Yes, I wrote it in last mail. There is nothing interesting in it. I can send it for you private.
On Thu, Sep 29, 2011 at 1:52 PM, Sébastien Bahloul < [email protected]> wrote: > Have you try to give a look at the LDAP logs ? > > Regards, > > -- > Sebastien BAHLOUL > IAM / Security specialist > Ldap Synchronization Connector : http://lsc-project.org > Blog : http://sbahloul.wordpress.com/ > > > > 2011/9/29 Avatar <[email protected]> > >> So, how is it doing? >> I have no idea what to do with this stuff below because new information >> has not been obtained. >> >> >> On Mon, Sep 26, 2011 at 1:12 PM, Avatar <[email protected]> wrote: >> >>> Here is part of log >>> >>> Sep 26 11:50:52 - DEBUG - Queue Size before assigning the task..18 >>> Sep 26 11:50:52 - DEBUG - Queue Size after assigning the task: 19 >>> Sep 26 11:50:52 - DEBUG - Pool Size after assigning the task: 4 >>> Sep 26 11:50:52 - DEBUG - Task count: 23 >>> Sep 26 11:50:52 - DEBUG - Task count..23 >>> Sep 26 11:50:52 - DEBUG - Queue Size before assigning the task..19 >>> Sep 26 11:50:52 - DEBUG - Queue Size after assigning the task: 20 >>> Sep 26 11:50:52 - DEBUG - Pool Size after assigning the task: 4 >>> Sep 26 11:50:52 - DEBUG - Task count: 24 >>> Sep 26 11:50:52 - DEBUG - Task count..24 >>> Sep 26 11:50:52 - DEBUG - Queue Size before assigning the task..20 >>> Sep 26 11:50:52 - DEBUG - Queue Size after assigning the task: 21 >>> Sep 26 11:50:52 - DEBUG - Pool Size after assigning the task: 4 >>> Sep 26 11:50:52 - DEBUG - Task count: 25 >>> .... >>> Sep 26 11:50:52 - ERROR - Unable to get object for >>> id=CN=xxx,OU=DIT,DC=msk,DC=rian >>> Sep 26 11:50:52 - DEBUG - Synchronizing People for {[email protected]} >>> Sep 26 11:50:52 - DEBUG - Pool Size after assigning the task: 5 >>> Sep 26 11:50:52 - DEBUG - Task count: 39 >>> Sep 26 11:50:52 - DEBUG - Task count..39 >>> .... >>> Sep 26 11:50:52 - ERROR - Unable to get object for >>> id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian >>> Sep 26 11:50:52 - DEBUG - Synchronizing People for {[email protected]} >>> .... >>> Sep 26 11:50:52 - ERROR - All entries: 46, to modify entries: 0, modified >>> entries: 0, errors: 46 >>> >>> Nothing obvious. >>> >>> On Mon, Sep 26, 2011 at 11:34 AM, Sébastien Bahloul < >>> [email protected]> wrote: >>> >>>> Put DEBUG instead of INFO in logback.xml and try again >>>> >>>> Regards, >>>> >>>> -- >>>> Sebastien BAHLOUL >>>> IAM / Security specialist >>>> Ldap Synchronization Connector : http://lsc-project.org >>>> Blog : http://sbahloul.wordpress.com/ >>>> >>>> >>>> >>>> 2011/9/26 Avatar <[email protected]> >>>> >>>>> First of all it seems all object of this OU come with error. I took 2 >>>>> person to check their mail out and it is. And mails are different. Maybe >>>>> there is some debug output, is there? >>>>> >>>>> >>>>> On Mon, Sep 26, 2011 at 2:03 AM, Sébastien Bahloul < >>>>> [email protected]> wrote: >>>>> >>>>>> Can you take a look to see if any "Unable to get object for id=" is >>>>>> following a error like the following line ? >>>>>> >>>>>> Too many entries returned (base: "ou=DIT,dc=msk,dc=rian", filter: >>>>>> "(&(objectClass=organizationalPerson)([email protected]))") >>>>>> >>>>>> It this is the case, fix the last issue and you would not see any >>>>>> "Unable to get object..." error message. >>>>>> >>>>>> And you need to fix this error because the corresponding entry will >>>>>> not be synchronized otherwise. >>>>>> >>>>>> Regards, >>>>>> -- >>>>>> Sebastien BAHLOUL >>>>>> IAM / Security specialist >>>>>> Ldap Synchronization Connector : http://lsc-project.org >>>>>> Blog : http://sbahloul.wordpress.com/ >>>>>> >>>>>> >>>>>> >>>>>> 2011/9/24 Avatar <[email protected]> >>>>>> >>>>>>> There are a lot of records like this: >>>>>>> >>>>>>> Sep 24 08:42:41 - ERROR - Unable to get object for >>>>>>> id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian >>>>>>> >>>>>>> >>>>>>> On Sat, Sep 24, 2011 at 8:41 AM, Avatar <[email protected]> wrote: >>>>>>> >>>>>>>> Yea, but may be can I ignore it? >>>>>>>> >>>>>>>> >>>>>>>> On Sat, Sep 24, 2011 at 12:36 AM, Sébastien Bahloul < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi Pavel, >>>>>>>>> >>>>>>>>> The issue for this run is that the LDAP search >>>>>>>>> "(&(objectClass=organizationalPerson)([email protected]))" >>>>>>>>> in "ou=DIT,dc=msk,dc=rian" is returning 2 or more entries. The LSC >>>>>>>>> is not able to handle a synchronization from one to many. It requires >>>>>>>>> that >>>>>>>>> the filter you provide to find the destination object returns a unique >>>>>>>>> entry. So check the filter or use other attribute values to make a >>>>>>>>> more >>>>>>>>> precise filter to obtain a one-to-one mapping. >>>>>>>>> >>>>>>>>> In your first try, the LSC was not able to found any entries from >>>>>>>>> the source service, that's why I suggest you check your search filter >>>>>>>>> through a LDAP browser and you modify either the base or the filter >>>>>>>>> > base: ou=DIT,dc=msk,dc=rian >>>>>>>>> > filter: (objectClass=organizationalPerson) >>>>>>>>> > requested attributes: mail >>>>>>>>> > and fix the corresponding parameter ! >>>>>>>>> >>>>>>>>> Regards. >>>>>>>>> >>>>>>>>> Le vendredi 23 septembre 2011, Avatar a écrit : >>>>>>>>> >>>>>>>>> Strange, but it is not synchronize anything. >>>>>>>>>> Sorry, but I don't comprehend from your last mail what I have to >>>>>>>>>> change in my config. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> I run: >>>>>>>>>> /usr/src/lsc-trunk-SNAPSHOT/bin/lsc -f >>>>>>>>>> /usr/src/lsc-trunk-SNAPSHOT/etc -n -s all >>>>>>>>>> >>>>>>>>>> 10:16:46.270 [main] INFO o.l.c.XmlConfigurationHelper - Loading >>>>>>>>>> plugins ... >>>>>>>>>> 10:16:57.030 [main] INFO o.l.c.XmlConfigurationHelper - Plugins >>>>>>>>>> loaded ... >>>>>>>>>> 10:16:57.210 [main] INFO org.lsc.jndi.JndiServices - Connecting >>>>>>>>>> to LDAP server ldap://ad0.rian.off:389/dc=msk,dc=rian as >>>>>>>>>> cn=SA_LDAP-Reader,ou=Test&ServiceUsers,dc=msk,dc=rian >>>>>>>>>> 10:16:57.330 [main] INFO org.lsc.jndi.JndiServices - Connecting >>>>>>>>>> to LDAP server ldap://127.0.0.1/dc=dmz,dc=rian as cn=Directory >>>>>>>>>> Manager >>>>>>>>>> 10:16:57.334 [main] WARN o.l.c.o.s.PropertiesBasedSyncOptions - >>>>>>>>>> Your main identifier will be used as a DN ("mail=" + >>>>>>>>>> srcBean.getAttributeFirstValueById("mail") + >>>>>>>>>> ",ou=DIT,dc=msk,dc=rian") in >>>>>>>>>> LDAP destination service and does not end with the context dn >>>>>>>>>> (dc=dmz,dc=rian). This is probably an error ! For LSC 1.X users, >>>>>>>>>> this is >>>>>>>>>> part of the changelog to 2.X. >>>>>>>>>> сен 23 10:16:57 - WARN - Starting sync for People >>>>>>>>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>>>>>>>> id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для >>>>>>>>>> ДИТ_ААААА,OU=DIT,DC=msk,DC=rian >>>>>>>>>> сен 23 10:16:57 - ERROR - Too many entries returned (base: >>>>>>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>>>>>> [email protected]))") >>>>>>>>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail= >>>>>>>>>> [email