To debug such configuration you need to provide both lsc.log in DEBUG mode and slapd.log (at least loglevel 256) at the same time
Regards, -- Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2011/9/29 Avatar <[email protected]> > Yes, I wrote it in last mail. There is nothing interesting in it. I can > send it for you private. > > > On Thu, Sep 29, 2011 at 1:52 PM, Sébastien Bahloul < > [email protected]> wrote: > >> Have you try to give a look at the LDAP logs ? >> >> Regards, >> >> -- >> Sebastien BAHLOUL >> IAM / Security specialist >> Ldap Synchronization Connector : http://lsc-project.org >> Blog : http://sbahloul.wordpress.com/ >> >> >> >> 2011/9/29 Avatar <[email protected]> >> >>> So, how is it doing? >>> I have no idea what to do with this stuff below because new information >>> has not been obtained. >>> >>> >>> On Mon, Sep 26, 2011 at 1:12 PM, Avatar <[email protected]> wrote: >>> >>>> Here is part of log >>>> >>>> Sep 26 11:50:52 - DEBUG - Queue Size before assigning the task..18 >>>> Sep 26 11:50:52 - DEBUG - Queue Size after assigning the task: 19 >>>> Sep 26 11:50:52 - DEBUG - Pool Size after assigning the task: 4 >>>> Sep 26 11:50:52 - DEBUG - Task count: 23 >>>> Sep 26 11:50:52 - DEBUG - Task count..23 >>>> Sep 26 11:50:52 - DEBUG - Queue Size before assigning the task..19 >>>> Sep 26 11:50:52 - DEBUG - Queue Size after assigning the task: 20 >>>> Sep 26 11:50:52 - DEBUG - Pool Size after assigning the task: 4 >>>> Sep 26 11:50:52 - DEBUG - Task count: 24 >>>> Sep 26 11:50:52 - DEBUG - Task count..24 >>>> Sep 26 11:50:52 - DEBUG - Queue Size before assigning the task..20 >>>> Sep 26 11:50:52 - DEBUG - Queue Size after assigning the task: 21 >>>> Sep 26 11:50:52 - DEBUG - Pool Size after assigning the task: 4 >>>> Sep 26 11:50:52 - DEBUG - Task count: 25 >>>> .... >>>> Sep 26 11:50:52 - ERROR - Unable to get object for >>>> id=CN=xxx,OU=DIT,DC=msk,DC=rian >>>> Sep 26 11:50:52 - DEBUG - Synchronizing People for {[email protected]} >>>> Sep 26 11:50:52 - DEBUG - Pool Size after assigning the task: 5 >>>> Sep 26 11:50:52 - DEBUG - Task count: 39 >>>> Sep 26 11:50:52 - DEBUG - Task count..39 >>>> .... >>>> Sep 26 11:50:52 - ERROR - Unable to get object for >>>> id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian >>>> Sep 26 11:50:52 - DEBUG - Synchronizing People for {[email protected]} >>>> .... >>>> Sep 26 11:50:52 - ERROR - All entries: 46, to modify entries: 0, >>>> modified entries: 0, errors: 46 >>>> >>>> Nothing obvious. >>>> >>>> On Mon, Sep 26, 2011 at 11:34 AM, Sébastien Bahloul < >>>> [email protected]> wrote: >>>> >>>>> Put DEBUG instead of INFO in logback.xml and try again >>>>> >>>>> Regards, >>>>> >>>>> -- >>>>> Sebastien BAHLOUL >>>>> IAM / Security specialist >>>>> Ldap Synchronization Connector : http://lsc-project.org >>>>> Blog : http://sbahloul.wordpress.com/ >>>>> >>>>> >>>>> >>>>> 2011/9/26 Avatar <[email protected]> >>>>> >>>>>> First of all it seems all object of this OU come with error. I took 2 >>>>>> person to check their mail out and it is. And mails are different. Maybe >>>>>> there is some debug output, is there? >>>>>> >>>>>> >>>>>> On Mon, Sep 26, 2011 at 2:03 AM, Sébastien Bahloul < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Can you take a look to see if any "Unable to get object for id=" is >>>>>>> following a error like the following line ? >>>>>>> >>>>>>> Too many entries returned (base: "ou=DIT,dc=msk,dc=rian", filter: >>>>>>> "(&(objectClass=organizationalPerson)([email protected]))") >>>>>>> >>>>>>> It this is the case, fix the last issue and you would not see any >>>>>>> "Unable to get object..." error message. >>>>>>> >>>>>>> And you need to fix this error because the corresponding entry will >>>>>>> not