Thanks for the tip but I did get entries going into AD now by making the
following change:
Before
lsc.tasks.user.dstService.filterAll = (&(sAMAccountName=*)(&(objectClass=user))
After
lsc.tasks.user.dstService.filterAll =
(&(sAMAccountName=*)(&(objectClass=user)(!(objectClass=computer))))
Now I do have a couple other questions.
1 - I'm trying to use the "uid" from my ldap (src) as the CN for the DN but
then then the script fails.
uid from ldap = msmith
cn = Marc Smith
For example:
------------
Oct 30 17:15:05 - INFO - # Adding new entry CN=Marc
Smith,CN=Users,DC=nees36,DC=local for user
dn: CN=Marc Smith,CN=Users,DC=nees36,DC=local
changetype: add
sn: Smith
cn: Marc smith
givenName: smith
sAMAccountName: smith
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
Here's what I prefer the entry go in as:
----------------------------------------
Oct 30 17:15:05 - INFO - # Adding new entry
CN=msmith,CN=Users,DC=nees36,DC=local for user
dn: CN=msmith,CN=Users,DC=nees36,DC=local
changetype: add
cn: Marc Smith
sAMAccountName: msmith
givenName: Marc
sn: Smith
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
What does it take to get this format to come out correctly. It also has the
"User must change password at next logon" set which I do not want set.
2 - I can't seem to get the userAccountControl value set. It is always 546
512 - normal_account
32 - password_notreqd
2 - accountdiabled
----------------------------
546
This is what I would like for it to be set to.
65536 - dont_expire_password
512 - normal_account
64 - passwd_cant_change
32 - password_notreqd
2 - accountdiabled
-----------------------------
66144
lsc.syncoptions.user.userAccountControl.create_value =
AD.userAccountControlSet( "0", "66144")
-----Original Message-----
From: Clément OUDOT [mailto:[email protected]]
Sent: Sunday, October 30, 2011 7:13 AM
To: Rohler, Brian L
Cc: [email protected]
Subject: Re: [lsc-users] LDAP: error code 53 - 00002077
2011/10/29 Rohler, Brian L <[email protected]>:
> I've made some progress on get LSC (1.2.1) to work between LDAP (linux
> debian) and AD (2008 R2).
>
>
>
> I'm getting the following error now and can't seem to get past it. It
> looks to be related to something within AD not allow me to add users.
> Any help would be greatly appreciated!!!
>
>
>
> Brian
>
>
>
> #############
>
> Snippet from the lsc.log
>
> #############
>
> Oct 28 22:18:31 - ERROR - Error while adding entry CN=Tom
> Smith,CN=Users,DC=nees36,DC=local in directory
> :javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
> 00002077: SvcErr: DSID-031907E9, problem 5003 (WILL_NOT_PERFORM), data
> 0
>
> ]; remaining name 'CN=Tom Smith,CN=Users'
>
> Oct 28 22:18:31 - ERROR - Error while synchronizing ID CN=Tom
> Smith,CN=Users,DC=nees36,DC=local: java.lang.Exception: Technical
> problem while applying modifications to directory
>
> dn: CN=Tom Smith,CN=Users,DC=nees36,DC=local
>
> changetype: add
>
> cn: Tom Smith
>
> sAMAccountName: tsmith
>
> objectClass: organizationalPerson
>
>
>
>
>
>
>
> #############
>
> lsc.properties
>
> #############
>
>
>
> ######################################################################
> ###################
>
> # Tasks configuration
>
> ######################################################################
> ###################
>
> # Java class name for the service to read objects from the source
>
> # List of defined tasks, seperated by commas
>
> lsc.tasks = user
>
>
>
> #########################
>
> # User - Tasks
>
> #########################
>
> lsc.tasks.user.type = ldap2ldap
>
> lsc.tasks.user.condition.create = true
>
> lsc.tasks.user.condition.update = true
>
> lsc.tasks.user.condition.delete = false
>
> lsc.tasks.user.condition.modrdn = false
>
>
>
