Hi Sebastien, Got the thing workingThe filter shown in the error takes its information from from the "lsc.properties" file, once the filter error was solved it was ok. The remaining error was caused by an excessive baseDN in the file (former post: invalid attribute description; remaining name 'ou=cc') I'm working the attributes now. It deletes the user accounts from AD(compared to LDAP), but does not add yet user accounts yet. still working out the little pieces :)
RegardsChe From: [email protected] Date: Tue, 3 Jan 2012 19:12:16 +0100 Subject: Re: [lsc-users] errors running the example: synchronizing to/from Active Directory To: [email protected] CC: [email protected]; [email protected] Hi Che, Can you reexplain it ? It seems that your new filter is also incorrect : (&(objectClass=user)(sAMAccountName=userX)),(uid=userX) Try (&(objectClass=user)(sAMAccountName=userX)(uid=userX)) Regards,-- Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2012/1/3 Che H M <[email protected]> Great, It took me a while to use the ldapsearch, but it worked.Also works if you add the "cn=users" I just need to compare the src baseDN and dst baseDN... think there might be some mistake. Or I'll try the full DN again :) Jan 03 15:24:53 - ERROR - Error while looking for (&(objectClass=user)(sAMAccountName=userX)),(uid=userX) in ou=cc: javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'ou=cc' Jan 03 15:24:53 - ERROR - Error while synchronizing ID {uid=userX}: javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'ou=cc' Thanks ! ! Date: Tue, 3 Jan 2012 14:54:27 +0100 Subject: Re: [lsc-users] errors running the example: synchronizing to/from Active Directory From: [email protected] To: [email protected] CC: [email protected] you can use ldapsearch tool provided by ldaputils However it's odd to have cn=administrator,dc=foo,dc=bar. Maybe ldp.exe works negotiating, without specifiying the entire security context. Try to use cn=administrator,cn=users,dc=foo,dc=bar. Normally you find there the default administrative account in active directory Alternativerly maybe you 389 port is not listening in the right interface. Test from your Ubuntu machine if you are able to do a "telnet someIP 389". If it works then you are facing ldap security context issues... On Tue, Jan 3, 2012 at 2:45 PM, Che H M <[email protected]> wrote: Hi Natan, Thansk for the correctionFoolish of me not noticing the "(", anyway I have a syncronization error now, mainly caused by the connection error. If I manually connect using ldp.exe (from my windows 7 to my AD server) with the same credentials, it works. Thus CN=administrator is existing. I wonder if I must use SSL or not, it was not required when I connect manually.... dst.java.naming.provider.url = ldap://someIP:389/dc=foo,dc=bardst.java.naming.security.principal = cn=administrator,dc=foo,dc=bar Is there anything in Ubuntu which I can use to test an ldap connection to AD? Thanks Date: Tue, 3 Jan 2012 14:19:00 +0100 Subject: Re: [lsc-users] errors running the example: synchronizing to/from Active Directory From: [email protected] To: [email protected] CC: [email protected] Hi Che, your ldap filter seems wrong Try (&(objectClass=inetOrgPerson)(uid=userX)) instead of (&objectClass=inetOrgPerson)(uid=userX)) And about " Connecting to LDAP server ldap://someIP:389/dc=foo,dc=bar as cn=administrator,dc=foo,dc=bar", it seems your credentials are rejected or the admin distinguished name does not exist. Hope it helps Natan On Tue, Jan 3, 2012 at 2:08 PM, Che H M <[email protected]> wrote: Dear, I am currently testing the LSC stable version 1.2.1.and I'm using the Howto, described on the lsc-project.org. When I perform a dry run I come across several problems. root@ldap:/home/user/lsc# bin/lsc -f etc -c all -s all -nJan 03 13:57:51 - INFO - Starting sync for ADuser Jan 03 13:57:51 - INFO - Connecting to LDAP server ldap://localhost:389/dc=fooz,dc=barz as cn=superUser,dc=fooz,dc=barzJan 03 13:57:51 - ERROR - Error while looking for (&objectClass=inetOrgPerson)(uid=userX)) in ou=cc: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'ou=cc' Jan 03 13:57:51 - ERROR - Error while synchronizing ID {uid=userX}: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'ou=cc'Jan 03 13:57:51 - ERROR - Error while looking for (&objectClass=inetOrgPerson)(uid=userY)) in ou=cc: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'ou=cc' Jan 03 13:57:51 - ERROR - Error while synchronizing ID {uid=userY}: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'ou=cc'Jan 03 13:57:51 - ERROR - All entries: 2, to modify entries: 0, modified entries: 0, errors: 2 Jan 03 13:57:51 - INFO - Starting clean for ADuserJan 03 13:57:51 - INFO - Connecting to LDAP server ldap://someIP:389/dc=foo,dc=bar as cn=administrator,dc=foo,dc=barJan 03 13:57:51 - ERROR - Error opening the LDAP connection to the destination! Jan 03 13:57:51 - ERROR - java.lang.RuntimeException: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]Last log file line: Jan 03 13:57:51 - ERROR - java.lang.RuntimeException: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1] I've noticed that someone else posted such error before and no reply has been given... Thanks in advance. Kind regards _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
