I'm actually getting very close to being able to put the dst.uid in place of
the src.cn. Why is ldap complaining with error code 34?
Nov 02 23:45:59 - DEBUG - Synchronizing user for {gidnumber=3000, uid=Tom
Smith, uidnumber=4146}
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": List of attributes
considered for writing in destination: [sn, AD.userAccountControl, cn,
sAMAccountName, gidNumber, uidNumber, objectClass, givenName]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute "sn" is in
FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Adding attribute "sn"
with values [tsmith]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute
"AD.userAccountControl" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute
"AD.userAccountControl" will not be written to the destination
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute "cn" is in
FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Adding attribute "cn"
with values [Tom Smith]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute
"sAMAccountName" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Adding attribute
"sAMAccountName" with values [tsmith]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute "gidNumber"
is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Adding attribute
"gidNumber" with values [3000]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute "uidNumber"
is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Adding attribute
"uidNumber" with values [4146]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute
"objectClass" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Adding attribute
"objectClass" with values [organizationalPerson, person, user, top]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute "givenName"
is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Adding attribute
"givenName" with values [Tom Smith]
Nov 02 23:45:59 - ERROR - Error while adding entry CN=tsmith,CN=Users in
directory :javax.naming.InvalidNameException: CN=tsmith,CN=Users: [LDAP: error
code 34 - 00002081: NameErr: DSID-03050C42, problem 2003 (BAD_ATT_SYNTAX), data
0, best match of:
'CN=tsmith,CN=Users,dc=example,dc=local'
]; remaining name 'CN=tsmith,CN=Users'
Nov 02 23:45:59 - ERROR - Error while synchronizing ID CN=tsmith,CN=Users:
java.lang.Exception: Technical problem while applying modifications to directory
Nov 02 23:45:59 - DEBUG - java.lang.Exception: Technical problem while applying
modifications to directory
java.lang.Exception: Technical problem while applying modifications to directory
at
org.lsc.AbstractSynchronize.synchronize2Ldap(AbstractSynchronize.java:399)
[lsc-core-1.2.1.jar:na]
at org.lsc.SimpleSynchronize.launchTask(SimpleSynchronize.java:272)
[lsc-core-1.2.1.jar:na]
at org.lsc.SimpleSynchronize.launch(SimpleSynchronize.java:155)
[lsc-core-1.2.1.jar:na]
at org.lsc.Launcher.run(Launcher.java:151) [lsc-core-1.2.1.jar:na]
at org.lsc.Launcher.main(Launcher.java:123) [lsc-core-1.2.1.jar:na]
dn: CN=tsmith,CN=Users,DC=example,DC=local
changetype: add
sn: tsmith
cn: Tom Smith
sAMAccountName: tsmith
gidNumber: 3000
uidNumber: 4146
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
givenName: Tom Smith
-----Original Message-----
From: Rohler, Brian L
Sent: Wednesday, November 02, 2011 11:27 PM
To: 'Clément OUDOT'
Cc: [email protected]
Subject: RE: [lsc-users] LDAP: error code 53 - 00002077
Importance: High
Sorry for my instance and my ignorance but it looks like this should be a
fairly easy thing to do but I can't get it to work.
I have a CN="Tom Smith" and a uid="tsmith" which comes in from the source (LDAP
on linux).
I don't want the CN="Tom Smith" to go into my destination (AD on windows)
I would like to have the CN="tsmith" go into my destination (AD on windows).
How do I do this? What type of conditional code can I use to get this to work?
Thanks,
Brian
-----Original Message-----
From: Clément OUDOT [mailto:[email protected]]
Sent: Monday, October 31, 2011 6:42 PM
To: Rohler, Brian L
Cc: [email protected]
Subject: Re: [lsc-users] LDAP: error code 53 - 00002077
Le 30 octobre 2011 22:29, Rohler, Brian L <[email protected]> a écrit :
> Thanks for the tip but I did get entries going into AD now by making the
> following change:
>
> Before
> lsc.tasks.user.dstService.filterAll =
> (&(sAMAccountName=*)(&(objectClass=user))
>
> After
> lsc.tasks.user.dstService.filterAll =
> (&(sAMAccountName=*)(&(objectClass=user)(!(objectClass=computer))))
>
>
> Now I do have a couple other questions.
>
> 1 - I'm trying to use the "uid" from my ldap (src) as the CN for the DN but
> then then the script fails.
>
> uid from ldap = msmith
> cn = Marc Smith
>
> For example:
> ------------
> Oct 30 17:15:05 - INFO - # Adding new entry CN=Marc
> Smith,CN=Users,DC=nees36,DC=local for user
> dn: CN=Marc Smith,CN=Users,DC=nees36,DC=local
> changetype: add
> sn: Smith
> cn: Marc smith
> givenName: smith
> sAMAccountName: smith
> objectClass: organizationalPerson
> objectClass: person
> objectClass: user
> objectClass: top
>
> Here's what I prefer the entry go in as:
> ----------------------------------------
> Oct 30 17:15:05 - INFO - # Adding new entry
> CN=msmith,CN=Users,DC=nees36,DC=local for user
> dn: CN=msmith,CN=Users,DC=nees36,DC=local
> changetype: add
> cn: Marc Smith
> sAMAccountName: msmith
> givenName: Marc
> sn: Smith
> objectClass: organizationalPerson
> objectClass: person
> objectClass: user
> objectClass: top
>
> What does it take to get this format to come out correctly.
You have to set the dest cn value to the source uid value too (not only for the
DN).
> It also has the "User must change password at next logon" set which I do not
> want set.
>
> 2 - I can't seem to get the userAccountControl value set. It is always
> 546
> 512 - normal_account
> 32 - password_notreqd
> 2 - accountdiabled
> ----------------------------
> 546
>
> This is what I would like for it to be set to.
> 65536 - dont_expire_password
> 512 - normal_account
> 64 - passwd_cant_change
> 32 - password_notreqd
> 2 - accountdiabled
> -----------------------------
> 66144
>
> lsc.syncoptions.user.userAccountControl.create_value =
> AD.userAccountControlSet( "0", "66144")
If this does not work, you maybe have to use another account with more
privileges to bind to AD.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