protected]}: org.lsc.exception.LscServiceException: >>>>>>>>>> javax.naming.SizeLimitExceededException: Too many entries returned >>>>>>>>>> (base: >>>>>>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>>>>>> [email protected]))") >>>>>>>>>> сен 23 10:16:57 - ERROR - Too many entries returned (base: >>>>>>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>>>>>> [email protected]))") >>>>>>>>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail= >>>>>>>>>> [email protected]}: org.lsc.exception.LscServiceException: >>>>>>>>>> javax.naming.SizeLimitExceededException: Too many entries returned >>>>>>>>>> (base: >>>>>>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>>>>>> [email protected]))") >>>>>>>>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>>>>>>>> id=CN=КРОСС,OU=OSS,OU=DIT,DC=msk,DC=rian >>>>>>>>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>>>>>>>> id=CN=sa_presscenter,OU=OTOPC,OU=DIT,DC=msk,DC=rian >>>>>>>>>> сен 23 10:16:57 - ERROR - All entries: 46, to modify entries: 0, >>>>>>>>>> modified entries: 0, errors: 5 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> I understand: >>>>>>>>>> Too many entries returned - it's duplicate in mail field >>>>>>>>>> Unable to get object for id - there is no mail >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Here is my full configuration: >>>>>>>>>> <?xml version="1.0" ?> >>>>>>>>>> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-1.0.xsd"; id="1" >>>>>>>>>> revision="0"> >>>>>>>>>> <connections id="2"> >>>>>>>>>> <connection class="ldapConnection" id="3"> >>>>>>>>>> <id>ldap-src-conn</id> >>>>>>>>>> <url>ldap://ad0.rian.off:389/dc=msk,dc=rian</url> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> <username>cn=SA_LDAP-Reade,ou=Test&ServiceUsers,dc=msk,dc=rian</username> >>>>>>>>>> <password></password> >>>>>>>>>> <authentication>SIMPLE</authentication> >>>>>>>>>> <referral>IGNORE</referral> >>>>>>>>>> <derefAliases>NEVER</derefAliases> >>>>>>>>>> <version>VERSION_3</version> >>>>>>>>>> <pageSize>-1</pageSize> >>>>>>>>>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >>>>>>>>>> <tlsActivated>false</tlsActivated> >>>>>>>>>> </connection> >>>>>>>>>> <connection class="ldapConnection" id="4"> >>>>>>>>>> <id>ldap-dst-conn</id> >>>>>>>>>> <url>ldap://127.0.0.1/dc=dmz,dc=rian</url> >>>>>>>>>> <username>cn=Directory Manager</username> >>>>>>>>>> <password></password> >>>>>>>>>> <authentication>SIMPLE</authentication> >>>>>>>>>> <referral>IGNORE</referral> >>>>>>>>>> <derefAliases>NEVER</derefAliases> >>>>>>>>>> <version>VERSION_3</version> >>>>>>>>>> <pageSize>-1</pageSize> >>>>>>>>>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >>>>>>>>>> <tlsActivated>false</tlsActivated> >>>>>>>>>> </connection> >>>>>>>>>> </connections> >>>>>>>>>> <audits id="5"> >>>>>>>>>> <audit class="csvAudit"> >>>>>>>>>> <name>csv</name> >>>>>>>>>> <operations>create, delete</operations> >>>>>>>>>> <datasets>cn, dn</datasets> >>>>>>>>>> <separator>;</separator> >>>>>>>>>> <append>true</append> >>>>>>>>>> </audit> >>>>>>>>>> <audit class="ldifAudit"> >>>>>>>>>> <name>ldif</name> >>>>>>>>>> <append>false</append> >>>>>>>>>> </audit> >>>>>>>>>> </audits> >>>>>>>>>> <tasks id="6"> >>>>>>>>>> <task id="7"> >>>>>>>>>> <name>People</name> >>>>>>>>>> <bean>org.lsc.beans.SimpleBean</bean> >>>>>>>>>> <sourceService class="ldapSourceService" id="11"> >>>>>>>>>> <name>openldap-source-service</name> >>>>>>>>>> <connection