2011/10/24 Anna Panagidou <[email protected]>: > Hello, > > > > I am new to LSC and I am trying to connect AD to an openldap which is > basically empty of users. I have installed lsc-1.2.1 and configured > lsc.properties according to the sample config file. When I try to > synchronize my own AD entry to the openldap it fails because as I understand > srcBean.getAttributeValueById does not return a value (can be seen from my > logs below) so the new rdn is wrong and cannot be written to the openldap. > I want to mention that the sample test works fine though ie it connects to > the sample database and updates the sample ldap. > > > > Any help is welcome. > > > > The dn of my entry in AD: dn: CN=Anna Panagidou,OU=UsersOU,DC=velti,DC=net > > > > The lsc configuration (I have omitted the src and dst naming sections as > they don’t seem to be the problem): > > > > lsc.tasks = AD2ldap > > > > lsc.tasks.AD2ldap.srcService = org.lsc.jndi.SimpleJndiSrcService > > lsc.tasks.AD2ldap.srcService.baseDn = OU=UsersOU > > lsc.tasks.AD2ldap.srcService.filterAll = > (&(objectClass=user)(sAMAccountName=apanagidou)) > > lsc.tasks.AD2ldap.srcService.pivotAttrs = sAMAccountName > > lsc.tasks.AD2ldap.srcService.filterId = > (&(objectClass=user)(sAMAccountName={sAMAccountName})) > > lsc.tasks.AD2ldap.srcService.attrs = description cn sn > > > > lsc.tasks.AD2ldap.dstService = org.lsc.jndi.SimpleJndiDstService > > lsc.tasks.AD2ldap.dstService.baseDn = ou=UsersOU > > lsc.tasks.AD2ldap.dstService.filterAll = (objectClass=inetOrgPerson) > > lsc.tasks.AD2ldap.dstService.pivotAttrs = sAMAccountName > > lsc.tasks.AD2ldap.dstService.filterId = (&(objectClass=inetOrgPerson)( > sAMAccountName={sAMAccountName})) > > lsc.tasks.AD2ldap.dstService.attrs = description cn sn objectClass > > > > lsc.tasks.AD2ldap.bean = org.lsc.beans.SimpleBean > > lsc.tasks.AD2ldap.dn = "sAMAccountName=" + > srcBean.getAttributeValueById("sAMAccountName") + ",ou=UsersOU" > > dn.real_root = dc=velti,dc=net > > > > lsc.syncoptions.AD2ldap = > org.lsc.beans.syncoptions.PropertiesBasedSyncOptions > > lsc.syncoptions.AD2ldap.default.action = F > > lsc.syncoptions.AD2ldap.objectClass.action = K > > lsc.syncoptions.AD2ldap.objectClass.create_value = > "inetOrgPerson","organizationalPerson","person","top","posixAccount" > > > > My openldap currently has only got the following entries: > > # velti.net > > dn: dc=velti,dc=net > > dc: velti > > objectClass: top > > objectClass: domain > > > > # UsersOU, velti.net > > dn: ou=UsersOU,dc=velti,dc=net > > ou: UsersOU > > objectClass: top > > objectClass: organizationalUnit > > > > # Group, velti.net > > dn: ou=Group,dc=velti,dc=net > > ou: Group > > objectClass: top > > objectClass: organizationalUnit > > > > Logs from the synchronization: > > > > /opt/lsc-1.2.1/bin/lsc --config /opt/lsc-1.2.1/etc/ --synchronize all > > Oct 24 12:57:36 - DEBUG - Reading configuration from /opt/lsc-1.2.1/etc/ > > Oct 24 12:57:36 - DEBUG - Loading configuration url: > file:/opt/lsc-1.2.1/etc/lsc.properties > > Oct 24 12:57:36 - INFO - Starting sync for AD2ldap > > Oct 24 12:57:36 - INFO - Connecting to LDAP server > ldap://10.1.1.10:389/dc=velti,dc=net as cn=Anna > Panagidou,OU=UsersOU,dc=velti,dc=net > > Oct 24 12:57:36 - DEBUG - Using JNDI URL setting of > "ldap://10.1.1.10:389/dc=velti,dc=net??base?