Hi Roy, Can you try to add the following attribute to the node: <select id= "getUidPwResult" parameterClass="java.util.Map">
resultClass="java.util.HashMap" I think that it may solve your issue. Regards, -- Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2012/6/26 Roy McMorran <[email protected]> > ** > Hi Sébastien, > > > On 6/25/12 6:00 PM, Sébastien Bahloul wrote: > > Hi Roy, > > I've looked inside the code to check why this occured and the only > reason I found is that the API we use to search inside the database is > providing us a 0 entries result even if according to the network capture, > one entry is returned after the correponsding SQL request. Can you pastebin > your complete SQL configuration file ? > > > http://pastebin.com/y7q4RcAN > http://pastebin.com/PVTtCpJs > > > FYI: The message that include id=adent is only because LSC uses one > main identifier which is in your case the uid attribute value. > > > Thank you. > > > Regards, > > -- > Sebastien BAHLOUL > IAM / Security specialist > Ldap Synchronization Connector : http://lsc-project.org > Blog : http://sbahloul.wordpress.com/ > > > > 2012/6/25 Roy McMorran <[email protected]> > >> Hi Sébastien, >> >> >> On 6/25/12 7:40 AM, Sébastien Bahloul wrote: >> >>> Hi Roy, >>> >>> Sorry but I don't understand what is the problem you are facing. >>> >> >> It is odd isn't it! >> >> >> Can you try two things : >>> - first try to catch the network stream through a wireshark network >>> capture >>> >> >> PostgreSQL server traffic: I see the initial query (id=getUidPwList) >> and it returns the result I expect (one column table of all the uids). >> Then the iteration of the second query (id=getUidPwResult) which does >> select "uid, unicodepw,cn from usercns where uid=$1" with the bind variable >> $1 equal to each uid (as expected). This again returns the correct row for >> every uid. >> >> AD server traffic: Strangely all I see is the bind, which is successful, >> then there is nothing more! >> >> The entire capture is at http://pastebin.com/a7p4GkeU >> >> Note that I had to switch to non-TLS to get the capture, but it does not >> seem to matter. I changed the destination attribute to "description" so >> that TLS/SSL to the AD server should not be required. >> >> >> - second, modify the logback.xml file to active a DEBUG loglevel >>> (instead of INFO) >>> >> >> It is all at DEBUG already (you can see some output tagged DEBUG below) >> >> Jun 25 15:29:46 - DEBUG - Loading XML configuration from: /etc/lsc/lsc.xml >> Jun 25 15:29:46 - INFO - Logging configuration successfully loaded from >> /etc/lsc/logback.xml >> Jun 25 15:29:46 - INFO - LSC configuration successfully loaded from >> /etc/lsc/ >> Jun 25 15:29:46 - INFO - Connecting to LDAP server ldap:// >> dc1.mdibl.net:389/DC=mdibl,DC=net as CN=lscsync,CN=Users,DC=mdibl,DC=net >> Jun 25 15:29:46 - DEBUG - Reading sql-map-config.xml from >> file:/etc/lsc/sql-map-config.xml >> Jun 25 15:29:47 - WARN - No clean request has been specified for >> task=syncPasswords. During the clean phase, LSC wouldn't be able to get the >> right entries and may delete all destination entries ! >> Jun 25 15:29:47 - INFO - Starting sync for syncPasswords >> Jun 25 15:29:47 - DEBUG - Synchronizing syncPasswords for {uid=adent} >> Jun 25 15:29:47 - ERROR - Unable to get object for id=adent >> Jun 25 15:29:47 - ERROR - All entries: 1, to modify entries: 0, modified >> entries: 0, errors: 1 >> >> Is there a way to get more verbosity for the AD interactions? >> >> Is it relevant that the error says "id=adent" rather than "uid=adent"? >> The uid is the unique attribute for both source and destination. >> >> Thank you , >> Roy >> >> >> -- >> Roy McMorran >> Systems Administrator >> MDI Biological Laboratory >> [email protected] >> >> > > > -- > Roy McMorran > Systems Administrator > MDI Biological [email protected] > >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
