Hi Che, Can you reexplain it ? It seems that your new filter is also incorrect :
(&(objectClass=user)(sAMAccountName=userX))*,*(uid=userX) Try (&(objectClass=user)(sAMAccountName=userX)(uid=userX)) Regards, -- Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2012/1/3 Che H M <[email protected]> > Great, > > It took me a while to use the ldapsearch, but it worked. > Also works if you add the "cn=users" > > I just need to compare the src baseDN and dst baseDN... think there might > be some mistake. Or I'll try the full DN again :) > > Jan 03 15:24:53 - ERROR - Error while looking for > (&(objectClass=user)(sAMAccountName=userX)),(uid=userX) in ou=cc: > javax.naming.directory.InvalidSearchFilterException: invalid attribute > description; remaining name 'ou=cc' > Jan 03 15:24:53 - ERROR - Error while synchronizing ID {uid=userX}: > javax.naming.directory.InvalidSearchFilterException: invalid attribute > description; remaining name 'ou=cc' > > > Thanks ! ! > > > > ------------------------------ > Date: Tue, 3 Jan 2012 14:54:27 +0100 > > Subject: Re: [lsc-users] errors running the example: synchronizing to/from > Active Directory > From: [email protected] > To: [email protected] > CC: [email protected] > > you can use ldapsearch tool provided by ldaputils > > However it's odd to have cn=administrator,dc=foo,dc=bar. Maybe ldp.exe > works negotiating, without specifiying the entire security context. > > Try to use cn=administrator,cn=users,dc=foo,dc=bar. Normally you find > there the default administrative account in active directory > > Alternativerly maybe you 389 port is not listening in the right interface. > Test from your Ubuntu machine if you are able to do a "telnet someIP 389". > If it works then you are facing ldap security context issues... > > On Tue, Jan 3, 2012 at 2:45 PM, Che H M <[email protected]> wrote: > > Hi Natan, > > Thansk for the correction > Foolish of me not noticing the "(", anyway I have a syncronization error > now, mainly caused by the connection error. > > If I manually connect using ldp.exe (from my windows 7 to my AD server) > with the same credentials, it works. > Thus CN=administrator is existing. > > I wonder if I must use SSL or not, it was not required when I connect > manually.... > > > dst.java.naming.provider.url = ldap://someIP:389/dc=foo,dc=bar > dst.java.naming.security.principal = cn=administrator,dc=foo,dc=bar > > > Is there anything in Ubuntu which I can use to test an ldap connection to > AD? > > > Thanks > > > ------------------------------ > Date: Tue, 3 Jan 2012 14:19:00 +0100 > Subject: Re: [lsc-users] errors running the example: synchronizing to/from > Active Directory > From: [email protected] > To: [email protected] > CC: [email protected] > > > Hi Che, your ldap filter seems wrong > > Try (&(objectClass=inetOrgPerson)(uid=userX)) instead of > (&objectClass=inetOrgPerson)(uid=userX)) > > And about " Connecting to LDAP server ldap://someIP:389/dc=foo,dc=bar as > cn=administrator,dc=foo,dc=bar", it seems your credentials are rejected or > the admin distinguished name does not exist. > > Hope it helps > > Natan > > On Tue, Jan 3, 2012 at 2:08 PM, Che H M <[email protected]> wrote: > > > > Dear, > > I am currently testing the LSC stable version 1.2.1. > and I'm using the Howto, described on the lsc-project.org. > > When I perform a dry run I come across several problems. > > > root@ldap:/home/user/lsc# bin/lsc -f etc -c all -s all -n > Jan 03 13:57:51 - INFO - Starting sync for ADuser > Jan 03 13:57:51 - INFO - Connecting to LDAP server > ldap://localhost:389/dc=fooz,dc=barz as cn=superUser,dc=fooz,dc=barz > Jan 03 13:57:51 - ERROR - Error while looking for > (&objectClass=inetOrgPerson)(uid=userX)) in ou=cc: > javax.naming.directory.InvalidSearchFilterException: Unbalanced > parenthesis; remaining name 'ou=cc' > Jan 03 13:57:51 - ERROR - Error while synchronizing ID {uid=userX}: > javax.naming.directory.InvalidSearchFilterException: Unbalanced > parenthesis; remaining name 'ou=cc' > Jan 03 13:57:51 - ERROR - Error while looking for > (&objectClass=inetOrgPerson)(uid=userY)) in ou=cc: > javax.naming.directory.InvalidSearchFilterException: Unbalanced > parenthesis; remaining name 'ou=cc' > Jan 03 13:57:51 - ERROR - Error while synchronizing ID {uid=userY}: > javax.naming.directory.InvalidSearchFilterException: Unbalanced > parenthesis; remaining name 'ou=cc' > Jan 03 13:57:51 - ERROR - All entries: 2, to modify entries: 0, modified > entries: 0, errors: 2 > Jan 03 13:57:51 - INFO - Starting clean for ADuser > Jan 03 13:57:51 - INFO - Connecting to LDAP server > ldap://someIP:389/dc=foo,dc=bar as cn=administrator,dc=foo,dc=bar > Jan 03 13:57:51 - ERROR - Error opening the LDAP connection to the > destination! > Jan 03 13:57:51 - ERROR - java.lang.RuntimeException: > javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: > LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, > v1db1] > Last log file line: Jan 03 13:57:51 - ERROR - java.lang.RuntimeException: > javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: > LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, > v1db1] > > > I've noticed that someone else posted such error before and no reply has > been given... > > > Thanks in advance. > > Kind regards > > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] > http://lists.lsc-project.org/listinfo/lsc-users > > > > > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] > http://lists.lsc-project.org/listinfo/lsc-users > >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