reference="3" /> >>>>>>>>>> <baseDn>ou=DIT,dc=msk,dc=rian</baseDn> >>>>>>>>>> <pivotAttributes> >>>>>>>>>> <string>mail</string> >>>>>>>>>> </pivotAttributes> >>>>>>>>>> <fetchedAttributes> >>>>>>>>>> <string>description</string> >>>>>>>>>> <string>cn</string> >>>>>>>>>> <string>sn</string> >>>>>>>>>> <string>userPassword</string> >>>>>>>>>> <string>objectClass</string> >>>>>>>>>> <string>uid</string> >>>>>>>>>> <string>mail</string> >>>>>>>>>> </fetchedAttributes> >>>>>>>>>> >>>>>>>>>> <getAllFilter>(objectClass=organizationalPerson)</getAllFilter> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> <getOneFilter>(&(objectClass=organizationalPerson)(mail={mail}))</getOneFilter> >>>>>>>>>> </sourceService> >>>>>>>>>> <destinationService class="ldapDestinationService" id="8"> >>>>>>>>>> <name>opends-dst-service</name> >>>>>>>>>> <connection reference="4" /> >>>>>>>>>> <baseDn>ou=DIT,dc=dmz,dc=rian</baseDn> >>>>>>>>>> <pivotAttributes id="9"> >>>>>>>>>> <string>mail</string> >>>>>>>>>> </pivotAttributes> >>>>>>>>>> <fetchedAttributes id="10"> >>>>>>>>>> <string>description</string> >>>>>>>>>> <string>cn</string> >>>>>>>>>> <string>sn</string> >>>>>>>>>> <string>userPassword</string> >>>>>>>>>> <string>objectClass</string> >>>>>>>>>> <string>uid</string> >>>>>>>>>> <string>mail</string> >>>>>>>>>> </fetchedAttributes> >>>>>>>>>> <getAllFilter>(objectClass=inetorgperson)</getAllFilter> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> <getOneFilter>(&(objectClass=inetorgperson)(mail={mail}))</getOneFilter> >>>>>>>>>> </destinationService> >>>>>>>>>> <syncOptions class="propertiesBasedSyncOptions" id="12"> >>>>>>>>>> <conditions id="13"></conditions> >>>>>>>>>> <mainIdentifier>"mail=" + >>>>>>>>>> srcBean.getAttributeFirstValueById("mail") + >>>>>>>>>> ",ou=DIT,dc=msk,dc=rian"</mainIdentifier> >>>>>>>>>> <defaultDelimiter>;</defaultDelimiter> >>>>>>>>>> <defaultPolicy>FORCE</defaultPolicy> >>>>>>>>>> </syncOptions> >>>>>>>>>> </task> >>>>>>>>>> </tasks> >>>>>>>>>> </lsc> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Thu, Sep 22, 2011 at 6:21 PM, Sébastien Bahloul < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> > Oh ! I read the first error message to fast : the error is >>>>>>>>>> simply that the >>>>>>>>>> > first list request on the source directory has not returned any >>>>>>>>>> data. >>>>>>>>>> > Try an external search with the following parameter on your >>>>>>>>>> source directory >>>>>>>>>> > : >>>>>>>>>> > base: ou=DIT,dc=msk,dc=rian >>>>>>>>>> > filter: (objectClass=organizationalPerson) >>>>>>>>>> > requested attributes: mail >>>>>>>>>> > and fix the corresponding parameter ! >>>>>>>>>> > Regards >>>>>>>>>> > >>>>>>>>>> > -- >>>>>>>>>> > Sebastien BAHLOUL >>>>>>>>>> > IAM / Security specialist >>>>>>>>>> > Ldap Synchronization Connector : http://lsc-project.org >>>>>>>>>> > Blog : http://sbahloul.wordpress.com/ >>>>>>>>>> > >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Rgrds, Pavel Morozov >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Sebastien BAHLOUL >>>>>>>>> IAM / Security specialist >>>>>>>>> Ldap Synchronization Connector : http://lsc-project.org >>>>>>>>> Blog : http://sbahloul.wordpress.com/ >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Rgrds, Pavel Morozov >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Rgrds, Pavel Morozov >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Rgrds, Pavel Morozov >>>>> >>>> >>>> >>> >>> >>> -- >>> Rgrds, Pavel Morozov >>> >> >> >> >> -- >> Rgrds, Pavel Morozov >> > > -- Rgrds, Pavel Morozov
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
