>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>>>>> [email protected]))") >>>>>>>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail= >>>>>>>>> [email protected]}: org.lsc.exception.LscServiceException: >>>>>>>>> javax.naming.SizeLimitExceededException: Too many entries returned >>>>>>>>> (base: >>>>>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>>>>> [email protected]))") >>>>>>>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>>>>>>> id=CN=КРОСС,OU=OSS,OU=DIT,DC=msk,DC=rian >>>>>>>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>>>>>>> id=CN=sa_presscenter,OU=OTOPC,OU=DIT,DC=msk,DC=rian >>>>>>>>> сен 23 10:16:57 - ERROR - All entries: 46, to modify entries: 0, >>>>>>>>> modified entries: 0, errors: 5 >>>>>>>>> >>>>>>>>> >>>>>>>>> I understand: >>>>>>>>> Too many entries returned - it's duplicate in mail field >>>>>>>>> Unable to get object for id - there is no mail >>>>>>>>> >>>>>>>>> >>>>>>>>> Here is my full configuration: >>>>>>>>> <?xml version="1.0" ?> >>>>>>>>> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-1.0.xsd"; id="1" >>>>>>>>> revision="0"> >>>>>>>>> <connections id="2"> >>>>>>>>> <connection class="ldapConnection" id="3"> >>>>>>>>> <id>ldap-src-conn</id> >>>>>>>>> <url>ldap://ad0.rian.off:389/dc=msk,dc=rian</url> >>>>>>>>> >>>>>>>>> >>>>>>>>> <username>cn=SA_LDAP-Reade,ou=Test&ServiceUsers,dc=msk,dc=rian</username> >>>>>>>>> <password></password> >>>>>>>>> <authentication>SIMPLE</authentication> >>>>>>>>> <referral>IGNORE</referral> >>>>>>>>> <derefAliases>NEVER</derefAliases> >>>>>>>>> <version>VERSION_3</version> >>>>>>>>> <pageSize>-1</pageSize> >>>>>>>>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >>>>>>>>> <tlsActivated>false</tlsActivated> >>>>>>>>> </connection> >>>>>>>>> <connection class="ldapConnection" id="4"> >>>>>>>>> <id>ldap-dst-conn</id> >>>>>>>>> <url>ldap://127.0.0.1/dc=dmz,dc=rian</url> >>>>>>>>> <username>cn=Directory Manager</username> >>>>>>>>> <password></password> >>>>>>>>> <authentication>SIMPLE</authentication> >>>>>>>>> <referral>IGNORE</referral> >>>>>>>>> <derefAliases>NEVER</derefAliases> >>>>>>>>> <version>VERSION_3</version> >>>>>>>>> <pageSize>-1</pageSize> >>>>>>>>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >>>>>>>>> <tlsActivated>false</tlsActivated> >>>>>>>>> </connection> >>>>>>>>> </connections> >>>>>>>>> <audits id="5"> >>>>>>>>> <audit class="csvAudit"> >>>>>>>>> <name>csv</name> >>>>>>>>> <operations>create, delete</operations> >>>>>>>>> <datasets>cn, dn</datasets> >>>>>>>>> <separator>;</separator> >>>>>>>>> <append>true</append> >>>>>>>>> </audit> >>>>>>>>> <audit class="ldifAudit"> >>>>>>>>> <name>ldif</name> >>>>>>>>> <append>false</append> >>>>>>>>> </audit> >>>>>>>>> </audits> >>>>>>>>> <tasks id="6"> >>>>>>>>> <task id="7"> >>>>>>>>> <name>People</name> >>>>>>>>> <bean>org.lsc.beans.SimpleBean</bean> >>>>>>>>> <sourceService class="ldapSourceService" id="11"> >>>>>>>>> <name>openldap-source-service</name> >>>>>>>>> <connection