Hi Roy, First, try to switch on the 2.0 branch because the 1.2 is quite old.
According to your configuration, can you try the following LDAP search to check that your AD DC is sending you the right answer : $ /usr/bin/ldapsearch -x -ZZ -b cn=users,dc=example,dc=net -h dc1.example.net -LL -D CN=lscsync,CN=Users,DC=**example,DC=net -w ******** '(&(objectClass=inetOrgPerson)(**|(uid=adent)(sAMAccountName=adent)))' uid Regards, -- Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2012/6/21 Roy McMorran <[email protected]> > Greetings, > > Another LSC question, this time syncing from a database to active > directory... any advice would be most appreciated. > > I have a table of uid, password and cn in a PostgreSQL database, e.g.: > > db=# select * from usercns where uid='adent'; > uid | unicodepwd | cn > -------+------------+---------**---- > adent | ******* | Arthur Dent > (1 row) > > I'd like to stuff those passwords into AD. However, I'm getting "unable > to get object id=adent" when I test the synchronization: > > $ lsc -f /etc/lsc -s pg2ad_pw > > Jun 21 14:18:54 - DEBUG - Reading configuration from /etc/lsc/ > Jun 21 14:18:54 - DEBUG - Loading configuration url: > file:/etc/lsc/lsc.properties > Jun 21 14:18:54 - INFO - Starting sync for pg2ad_pw > Jun 21 14:18:54 - DEBUG - Reading sql-map-config.xml from > file:/etc/lsc/sql-map-config.**xml > Jun 21 14:18:55 - DEBUG - Adding 'K' sync type for attribute name default. > Jun 21 14:18:55 - DEBUG - Adding 'F' sync type for attribute name > unicodePwd. > Jun 21 14:18:55 - DEBUG - Synchronizing pg2ad_pw for {uid=adent} > Jun 21 14:18:55 - ERROR - Unable to get object for id=adent > Jun 21 14:18:55 - ERROR - All entries: 1, to modify entries: 0, modified > entries: 0, errors: 1 > > I have DEBUG defined in my logback.xml file but it's not giving me any > useful clues. > > I assume that error refers to the 'object' in the destination (AD), > because I've confirmed it's querying the database successfully. However, > that DN does exist in AD: > > $ /usr/bin/ldapsearch -x -ZZ -b cn=users,dc=example,dc=net -h > dc1.example.net -LL -D CN=lscsync,CN=Users,DC=**example,DC=net -w > ******** 'cn=Arthur Dent' uid > version: 1 > > dn: CN=Arthur Dent,CN=Users,DC=example,DC=**net > uid: adent > > I'm sure I've just missed something in the configuration, but so far I've > been unable to suss it out. Any suggestions? > > Here are the configuration files I'm using: > > # lsc.properties > > src.database.driver = org.postgresql.Driver > src.database.url = > jdbc:postgresql://dbsrv.**example.net:5432/********<http://dbsrv.example.net:5432/********> > src.database.username = ******** > src.database.password = ******** > dst.java.naming.provider.url =ldap://dc1.example.net:389/** > DC=example,DC=net <http://dc1.example.net:389/DC=example,DC=net> > dst.java.naming.security.**authentication = simple > dst.java.naming.security.**principal = CN=lscsync,CN=Users,DC=** > example,DC=net > dst.java.naming.security.**credentials = ******** > dst.java.naming.tls = true > dst.java.naming.referral = ignore > dst.java.naming.ldap.**derefAliases = never > dst.java.naming.factory.**initial = com.sun.jndi.ldap.**LdapCtxFactory > dst.java.naming.ldap.version = 3 > lsc.tasks = pg2ad_pw > lsc.tasks.pg2ad_pw.type = db2ldap > lsc.tasks.pg2ad_pw.srcService = org.lsc.service.**SimpleJdbcSrcService > lsc.tasks.pg2ad_pw.srcService.**requestNameForList = getUidPwList > lsc.tasks.pg2ad_pw.srcService.**requestNameForObject = getUidPwResult > lsc.tasks.pg2ad_pw.dstService = org.lsc.jndi.**SimpleJndiDstService > lsc.tasks.pg2ad_pw.dstService.**baseDn = CN=Users > lsc.tasks.pg2ad_pw.dstService.**filterAll = (&(objectClass=inetOrgPerson)( > **sAMAccountName=*)) > lsc.tasks.pg2ad_pw.dstService.**pivotAttrs = uid > lsc.tasks.pg2ad_pw.dstService.**filterId = (&(objectClass=inetOrgPerson)(* > *|(uid={uid})(sAMAccountName={**uid}))) > lsc.tasks.pg2ad_pw.dstService.**attrs = uid unicodePwd cn > lsc.tasks.pg2ad_pw.bean = org.lsc.beans.SimpleBean > lsc.tasks.pg2ad_pw.dn = "CN=" + srcBean.getAttributeValueById(**"cn") + > ",CN=Users" > dn.real_root = DC=example,DC=net > lsc.syncoptions.pg2ad_pw = org.lsc.beans.syncoptions.** > PropertiesBasedSyncOptions > lsc.syncoptions.pg2ad_pw.**default.action = K > lsc.syncoptions.pg2ad_pw.**default.delimiter = $ > lsc.syncoptions.pg2ad_pw.**unicodePwd.action = F > lsc.syncoptions.pg2ad_pw.**unicodePwd.force_value = > srcBean.getAttributeValueById(**"unicodepwd") > > > # sql-map-config.xml: > > <?xml version="1.0" encoding="UTF-8" ?> > <!DOCTYPE sqlMapConfig > PUBLIC "-//ibatis.apache.org//DTD SQL Map Config 2.0//EN" > > "http://ibatis.apache.org/dtd/**sql-map-config-2.dtd<http://ibatis.apache.org/dtd/sql-map-config-2.dtd> > "> > <sqlMapConfig> > <transactionManager type="JDBC"> > <dataSource type="SIMPLE"> > <property value="${driver}" name="JDBC.Driver" /> > <property value="${url}" name="JDBC.ConnectionURL" /> > <property value="${username}" name="JDBC.Username"/> > <property value="${password}" name="JDBC.Password"/> > <property value="15" name="Pool.**MaximumActiveConnections"/> > <property value="15" name="Pool.**MaximumIdleConnections"/> > <property value="1000" name="Pool.MaximumWait"/> > </dataSource> > </transactionManager> > <sqlMap url="file://${lsc.config}/sql-**map-config.d/getUidPw.xml"/> > > </sqlMapConfig> > > > # sql-map-config.d/getUidPw.xml > > <?xml version="1.0" encoding="UTF-8" ?> > <!DOCTYPE sqlMap > PUBLIC "-//ibatis.apache.org//DTD SQL Map 2.0//EN" > > "http://ibatis.apache.org/dtd/**sql-map-2.dtd<http://ibatis.apache.org/dtd/sql-map-2.dtd> > "> > <sqlMap> > <select id="getUidPwList" resultClass="java.util.**HashMap"> > SELECT uid > FROM usercns > WHERE uid = 'adent' > </select> > <select id="getUidPwResult" parameterClass="java.util.Map"**> > SELECT > uid, > unicodepwd, > cn > FROM usercns > WHERE uid = #uid# > </select> > </sqlMap> > > > Thanks and best wishes, > > -- > Roy McMorran > Systems Administrator > MDI Biological Laboratory > [email protected] > > > ______________________________**______________________________**___ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected].**org <[email protected]> > http://lists.lsc-project.org/**listinfo/lsc-users<http://lists.lsc-project.org/listinfo/lsc-users> >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