(objectclass=*) " > > Oct 24 12:57:36 - DEBUG - Using pagedResults control for 1000 entries at a > time > > Oct 24 12:57:36 - DEBUG - Adding 'K' sync type for attribute name > objectClass. > > Oct 24 12:57:36 - DEBUG - Adding 'F' sync type for attribute name default. > > Oct 24 12:57:36 - DEBUG - Synchronizing AD2ldap for > {samaccountname=apanagidou} > > Oct 24 12:57:36 - INFO - Connecting to LDAP server > ldap://localhost:389/dc=velti,dc=net as cn=root,dc=velti,dc=net > > Oct 24 12:57:36 - DEBUG - Using JNDI URL setting of > "ldap://localhost:389/dc=velti,dc=net??base?(objectclass=*) " > > Oct 24 12:57:36 - DEBUG - In entry "sAMAccountName=,ou=UsersOU": List of > attributes considered for writing in destination: [sn, cn, description, > objectClass] > > Oct 24 12:57:36 - DEBUG - In entry "sAMAccountName=,ou=UsersOU": Attribute > "sn" is in FORCE status > > Oct 24 12:57:36 - DEBUG - In entry "sAMAccountName=,ou=UsersOU": Adding > attribute "sn" with values [Panagidou] > > Oct 24 12:57:36 - DEBUG - In entry "sAMAccountName=,ou=UsersOU": Attribute > "cn" is in FORCE status > > Oct 24 12:57:36 - DEBUG - In entry "sAMAccountName=,ou=UsersOU": Adding > attribute "cn" with values [Anna Panagidou] > > Oct 24 12:57:36 - DEBUG - In entry "sAMAccountName=,ou=UsersOU": Attribute > "description" is in FORCE status > > Oct 24 12:57:36 - DEBUG - In entry "sAMAccountName=,ou=UsersOU": Attribute > "description" will not be written to the destination > > Oct 24 12:57:36 - DEBUG - In entry "sAMAccountName=,ou=UsersOU": Attribute > "objectClass" is in KEEP status > > Oct 24 12:57:36 - DEBUG - In entry "sAMAccountName=,ou=UsersOU": Adding > attribute "objectClass" with values [posixAccount] > > Oct 24 12:57:36 - ERROR - Error while adding entry > sAMAccountName=,ou=UsersOU in directory :javax.naming.InvalidNameException: > sAMAccountName=,ou=UsersOU: [LDAP: error code 34 - invalid DN]; remaining > name 'sAMAccountName=,ou=UsersOU' > > Oct 24 12:57:36 - ERROR - Error while synchronizing ID > sAMAccountName=,ou=UsersOU: java.lang.Exception: Technical problem while > applying modifications to directory > > Oct 24 12:57:36 - DEBUG - java.lang.Exception: Technical problem while > applying modifications to directory > > java.lang.Exception: Technical problem while applying modifications to > directory > > at > org.lsc.AbstractSynchronize.synchronize2Ldap(AbstractSynchronize.java:399) > [lsc-core-1.2.1.jar:na] > > at org.lsc.SimpleSynchronize.launchTask(SimpleSynchronize.java:272) > [lsc-core-1.2.1.jar:na] > > at org.lsc.SimpleSynchronize.launch(SimpleSynchronize.java:155) > [lsc-core-1.2.1.jar:na] > > at org.lsc.Launcher.run(Launcher.java:151) [lsc-core-1.2.1.jar:na] > > at org.lsc.Launcher.main(Launcher.java:123) [lsc-core-1.2.1.jar:na] > > dn: sAMAccountName=,ou=UsersOU,dc=velti,dc=net > > changetype: add > > sn: Panagidou > > cn: Anna Panagidou > > objectClass: posixAccount > > > > Oct 24 12:57:36 - ERROR - All entries: 1, to modify entries: 1, modified > entries: 0, errors: 1
Hello, you are trying to create an entry in OpenLDAP with DN like sAMAccountName=...,... but OpenLDAP do not know this attribute (it is AD specific). Try maybe to use CN as RDN for your OpenLDAP entries, or map sAMAccountName to uid. Clément. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
