2011/10/29 Rohler, Brian L <[email protected]>: > I’ve made some progress on get LSC (1.2.1) to work between LDAP (linux > debian) and AD (2008 R2). > > > > I’m getting the following error now and can’t seem to get past it. It looks > to be related to something within AD not allow me to add users. Any help > would be greatly appreciated!!! > > > > Brian > > > > ############# > > Snippet from the lsc.log > > ############# > > Oct 28 22:18:31 - ERROR - Error while adding entry CN=Tom > Smith,CN=Users,DC=nees36,DC=local in directory > :javax.naming.OperationNotSupportedException: [LDAP: error code 53 - > 00002077: SvcErr: DSID-031907E9, problem 5003 (WILL_NOT_PERFORM), data 0 > > ]; remaining name 'CN=Tom Smith,CN=Users' > > Oct 28 22:18:31 - ERROR - Error while synchronizing ID CN=Tom > Smith,CN=Users,DC=nees36,DC=local: java.lang.Exception: Technical problem > while applying modifications to directory > > dn: CN=Tom Smith,CN=Users,DC=nees36,DC=local > > changetype: add > > cn: Tom Smith > > sAMAccountName: tsmith > > objectClass: organizationalPerson > > > > > > > > ############# > > lsc.properties > > ############# > > > > ######################################################################################### > > # Tasks configuration > > ######################################################################################### > > # Java class name for the service to read objects from the source > > # List of defined tasks, seperated by commas > > lsc.tasks = user > > > > ######################### > > # User - Tasks > > ######################### > > lsc.tasks.user.type = ldap2ldap > > lsc.tasks.user.condition.create = true > > lsc.tasks.user.condition.update = true > > lsc.tasks.user.condition.delete = false > > lsc.tasks.user.condition.modrdn = false > > > > ######################################################################################### > > # SimpleJndiSrcService parameters (Linux LDAP) > > # The parameters in this section only apply to the SimpleJndiSrcService > > ######################################################################################### > > lsc.tasks.user.srcService = org.lsc.jndi.SimpleJndiSrcService > > lsc.tasks.user.srcService.filterAll = (&(uid=*) (objectClass=inetOrgPerson)) > > lsc.tasks.user.srcService.baseDn = ou=Users > > lsc.tasks.user.srcService.attrs = cn uid > > lsc.tasks.user.srcService.filterId = > (&(objectClass=inetOrgPerson)(uid={uid})) > > lsc.tasks.user.srcService.pivotAttrs = uid > > > > ######################################################################################### > > # SimpleJndiDstService parameters (Windows Active Directory) > > ######################################################################################### > > lsc.tasks.user.dstService = org.lsc.jndi.SimpleJndiDstService > > lsc.tasks.user.dstService.filterAll = > (&(sAMAccountName=*)(objectClass=user)) > > lsc.tasks.user.dstService.baseDn = cn=Users > > lsc.tasks.user.dstService.attrs = cn sAMAccountName objectClass > > lsc.tasks.user.dstService.filterId = > (&(objectClass=user)(sAMAccountName={uid})) > > lsc.tasks.user.dstService.pivotAttrs = uid > > > > ######################################################################################### > > # Java class name for the LDAP objectClass to compare source and destination > objects > > # This should be the LDAP objectClass of entries in the destination > directory > > ######################################################################################### > > lsc.tasks.user.bean = org.lsc.beans.SimpleBean > > > > ######################################################################################### > > # Construct a DN for new entries in the destination directory > > # This is a JavaScript expression, and can access any utility functions and > the srcBean. > > # It should be relative to the LDAP context specified in > dst.java.naming.provider.url > > ######################################################################################### > > lsc.tasks.user.dn = "CN=" + srcBean.getAttributeValueById("cn") + > ",CN=Users,DC=nees36,DC=local" > > dn.real_root = DC=nees36,DC=local > > > > ######################### > > # User - Syncoptions > > ######################### > > lsc.syncoptions.user = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions > > lsc.syncoptions.user.objectClass.action = F > > lsc.syncoptions.user.objectClass.force_value = > "top";"user";"person";"organizationalPerson" > > lsc.syncoptions.user.sAMAccountName.create_value = > srcBean.getAttributeValueById("uid") > > lsc.syncoptions.user.userPrincipalName.force_value = > srcBean.getAttributeValueById("uid") + "@nees36.local" > > #lsc.syncoptions.user.userAccountControl.create_value = > AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT]) > > lsc.syncoptions.user.userAccountControl.create_value = > AD.userAccountControlSet( "0", [AD.UAC_SET_PASSWD_NOTREQD, > AD.UAC_SET_NORMAL_ACCOUNT]) > > lsc.syncoptions.user.pwdLastset.create_value = "0" > > lsc.syncoptions.user.unicodePwd.create_value = AD.getUnicodePwd("secret") > > lsc.syncoptions.user.default.action = F > > lsc.syncoptions.user.default.delimiter = $ > >
Hi, it seems the entry you try to create is incomplete. First thing I see, you set the delimiter to '$' : lsc.syncoptions.user.default.delimiter = $ But you use ';' for objectClass : lsc.syncoptions.user.objectClass.force_value = "top";"user";"person";"organizationalPerson" Remove the default delimiter option. Clément. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