be synchronized otherwise. >>>>>>> >>>>>>> Regards, >>>>>>> -- >>>>>>> Sebastien BAHLOUL >>>>>>> IAM / Security specialist >>>>>>> Ldap Synchronization Connector : http://lsc-project.org >>>>>>> Blog : http://sbahloul.wordpress.com/ >>>>>>> >>>>>>> >>>>>>> >>>>>>> 2011/9/24 Avatar <[email protected]> >>>>>>> >>>>>>>> There are a lot of records like this: >>>>>>>> >>>>>>>> Sep 24 08:42:41 - ERROR - Unable to get object for >>>>>>>> id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для >>>>>>>> ДИТ_ААААА,OU=DIT,DC=msk,DC=rian >>>>>>>> >>>>>>>> >>>>>>>> On Sat, Sep 24, 2011 at 8:41 AM, Avatar <[email protected]>wrote: >>>>>>>> >>>>>>>>> Yea, but may be can I ignore it? >>>>>>>>> >>>>>>>>> >>>>>>>>> On Sat, Sep 24, 2011 at 12:36 AM, Sébastien Bahloul < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hi Pavel, >>>>>>>>>> >>>>>>>>>> The issue for this run is that the LDAP search >>>>>>>>>> "(&(objectClass=organizationalPerson)([email protected]))" >>>>>>>>>> in "ou=DIT,dc=msk,dc=rian" is returning 2 or more entries. The >>>>>>>>>> LSC is not able to handle a synchronization from one to many. It >>>>>>>>>> requires >>>>>>>>>> that the filter you provide to find the destination object returns a >>>>>>>>>> unique >>>>>>>>>> entry. So check the filter or use other attribute values to make a >>>>>>>>>> more >>>>>>>>>> precise filter to obtain a one-to-one mapping. >>>>>>>>>> >>>>>>>>>> In your first try, the LSC was not able to found any entries from >>>>>>>>>> the source service, that's why I suggest you check your search filter >>>>>>>>>> through a LDAP browser and you modify either the base or the filter >>>>>>>>>> > base: ou=DIT,dc=msk,dc=rian >>>>>>>>>> > filter: (objectClass=organizationalPerson) >>>>>>>>>> > requested attributes: mail >>>>>>>>>> > and fix the corresponding parameter ! >>>>>>>>>> >>>>>>>>>> Regards. >>>>>>>>>> >>>>>>>>>> Le vendredi 23 septembre 2011, Avatar a écrit : >>>>>>>>>> >>>>>>>>>> Strange, but it is not synchronize anything. >>>>>>>>>>> Sorry, but I don't comprehend from your last mail what I have to >>>>>>>>>>> change in my config. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I run: >>>>>>>>>>> /usr/src/lsc-trunk-SNAPSHOT/bin/lsc -f >>>>>>>>>>> /usr/src/lsc-trunk-SNAPSHOT/etc -n -s all >>>>>>>>>>> >>>>>>>>>>> 10:16:46.270 [main] INFO o.l.c.XmlConfigurationHelper - Loading >>>>>>>>>>> plugins ... >>>>>>>>>>> 10:16:57.030 [main] INFO o.l.c.XmlConfigurationHelper - Plugins >>>>>>>>>>> loaded ... >>>>>>>>>>> 10:16:57.210 [main] INFO org.lsc.jndi.JndiServices - Connecting >>>>>>>>>>> to LDAP server ldap://ad0.rian.off:389/dc=msk,dc=rian as >>>>>>>>>>> cn=SA_LDAP-Reader,ou=Test&ServiceUsers,dc=msk,dc=rian >>>>>>>>>>> 10:16:57.330 [main] INFO org.lsc.jndi.JndiServices - Connecting >>>>>>>>>>> to LDAP server ldap://127.0.0.1/dc=dmz,dc=rian as cn=Directory >>>>>>>>>>> Manager >>>>>>>>>>> 10:16:57.334 [main] WARN o.l.c.o.s.PropertiesBasedSyncOptions - >>>>>>>>>>> Your main identifier will be used as a DN ("mail=" + >>>>>>>>>>> srcBean.getAttributeFirstValueById("mail") + >>>>>>>>>>> ",ou=DIT,dc=msk,dc=rian") in >>>>>>>>>>> LDAP destination service and does not end with the context dn >>>>>>>>>>> (dc=dmz,dc=rian). This is probably an error ! For LSC 1.X users, >>>>>>>>>>> this is >>>>>>>>>>> part of the changelog to 2.X. >>>>>>>>>>> сен 23 10:16:57 - WARN - Starting sync for People >>>>>>>>>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>>>>>>>>> id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для >>>>>>>>>>> ДИТ_ААААА,OU=DIT,DC=msk,DC=rian >>>>>>>>>>> сен 23 10:16:57 - ERROR - Too many entries returned (base: >>>>>>>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>>>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>>>>>>> [email