Hi Brian, 1. It should not. What are the next logs ? 2. I suggest you replace INFO with WARN or ERROR inside logback.xml and you should get what you want.
Regards, -- Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2011/11/2 Rohler, Brian L <[email protected]> > Thanks Sebastien. I’m looking into the connection issue on 636 with my > windows server. It might be a certificate/key issue.**** > > ** ** > > By the way, two quick questions; **** > > ** ** > > 1 – Why does the script continue to run after getting the connection > error? I would think it should stop since everything past that point will > fail.**** > > ** ** > > 2 – Is there an option so that when this runs the only output to stdout > would be if there was a failure? When I set this up as a cronjob I would > prefer not to get an email unless there was a problem. At a minimum I would > prefer an email with just the high level comments and not all of the INFO > for each user who’s account was synced.**** > > ** ** > > Thanks,**** > > ** ** > > Brian**** > > ** ** > > *From:* Sébastien Bahloul [mailto:[email protected]] > *Sent:* Wednesday, November 02, 2011 9:36 AM > > *To:* Rohler, Brian L > *Cc:* [email protected] > *Subject:* Re: [lsc-users] SSL over LDAP issue**** > > ** ** > > This is because the host doesn't seem to accept connections to the 636 > port.**** > > ** ** > > Try with Apache Directory Studio to connect with the same credentials to > check from another tool.**** > > ** ** > > Regards,**** > > ** ** > > -- > Sebastien BAHLOUL > IAM / Security specialist > Ldap Synchronization Connector : http://lsc-project.org > Blog : http://sbahloul.wordpress.com/ > > > **** > > 2011/11/2 Rohler, Brian L <[email protected]>**** > > ~/lsc-1.2.1# clear; bin/lsc -f etc -c all -s all**** > > Nov 02 09:10:40 - DEBUG - Reading configuration from /root/lsc-1.2.1/etc/* > *** > > Nov 02 09:10:40 - DEBUG - Loading configuration url: > file:/root/lsc-1.2.1/etc/lsc.properties**** > > Nov 02 09:10:40 - INFO - Starting sync for user**** > > Nov 02 09:10:40 - INFO - Connecting to LDAP server > ldap://localhost/DC=neeshub,DC=org as cn=search,dc=neeshub,dc=org**** > > Nov 02 09:10:40 - DEBUG - Using JNDI URL setting of > "ldap://localhost:389/dc=neeshub,dc=org??base?(objectclass=*) "**** > > Nov 02 09:10:41 - DEBUG - Adding 'F' sync type for attribute name > objectClass.**** > > Nov 02 09:10:41 - DEBUG - Adding 'F' sync type for attribute name default. > **** > > Nov 02 09:10:41 - DEBUG - Synchronizing user for {gidnumber=3000, > uid=gjie, uidnumber=2718}**** > > Nov 02 09:10:41 - INFO - Connecting to LDAP server ldaps:// > example.neeshub.org/DC=example,DC=local as > CN=administrator,CN=Users,DC=example,DC=local**** > > Nov 02 09:10:41 - DEBUG - Using JNDI URL setting of "ldaps:// > example.neeshub.org:636/dc=example,dc=local??base?(objectclass=*) "**** > > Nov 02 09:10:41 - ERROR - Error opening the LDAP connection to the > destination!**** > > Nov 02 09:10:41 - ERROR - Error while synchronizing ID {gidnumber=3000, > uid=gjie, uidnumber=2718}: java.lang.RuntimeException: > javax.naming.CommunicationException: simple bind failed: > example.neeshub.org:636 [Root exception is java.net.SocketException: > Connection reset]**** > > Nov 02 09:10:41 - DEBUG - java.lang.RuntimeException: > javax.naming.CommunicationException: simple bind failed: > example.neeshub.org:636 [Root exception is java.net.SocketException: > Connection reset]**** > > **** > > I did’t paste any more since it failed the connection.**** > > **** > > *From:* Sébastien Bahloul [mailto:[email protected]] > *Sent:* Wednesday, November 02, 2011 8:01 AM > *To:* Rohler, Brian L > *Cc:* [email protected] > *Subject:* Re: [lsc-users] SSL over LDAP issue**** > > **** > > Hi Brian,**** > > **** > > Can you setup the DEBUG level and pastebin the exception ?**** > > **** > > Regards,**** > > **** > > -- > Sebastien BAHLOUL > IAM / Security specialist > Ldap Synchronization Connector : http://lsc-project.org > Blog : http://sbahloul.wordpress.com/ > > **** > > 2011/11/2 Rohler, Brian L <[email protected]>**** > > I've have followed the instructions at > http://lsc-project.org/wiki/documentation/1.2/howtos/ssltls but I still > can't get a connection to AD.**** > > **** > > Nov 01 16:06:08 - INFO - Starting sync for user**** > > Nov 01 16:06:08 - INFO - Connecting to LDAP server > ldap://localhost/DC=example,DC=org as cn=search,dc=example,dc=org**** > > Nov 01 16:06:09 - INFO - Connecting to LDAP server ldaps:// > server.example.org/DC=example,DC=local as > CN=administrator,CN=Users,DC=example,DC=local**** > > Nov 01 16:06:09 - ERROR - Error opening the LDAP connection to the > destination!**** > > **** > > What else am I doing wrong? Connection to port 389 works great. The > firewall has port 389 and 636 open on inbound connections. **** > > **** > > > ######################################################################################### > **** > > # Destination Server Configuration for Active Directory**** > > > ######################################################################################### > **** > > # This section is mandatory since all synchronizations currently go to an > LDAP directory.**** > > # Connection URL. This must include a valid LDAP context.**** > > dst.java.naming.provider.url = ldaps:// > server.example.org/DC=example,DC=local**** > > dst.java.naming.security.authentication = simple**** > > dst.java.naming.tls = true**** > > dst.java.naming.security.principal = > CN=administrator,CN=Users,DC=example,DC=local**** > > dst.java.naming.security.credentials = secret**** > > dst.java.naming.referral = ignore**** > > dst.java.naming.ldap.derefAliases = never**** > > dst.java.naming.ldap.pageSize=1000**** > > dst.java.naming.ldap.sortedBy=sAMAccountName**** > > dst.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory**** > > dst.java.naming.ldap.version = 3**** > > **** > > **** > > > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] > http://lists.lsc-project.org/listinfo/lsc-users**** > > **** > > ** ** >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