> ######################################################################
> ###################
>
> # SimpleJndiSrcService parameters (Linux LDAP)
>
> # The parameters in this section only apply to the
> SimpleJndiSrcService
>
> ######################################################################
> ###################
>
> lsc.tasks.user.srcService = org.lsc.jndi.SimpleJndiSrcService
>
> lsc.tasks.user.srcService.filterAll = (&(uid=*)
> (objectClass=inetOrgPerson))
>
> lsc.tasks.user.srcService.baseDn = ou=Users
>
> lsc.tasks.user.srcService.attrs = cn uid
>
> lsc.tasks.user.srcService.filterId =
> (&(objectClass=inetOrgPerson)(uid={uid}))
>
> lsc.tasks.user.srcService.pivotAttrs = uid
>
>
>
> ######################################################################
> ###################
>
> # SimpleJndiDstService parameters (Windows Active Directory)
>
> ######################################################################
> ###################
>
> lsc.tasks.user.dstService = org.lsc.jndi.SimpleJndiDstService
>
> lsc.tasks.user.dstService.filterAll =
> (&(sAMAccountName=*)(objectClass=user))
>
> lsc.tasks.user.dstService.baseDn = cn=Users
>
> lsc.tasks.user.dstService.attrs = cn sAMAccountName objectClass
>
> lsc.tasks.user.dstService.filterId =
> (&(objectClass=user)(sAMAccountName={uid}))
>
> lsc.tasks.user.dstService.pivotAttrs = uid
>
>
>
> ######################################################################
> ###################
>
> # Java class name for the LDAP objectClass to compare source and
> destination objects
>
> # This should be the LDAP objectClass of entries in the destination
> directory
>
> ######################################################################
> ###################
>
> lsc.tasks.user.bean = org.lsc.beans.SimpleBean
>
>
>
> ######################################################################
> ###################
>
> # Construct a DN for new entries in the destination directory
>
> # This is a JavaScript expression, and can access any utility
> functions and the srcBean.
>
> # It should be relative to the LDAP context specified in
> dst.java.naming.provider.url
>
> ######################################################################
> ###################
>
> lsc.tasks.user.dn = "CN=" + srcBean.getAttributeValueById("cn") +
> ",CN=Users,DC=nees36,DC=local"
>
> dn.real_root = DC=nees36,DC=local
>
>
>
> #########################
>
> # User - Syncoptions
>
> #########################
>
> lsc.syncoptions.user =
> org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
>
> lsc.syncoptions.user.objectClass.action = F
>
> lsc.syncoptions.user.objectClass.force_value =
> "top";"user";"person";"organizationalPerson"
>
> lsc.syncoptions.user.sAMAccountName.create_value =
> srcBean.getAttributeValueById("uid")
>
> lsc.syncoptions.user.userPrincipalName.force_value =
> srcBean.getAttributeValueById("uid") + "@nees36.local"
>
> #lsc.syncoptions.user.userAccountControl.create_value =
> AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT])
>
> lsc.syncoptions.user.userAccountControl.create_value =
> AD.userAccountControlSet( "0", [AD.UAC_SET_PASSWD_NOTREQD,
> AD.UAC_SET_NORMAL_ACCOUNT])
>
> lsc.syncoptions.user.pwdLastset.create_value = "0"
>
> lsc.syncoptions.user.unicodePwd.create_value =
> AD.getUnicodePwd("secret")
>
> lsc.syncoptions.user.default.action = F
>
> lsc.syncoptions.user.default.delimiter = $
>
>
Hi,
it seems the entry you try to create is incomplete. First thing I see, you set
the delimiter to '$' :
lsc.syncoptions.user.default.delimiter = $
But you use ';' for objectClass :
lsc.syncoptions.user.objectClass.force_value =
"top";"user";"person";"organizationalPerson"
Remove the default delimiter option.
Clément.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