protected]))") >>>>>>>>>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail= >>>>>>>>>>> [email protected]}: org.lsc.exception.LscServiceException: >>>>>>>>>>> javax.naming.SizeLimitExceededException: Too many entries returned >>>>>>>>>>> (base: >>>>>>>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>>>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>>>>>>> [email protected]))") >>>>>>>>>>> сен 23 10:16:57 - ERROR - Too many entries returned (base: >>>>>>>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>>>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>>>>>>> [email protected]))") >>>>>>>>>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail= >>>>>>>>>>> [email protected]}: org.lsc.exception.LscServiceException: >>>>>>>>>>> javax.naming.SizeLimitExceededException: Too many entries returned >>>>>>>>>>> (base: >>>>>>>>>>> "ou=DIT,dc=msk,dc=rian", filter: >>>>>>>>>>> "(&(objectClass=organizationalPerson)(mail= >>>>>>>>>>> [email protected]))") >>>>>>>>>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>>>>>>>>> id=CN=КРОСС,OU=OSS,OU=DIT,DC=msk,DC=rian >>>>>>>>>>> сен 23 10:16:57 - ERROR - Unable to get object for >>>>>>>>>>> id=CN=sa_presscenter,OU=OTOPC,OU=DIT,DC=msk,DC=rian >>>>>>>>>>> сен 23 10:16:57 - ERROR - All entries: 46, to modify entries: 0, >>>>>>>>>>> modified entries: 0, errors: 5 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I understand: >>>>>>>>>>> Too many entries returned - it's duplicate in mail field >>>>>>>>>>> Unable to get object for id - there is no mail >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Here is my full configuration: >>>>>>>>>>> <?xml version="1.0" ?> >>>>>>>>>>> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-1.0.xsd"; id="1" >>>>>>>>>>> revision="0"> >>>>>>>>>>> <connections id="2"> >>>>>>>>>>> <connection class="ldapConnection" id="3"> >>>>>>>>>>> <id>ldap-src-conn</id> >>>>>>>>>>> <url>ldap://ad0.rian.off:389/dc=msk,dc=rian</url> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> <username>cn=SA_LDAP-Reade,ou=Test&ServiceUsers,dc=msk,dc=rian</username> >>>>>>>>>>> <password></password> >>>>>>>>>>> <authentication>SIMPLE</authentication> >>>>>>>>>>> <referral>IGNORE</referral> >>>>>>>>>>> <derefAliases>NEVER</derefAliases> >>>>>>>>>>> <version>VERSION_3</version> >>>>>>>>>>> <pageSize>-1</pageSize> >>>>>>>>>>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >>>>>>>>>>> <tlsActivated>false</tlsActivated> >>>>>>>>>>> </connection> >>>>>>>>>>> <connection class="ldapConnection" id="4"> >>>>>>>>>>> <id>ldap-dst-conn</id> >>>>>>>>>>> <url>ldap://127.0.0.1/dc=dmz,dc=rian</url> >>>>>>>>>>> <username>cn=Directory Manager</username> >>>>>>>>>>> <password></password> >>>>>>>>>>> <authentication>SIMPLE</authentication> >>>>>>>>>>> <referral>IGNORE</referral> >>>>>>>>>>> <derefAliases>NEVER</derefAliases> >>>>>>>>>>> <version>VERSION_3</version> >>>>>>>>>>> <pageSize>-1</pageSize> >>>>>>>>>>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >>>>>>>>>>> <tlsActivated>false</tlsActivated> >>>>>>>>>>> </connection> >>>>>>>>>>> </connections> >>>>>>>>>>> <audits id="5"> >>>>>>>>>>> <audit class="csvAudit"> >>>>>>>>>>> <name>csv</name> >>>>>>>>>>> <operations>create, delete</operations> >>>>>>>>>>> <datasets>cn, dn</datasets> >>>>>>>>>>> <separator>;</separator> >>>>>>>>>>> <append>true</append> >>>>>>>>>>> </audit> >>>>>>>>>>> <audit class="ldifAudit"> >>>>>>>>>>> <name>ldif</name> >>>>>>>>>>> <append>false</append> >>>>>>>>>>> </audit> >>>>>>>>>>> </audits> >>>>>>>>>>> <tasks id="6"> >>>>>>>>>>> <task id="7"> >>>>>>>>>>> <name>People</name> >>>>>>>>>>> <bean>org.lsc.beans.SimpleBean</bean> >>>>>>>>>>> <sourceService class="ldapSourceService" id="11"> >>>>>>>>>>> <name>openldap-source-service</name> >>>>>>>>>>> <connection