Hello, so to make sure i understand you:
I crawl by employeeNumber because it is a UID for the person and will not change. The attribute UID in openLDAP which is used for unix/linux identification ist like this: firstname.lastname. As i understand this would mean, if i do not change the employeeNumber the Attribute UID (which is mapped to sAMAccount) will not be updatet in my AD? If this is correct, can someone help me to configure the script? 2011/9/30 Clément OUDOT <[email protected]> > 2011/9/30 <[email protected]>: > > Hello, > > this is the debug from the lsc tool. The opnldap admin still swears there > is > > nothing to have in the log. Is this helpfull ? I will see how to use > > wireshark althoug i am not much of a network guy. > > Creating a new User: > > Sep 30 11:40:19 - DEBUG - Reading configuration from > > /opt/lsc-openldap2ad/etc/ > > Sep 30 11:40:19 - DEBUG - Loading configuration url: > > file:/opt/lsc-openldap2ad/etc/lsc.properties > > Sep 30 11:40:19 - INFO - Starting sync for user > > Sep 30 11:40:19 - INFO - Connecting to LDAP server > > ldaps://serversrc/dc=srcdomain,dc=local as > cn=adsync,dc=srcdomain,dc=local > > Sep 30 11:40:19 - DEBUG - Using JNDI URL setting of > > "ldaps://serversrc:636/dc=srcdomain,dc=local??base?(objectclass=*) " > > Sep 30 11:40:20 - DEBUG - Adding 'F' sync type for attribute name > > objectClass. > > Sep 30 11:40:20 - DEBUG - Adding 'K' sync type for attribute name > > unicodePwd. > > Sep 30 11:40:20 - DEBUG - Adding 'F' sync type for attribute name > default. > > Sep 30 11:40:20 - DEBUG - Synchronizing user for {employeenumber=999998} > > Sep 30 11:40:20 - INFO - Connecting to LDAP server > > ldap://dstdomain.dstdomain.local:389/dc=dstdomain,dc=local as > > CN=adsync,CN=Users,DC=dstdomain,DC=local with STARTTLS extended operation > > Sep 30 11:40:20 - DEBUG - Using JNDI URL setting of > > > "ldap://dstdomain.dstdomain.local:389/dc=dstdomain,dc=local??base?(objectclass=*) > > " > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > List of attributes considered for writing in destination: [givenName, > > employeeType, cn, l, displayName, telephoneNumber, userPrincipalName, > > streetAddress, department, employeeNumber, mail, title, postalCode, > > objectClass, sAMAccountName, preferredLanguage, facsimileTelephoneNumber, > > sn, userAccountControl, departmentNumber, company] > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "givenName" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Adding attribute "givenName" with values [Test] > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "employeeType" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Adding attribute "employeeType" with values [ARZTHELFERIN] > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "cn" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Adding attribute "cn" with values [Sync1 Test] > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "l" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "l" will not be written to the destination > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "displayName" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Adding attribute "displayName" with values [Sync1 Test] > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "telephoneNumber" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "telephoneNumber" will not be written to the destination > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "userPrincipalName" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Adding attribute "userPrincipalName" with values > > [[email protected]] > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "streetAddress" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "streetAddress" will not be written to the destination > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "department" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Adding attribute "department" with values [E D V] > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "employeeNumber" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Adding attribute "employeeNumber" with values [999998] > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "mail" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Adding attribute "mail" with values [[email protected]] > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "title" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "title" will not be written to the destination > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "postalCode" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "postalCode" will