I’ve made some progress on get LSC (1.2.1) to work between LDAP (linux debian)
and AD (2008 R2).
I’m getting the following error now and can’t seem to get past it. It looks to
be related to something within AD not allow me to add users. Any help would be
greatly appreciated!!!
Brian
#############
Snippet from the lsc.log
#############
Oct 28 22:18:31 - ERROR - Error while adding entry CN=Tom
Smith,CN=Users,DC=nees36,DC=local in directory
:javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077:
SvcErr: DSID-031907E9, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'CN=Tom Smith,CN=Users'
Oct 28 22:18:31 - ERROR - Error while synchronizing ID CN=Tom
Smith,CN=Users,DC=nees36,DC=local: java.lang.Exception: Technical problem while
applying modifications to directory
dn: CN=Tom Smith,CN=Users,DC=nees36,DC=local
changetype: add
cn: Tom Smith
sAMAccountName: tsmith
objectClass: organizationalPerson
#############
lsc.properties
#############
#########################################################################################
# Tasks configuration
#########################################################################################
# Java class name for the service to read objects from the source
# List of defined tasks, seperated by commas
lsc.tasks = user
#########################
# User - Tasks
#########################
lsc.tasks.user.type = ldap2ldap
lsc.tasks.user.condition.create = true
lsc.tasks.user.condition.update = true
lsc.tasks.user.condition.delete = false
lsc.tasks.user.condition.modrdn = false
#########################################################################################
# SimpleJndiSrcService parameters (Linux LDAP)
# The parameters in this section only apply to the SimpleJndiSrcService
#########################################################################################
lsc.tasks.user.srcService = org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.user.srcService.filterAll = (&(uid=*) (objectClass=inetOrgPerson))
lsc.tasks.user.srcService.baseDn = ou=Users
lsc.tasks.user.srcService.attrs = cn uid
lsc.tasks.user.srcService.filterId = (&(objectClass=inetOrgPerson)(uid={uid}))
lsc.tasks.user.srcService.pivotAttrs = uid
#########################################################################################
# SimpleJndiDstService parameters (Windows Active Directory)
#########################################################################################
lsc.tasks.user.dstService = org.lsc.jndi.SimpleJndiDstService
lsc.tasks.user.dstService.filterAll = (&(sAMAccountName=*)(objectClass=user))
lsc.tasks.user.dstService.baseDn = cn=Users
lsc.tasks.user.dstService.attrs = cn sAMAccountName objectClass
lsc.tasks.user.dstService.filterId = (&(objectClass=user)(sAMAccountName={uid}))
lsc.tasks.user.dstService.pivotAttrs = uid
#########################################################################################
# Java class name for the LDAP objectClass to compare source and destination
objects
# This should be the LDAP objectClass of entries in the destination directory
#########################################################################################
lsc.tasks.user.bean = org.lsc.beans.SimpleBean
#########################################################################################
# Construct a DN for new entries in the destination directory
# This is a JavaScript expression, and can access any utility functions and the
srcBean.
# It should be relative to the LDAP context specified in
dst.java.naming.provider.url
#########################################################################################
lsc.tasks.user.dn = "CN=" + srcBean.getAttributeValueById("cn") +
",CN=Users,DC=nees36,DC=local"
dn.real_root = DC=nees36,DC=local
#########################
# User - Syncoptions
#########################
lsc.syncoptions.user = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.user.objectClass.action = F
lsc.syncoptions.user.objectClass.force_value =
"top";"user";"person";"organizationalPerson"
lsc.syncoptions.user.sAMAccountName.create_value =
srcBean.getAttributeValueById("uid")
lsc.syncoptions.user.userPrincipalName.force_value =
srcBean.getAttributeValueById("uid") + "@nees36.local"
#lsc.syncoptions.user.userAccountControl.create_value =
AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT])
lsc.syncoptions.user.userAccountControl.create_value =
AD.userAccountControlSet( "0", [AD.UAC_SET_PASSWD_NOTREQD,
AD.UAC_SET_NORMAL_ACCOUNT])
lsc.syncoptions.user.pwdLastset.create_value = "0"
lsc.syncoptions.user.unicodePwd.create_value = AD.getUnicodePwd("secret")
lsc.syncoptions.user.default.action = F
lsc.syncoptions.user.default.delimiter = $
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