reference="3" /> >>>>>>>>> <baseDn>ou=DIT,dc=msk,dc=rian</baseDn> >>>>>>>>> <pivotAttributes> >>>>>>>>> <string>mail</string> >>>>>>>>> </pivotAttributes> >>>>>>>>> <fetchedAttributes> >>>>>>>>> <string>description</string> >>>>>>>>> <string>cn</string> >>>>>>>>> <string>sn</string> >>>>>>>>> <string>userPassword</string> >>>>>>>>> <string>objectClass</string> >>>>>>>>> <string>uid</string> >>>>>>>>> <string>mail</string> >>>>>>>>> </fetchedAttributes> >>>>>>>>> >>>>>>>>> <getAllFilter>(objectClass=organizationalPerson)</getAllFilter> >>>>>>>>> >>>>>>>>> >>>>>>>>> <getOneFilter>(&(objectClass=organizationalPerson)(mail={mail}))</getOneFilter> >>>>>>>>> </sourceService> >>>>>>>>> <destinationService class="ldapDestinationService" id="8"> >>>>>>>>> <name>opends-dst-service</name> >>>>>>>>> <connection reference="4" /> >>>>>>>>> <baseDn>ou=DIT,dc=dmz,dc=rian</baseDn> >>>>>>>>> <pivotAttributes id="9"> >>>>>>>>> <string>mail</string> >>>>>>>>> </pivotAttributes> >>>>>>>>> <fetchedAttributes id="10"> >>>>>>>>> <string>description</string> >>>>>>>>> <string>cn</string> >>>>>>>>> <string>sn</string> >>>>>>>>> <string>userPassword</string> >>>>>>>>> <string>objectClass</string> >>>>>>>>> <string>uid</string> >>>>>>>>> <string>mail</string> >>>>>>>>> </fetchedAttributes> >>>>>>>>> <getAllFilter>(objectClass=inetorgperson)</getAllFilter> >>>>>>>>> >>>>>>>>> >>>>>>>>> <getOneFilter>(&(objectClass=inetorgperson)(mail={mail}))</getOneFilter> >>>>>>>>> </destinationService> >>>>>>>>> <syncOptions class="propertiesBasedSyncOptions" id="12"> >>>>>>>>> <conditions id="13"></conditions> >>>>>>>>> <mainIdentifier>"mail=" + >>>>>>>>> srcBean.getAttributeFirstValueById("mail") + >>>>>>>>> ",ou=DIT,dc=msk,dc=rian"</mainIdentifier> >>>>>>>>> <defaultDelimiter>;</defaultDelimiter> >>>>>>>>> <defaultPolicy>FORCE</defaultPolicy> >>>>>>>>> </syncOptions> >>>>>>>>> </task> >>>>>>>>> </tasks> >>>>>>>>> </lsc> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Thu, Sep 22, 2011 at 6:21 PM, Sébastien Bahloul < >>>>>>>>> [email protected]> wrote: >>>>>>>>> > Oh ! I read the first error message to fast : the error is simply >>>>>>>>> that the >>>>>>>>> > first list request on the source directory has not returned any >>>>>>>>> data. >>>>>>>>> > Try an external search with the following parameter on your >>>>>>>>> source directory >>>>>>>>> > : >>>>>>>>> > base: ou=DIT,dc=msk,dc=rian >>>>>>>>> > filter: (objectClass=organizationalPerson) >>>>>>>>> > requested attributes: mail >>>>>>>>> > and fix the corresponding parameter ! >>>>>>>>> > Regards >>>>>>>>> > >>>>>>>>> > -- >>>>>>>>> > Sebastien BAHLOUL >>>>>>>>> > IAM / Security specialist >>>>>>>>> > Ldap Synchronization Connector : http://lsc-project.org >>>>>>>>> > Blog : http://sbahloul.wordpress.com/ >>>>>>>>> > >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Rgrds, Pavel Morozov >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Sebastien BAHLOUL >>>>>>>> IAM / Security specialist >>>>>>>> Ldap Synchronization Connector : http://lsc-project.org >>>>>>>> Blog : http://sbahloul.wordpress.com/ >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Rgrds, Pavel Morozov >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Rgrds, Pavel Morozov >>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Rgrds, Pavel Morozov >>>> >>> >>> >> >> >> -- >> Rgrds, Pavel Morozov >> > > > > -- > Rgrds, Pavel Morozov >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