reference="3" /> >>>>>>>>>>> <baseDn>ou=DIT,dc=msk,dc=rian</baseDn> >>>>>>>>>>> <pivotAttributes> >>>>>>>>>>> <string>mail</string> >>>>>>>>>>> </pivotAttributes> >>>>>>>>>>> <fetchedAttributes> >>>>>>>>>>> <string>description</string> >>>>>>>>>>> <string>cn</string> >>>>>>>>>>> <string>sn</string> >>>>>>>>>>> <string>userPassword</string> >>>>>>>>>>> <string>objectClass</string> >>>>>>>>>>> <string>uid</string> >>>>>>>>>>> <string>mail</string> >>>>>>>>>>> </fetchedAttributes> >>>>>>>>>>> >>>>>>>>>>> <getAllFilter>(objectClass=organizationalPerson)</getAllFilter> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> <getOneFilter>(&(objectClass=organizationalPerson)(mail={mail}))</getOneFilter> >>>>>>>>>>> </sourceService> >>>>>>>>>>> <destinationService class="ldapDestinationService" id="8"> >>>>>>>>>>> <name>opends-dst-service</name> >>>>>>>>>>> <connection reference="4" /> >>>>>>>>>>> <baseDn>ou=DIT,dc=dmz,dc=rian</baseDn> >>>>>>>>>>> <pivotAttributes id="9"> >>>>>>>>>>> <string>mail</string> >>>>>>>>>>> </pivotAttributes> >>>>>>>>>>> <fetchedAttributes id="10"> >>>>>>>>>>> <string>description</string> >>>>>>>>>>> <string>cn</string> >>>>>>>>>>> <string>sn</string> >>>>>>>>>>> <string>userPassword</string> >>>>>>>>>>> <string>objectClass</string> >>>>>>>>>>> <string>uid</string> >>>>>>>>>>> <string>mail</string> >>>>>>>>>>> </fetchedAttributes> >>>>>>>>>>> <getAllFilter>(objectClass=inetorgperson)</getAllFilter> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> <getOneFilter>(&(objectClass=inetorgperson)(mail={mail}))</getOneFilter> >>>>>>>>>>> </destinationService> >>>>>>>>>>> <syncOptions class="propertiesBasedSyncOptions" id="12"> >>>>>>>>>>> <conditions id="13"></conditions> >>>>>>>>>>> <mainIdentifier>"mail=" + >>>>>>>>>>> srcBean.getAttributeFirstValueById("mail") + >>>>>>>>>>> ",ou=DIT,dc=msk,dc=rian"</mainIdentifier> >>>>>>>>>>> <defaultDelimiter>;</defaultDelimiter> >>>>>>>>>>> <defaultPolicy>FORCE</defaultPolicy> >>>>>>>>>>> </syncOptions> >>>>>>>>>>> </task> >>>>>>>>>>> </tasks> >>>>>>>>>>> </lsc> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Thu, Sep 22, 2011 at 6:21 PM, Sébastien Bahloul < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> > Oh ! I read the first error message to fast : the error is >>>>>>>>>>> simply that the >>>>>>>>>>> > first list request on the source directory has not returned any >>>>>>>>>>> data. >>>>>>>>>>> > Try an external search with the following parameter on your >>>>>>>>>>> source directory >>>>>>>>>>> > : >>>>>>>>>>> > base: ou=DIT,dc=msk,dc=rian >>>>>>>>>>> > filter: (objectClass=organizationalPerson) >>>>>>>>>>> > requested attributes: mail >>>>>>>>>>> > and fix the corresponding parameter ! >>>>>>>>>>> > Regards >>>>>>>>>>> > >>>>>>>>>>> > -- >>>>>>>>>>> > Sebastien BAHLOUL >>>>>>>>>>> > IAM / Security specialist >>>>>>>>>>> > Ldap Synchronization Connector : http://lsc-project.org >>>>>>>>>>> > Blog : http://sbahloul.wordpress.com/ >>>>>>>>>>> > >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Rgrds, Pavel Morozov >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Sebastien BAHLOUL >>>>>>>>>> IAM / Security specialist >>>>>>>>>> Ldap Synchronization Connector : http://lsc-project.org >>>>>>>>>> Blog : http://sbahloul.wordpress.com/ >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Rgrds, Pavel Morozov >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Rgrds, Pavel Morozov >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Rgrds, Pavel Morozov >>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Rgrds, Pavel Morozov >>>> >>> >>> >>> >>> -- >>> Rgrds, Pavel Morozov >>> >> >> > > > -- > Rgrds, Pavel Morozov >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