not be written to the destination > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "objectClass" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Adding attribute "objectClass" with values [organizationalPerson, > person, > > top, user] > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "sAMAccountName" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Adding attribute "sAMAccountName" with values [test.sync1] > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "preferredLanguage" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Adding attribute "preferredLanguage" with values [de_DE] > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "facsimileTelephoneNumber" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "facsimileTelephoneNumber" will not be written to the > destination > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "sn" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Adding attribute "sn" with values [Sync1] > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "userAccountControl" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Adding attribute "userAccountControl" with values [544] > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "departmentNumber" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Adding attribute "departmentNumber" with values [5451] > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Attribute "company" is in FORCE status > > Sep 30 11:40:20 - DEBUG - In entry "cn=Sync1 Test,ou=dstdomaintestsync": > > Adding attribute "company" with values [dstdomain GmbH] > > Sep 30 11:40:20 - INFO - # Adding new entry cn=Sync1 > > Test,ou=dstdomaintestsync for user > > dn: cn=Sync1 Test,ou=dstdomaintestsync,dc=dstdomain,dc=local > > changetype: add > > givenName: Test > > employeeType: ARZTHELFERIN > > cn: Sync1 Test > > displayName: Sync1 Test > > userPrincipalName: [email protected] > > department: E D V > > employeeNumber: 999998 > > mail: [email protected] > > objectClass: organizationalPerson > > objectClass: person > > objectClass: top > > objectClass: user > > sAMAccountName: test.sync1 > > preferredLanguage: de_DE > > sn: Sync1 > > userAccountControl: 544 > > departmentNumber: 5451 > > company: dstdomain GmbH > > Sep 30 11:40:20 - INFO - All entries: 1, to modify entries: 1, modified > > entries: 1, errors: 0 > > Sep 30 11:40:20 - INFO - Starting clean for user > > Sep 30 11:40:20 - DEBUG - Using pagedResults control for 1000 entries at > a > > time > > Sep 30 11:40:20 - INFO - All entries: 1, to modify entries: 0, modified > > entries: 0, errors: 0 > > It was changed: cn, displayName, Email und sn > > Sync afterwards: > > Sep 30 11:43:01 - DEBUG - Reading configuration from > > /opt/lsc-openldap2ad/etc/ > > Sep 30 11:43:01 - DEBUG - Loading configuration url: > > file:/opt/lsc-openldap2ad/etc/lsc.properties > > Sep 30 11:43:01 - INFO - Starting sync for user > > Sep 30 11:43:01 - INFO - Connecting to LDAP server > > ldaps://serversrc/dc=srcdomain,dc=local as > cn=adsync,dc=srcdomain,dc=local > > Sep 30 11:43:01 - DEBUG - Using JNDI URL setting of > > "ldaps://serversrc:636/dc=srcdomain,dc=local??base?(objectclass=*) " > > Sep 30 11:43:02 - DEBUG - Adding 'F' sync type for attribute name > > objectClass. > > Sep 30 11:43:02 - DEBUG - Adding 'K' sync type for attribute name > > unicodePwd. > > Sep 30 11:43:02 - DEBUG - Adding 'F' sync type for attribute name > default. > > Sep 30 11:43:02 - DEBUG - Synchronizing user for {employeenumber=999998} > > Sep 30 11:43:02 - INFO - Connecting to LDAP server > > ldap://dstdomain.dstdomain.local:389/dc=dstdomain,dc=local as > > CN=adsync,CN=Users,DC=dstdomain,DC=local with STARTTLS extended operation > > Sep 30 11:43:02 - DEBUG - Using JNDI URL setting of > > > "ldap://dstdomain.dstdomain.local:389/dc=dstdomain,dc=local??base?(objectclass=*) > > " > > Sep 30 11:43:02 - INFO - All entries: 1, to modify entries: 0, modified > > entries: 0, errors: 0 > > Sep 30 11:43:02 - INFO - Starting clean for user > > Sep 30 11:43:02 - DEBUG - Using pagedResults control for 1000 entries at > a > > time > > Sep 30 11:43:02 - INFO - All entries: 1, to modify entries: 0, modified > > entries: 0, errors: 0 > > > Hi, > > renaming an entry in OpenLDAP will not automatically rename the entry > in AD. This depends on how are built the DN (which is entry name). If > AD uses "cn" to build the DN, and cn do not change, the entry will not > renamed, even if it was renamed in OpenLDAP (by changing "uid"). > > > Clément. >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
