~/lsc-1.2.1# clear; bin/lsc -f etc -c all -s all Nov 02 09:10:40 - DEBUG - Reading configuration from /root/lsc-1.2.1/etc/ Nov 02 09:10:40 - DEBUG - Loading configuration url: file:/root/lsc-1.2.1/etc/lsc.properties Nov 02 09:10:40 - INFO - Starting sync for user Nov 02 09:10:40 - INFO - Connecting to LDAP server ldap://localhost/DC=neeshub,DC=org as cn=search,dc=neeshub,dc=org Nov 02 09:10:40 - DEBUG - Using JNDI URL setting of "ldap://localhost:389/dc=neeshub,dc=org??base?(objectclass=*) " Nov 02 09:10:41 - DEBUG - Adding 'F' sync type for attribute name objectClass. Nov 02 09:10:41 - DEBUG - Adding 'F' sync type for attribute name default. Nov 02 09:10:41 - DEBUG - Synchronizing user for {gidnumber=3000, uid=gjie, uidnumber=2718} Nov 02 09:10:41 - INFO - Connecting to LDAP server ldaps://example.neeshub.org/DC=example,DC=local as CN=administrator,CN=Users,DC=example,DC=local Nov 02 09:10:41 - DEBUG - Using JNDI URL setting of "ldaps://example.neeshub.org:636/dc=example,dc=local??base?(objectclass=*) " Nov 02 09:10:41 - ERROR - Error opening the LDAP connection to the destination! Nov 02 09:10:41 - ERROR - Error while synchronizing ID {gidnumber=3000, uid=gjie, uidnumber=2718}: java.lang.RuntimeException: javax.naming.CommunicationException: simple bind failed: example.neeshub.org:636 [Root exception is java.net.SocketException: Connection reset] Nov 02 09:10:41 - DEBUG - java.lang.RuntimeException: javax.naming.CommunicationException: simple bind failed: example.neeshub.org:636 [Root exception is java.net.SocketException: Connection reset]
I did't paste any more since it failed the connection. From: Sébastien Bahloul [mailto:[email protected]] Sent: Wednesday, November 02, 2011 8:01 AM To: Rohler, Brian L Cc: [email protected] Subject: Re: [lsc-users] SSL over LDAP issue Hi Brian, Can you setup the DEBUG level and pastebin the exception ? Regards, -- Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2011/11/2 Rohler, Brian L <[email protected]<mailto:[email protected]>> I've have followed the instructions at http://lsc-project.org/wiki/documentation/1.2/howtos/ssltls but I still can't get a connection to AD. Nov 01 16:06:08 - INFO - Starting sync for user Nov 01 16:06:08 - INFO - Connecting to LDAP server ldap://localhost/DC=example,DC=org as cn=search,dc=example,dc=org Nov 01 16:06:09 - INFO - Connecting to LDAP server ldaps://server.example.org/DC=example,DC=local<http://server.example.org/DC=example,DC=local> as CN=administrator,CN=Users,DC=example,DC=local Nov 01 16:06:09 - ERROR - Error opening the LDAP connection to the destination! What else am I doing wrong? Connection to port 389 works great. The firewall has port 389 and 636 open on inbound connections. ######################################################################################### # Destination Server Configuration for Active Directory ######################################################################################### # This section is mandatory since all synchronizations currently go to an LDAP directory. # Connection URL. This must include a valid LDAP context. dst.java.naming.provider.url = ldaps://server.example.org/DC=example,DC=local<http://server.example.org/DC=example,DC=local> dst.java.naming.security.authentication = simple dst.java.naming.tls = true dst.java.naming.security.principal = CN=administrator,CN=Users,DC=example,DC=local dst.java.naming.security.credentials = secret dst.java.naming.referral = ignore dst.java.naming.ldap.derefAliases = never dst.java.naming.ldap.pageSize=1000 dst.java.naming.ldap.sortedBy=sAMAccountName dst.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory dst.java.naming.ldap.version = 3 _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected]<mailto:[email protected]> http://lists.lsc-project.org/listinfo/lsc-users
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
