Greetings,
Another LSC question, this time syncing from a database to active
directory... any advice would be most appreciated.
I have a table of uid, password and cn in a PostgreSQL database, e.g.:
db=# select * from usercns where uid='adent';
uid | unicodepwd | cn
-------+------------+-------------
adent | ******* | Arthur Dent
(1 row)
I'd like to stuff those passwords into AD. However, I'm getting "unable
to get object id=adent" when I test the synchronization:
$ lsc -f /etc/lsc -s pg2ad_pw
Jun 21 14:18:54 - DEBUG - Reading configuration from /etc/lsc/
Jun 21 14:18:54 - DEBUG - Loading configuration url:
file:/etc/lsc/lsc.properties
Jun 21 14:18:54 - INFO - Starting sync for pg2ad_pw
Jun 21 14:18:54 - DEBUG - Reading sql-map-config.xml from
file:/etc/lsc/sql-map-config.xml
Jun 21 14:18:55 - DEBUG - Adding 'K' sync type for attribute name default.
Jun 21 14:18:55 - DEBUG - Adding 'F' sync type for attribute name
unicodePwd.
Jun 21 14:18:55 - DEBUG - Synchronizing pg2ad_pw for {uid=adent}
Jun 21 14:18:55 - ERROR - Unable to get object for id=adent
Jun 21 14:18:55 - ERROR - All entries: 1, to modify entries: 0, modified
entries: 0, errors: 1
I have DEBUG defined in my logback.xml file but it's not giving me any
useful clues.
I assume that error refers to the 'object' in the destination (AD),
because I've confirmed it's querying the database successfully.
However, that DN does exist in AD:
$ /usr/bin/ldapsearch -x -ZZ -b cn=users,dc=example,dc=net -h dc1.example.net
-LL -D CN=lscsync,CN=Users,DC=example,DC=net -w ******** 'cn=Arthur Dent' uid
version: 1
dn: CN=Arthur Dent,CN=Users,DC=example,DC=net
uid: adent
I'm sure I've just missed something in the configuration, but so far
I've been unable to suss it out. Any suggestions?
Here are the configuration files I'm using:
# lsc.properties
src.database.driver = org.postgresql.Driver
src.database.url = jdbc:postgresql://dbsrv.example.net:5432/********
src.database.username = ********
src.database.password = ********
dst.java.naming.provider.url =ldap://dc1.example.net:389/DC=example,DC=net
dst.java.naming.security.authentication = simple
dst.java.naming.security.principal = CN=lscsync,CN=Users,DC=example,DC=net
dst.java.naming.security.credentials = ********
dst.java.naming.tls = true
dst.java.naming.referral = ignore
dst.java.naming.ldap.derefAliases = never
dst.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory
dst.java.naming.ldap.version = 3
lsc.tasks = pg2ad_pw
lsc.tasks.pg2ad_pw.type = db2ldap
lsc.tasks.pg2ad_pw.srcService = org.lsc.service.SimpleJdbcSrcService
lsc.tasks.pg2ad_pw.srcService.requestNameForList = getUidPwList
lsc.tasks.pg2ad_pw.srcService.requestNameForObject = getUidPwResult
lsc.tasks.pg2ad_pw.dstService = org.lsc.jndi.SimpleJndiDstService
lsc.tasks.pg2ad_pw.dstService.baseDn = CN=Users
lsc.tasks.pg2ad_pw.dstService.filterAll =
(&(objectClass=inetOrgPerson)(sAMAccountName=*))
lsc.tasks.pg2ad_pw.dstService.pivotAttrs = uid
lsc.tasks.pg2ad_pw.dstService.filterId =
(&(objectClass=inetOrgPerson)(|(uid={uid})(sAMAccountName={uid})))
lsc.tasks.pg2ad_pw.dstService.attrs = uid unicodePwd cn
lsc.tasks.pg2ad_pw.bean = org.lsc.beans.SimpleBean
lsc.tasks.pg2ad_pw.dn = "CN=" + srcBean.getAttributeValueById("cn") +
",CN=Users"
dn.real_root = DC=example,DC=net
lsc.syncoptions.pg2ad_pw = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.pg2ad_pw.default.action = K
lsc.syncoptions.pg2ad_pw.default.delimiter = $
lsc.syncoptions.pg2ad_pw.unicodePwd.action = F
lsc.syncoptions.pg2ad_pw.unicodePwd.force_value =
srcBean.getAttributeValueById("unicodepwd")
# sql-map-config.xml:
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE sqlMapConfig
PUBLIC "-//ibatis.apache.org//DTD SQL Map Config 2.0//EN"
"http://ibatis.apache.org/dtd/sql-map-config-2.dtd";>
<sqlMapConfig>
<transactionManager type="JDBC">
<dataSource type="SIMPLE">
<property value="${driver}" name="JDBC.Driver" />
<property value="${url}" name="JDBC.ConnectionURL" />
<property value="${username}" name="JDBC.Username"/>
<property value="${password}" name="JDBC.Password"/>
<property value="15" name="Pool.MaximumActiveConnections"/>
<property value="15" name="Pool.MaximumIdleConnections"/>
<property value="1000" name="Pool.MaximumWait"/>
</dataSource>
</transactionManager>
<sqlMap url="file://${lsc.config}/sql-map-config.d/getUidPw.xml"/>
</sqlMapConfig>
# sql-map-config.d/getUidPw.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE sqlMap
PUBLIC "-//ibatis.apache.org//DTD SQL Map 2.0//EN"
"http://ibatis.apache.org/dtd/sql-map-2.dtd";>
<sqlMap>
<select id="getUidPwList" resultClass="java.util.HashMap">
SELECT uid
FROM usercns
WHERE uid = 'adent'
</select>
<select id="getUidPwResult" parameterClass="java.util.Map">
SELECT
uid,
unicodepwd,
cn
FROM usercns
WHERE uid = #uid#
</select>
</sqlMap>
Thanks and best wishes,
--
Roy McMorran
Systems Administrator
MDI Biological Laboratory
[email protected]
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
