Brilliant, yes that did it! I suspected that I missed something,
somewhere in the configuration, apparently yes.
Merci beaucoup Sébastien!
On 6/26/12 3:31 AM, Sébastien Bahloul wrote:
Hi Roy,
Can you try to add the following attribute to the node:
<selectid="getUidPwResult"parameterClass="java.util.Map">
resultClass="java.util.HashMap"
I think that it may solve your issue.
Regards,
--
Sebastien BAHLOUL
IAM / Security specialist
Ldap Synchronization Connector : http://lsc-project.org
Blog : http://sbahloul.wordpress.com/
2012/6/26 Roy McMorran <[email protected] <mailto:[email protected]>>
Hi Sébastien,
On 6/25/12 6:00 PM, Sébastien Bahloul wrote:
Hi Roy,
I've looked inside the code to check why this occured and the
only reason I found is that the API we use to search inside the
database is providing us a 0 entries result even if according to
the network capture, one entry is returned after the
correponsding SQL request. Can you pastebin your complete SQL
configuration file ?
http://pastebin.com/y7q4RcAN
http://pastebin.com/PVTtCpJs
FYI: The message that include id=adent is only because LSC uses
one main identifier which is in your case the uid attribute value.
Thank you.
Regards,
--
Sebastien BAHLOUL
IAM / Security specialist
Ldap Synchronization Connector : http://lsc-project.org
Blog : http://sbahloul.wordpress.com/
2012/6/25 Roy McMorran <[email protected]
<mailto:[email protected]>>
Hi Sébastien,
On 6/25/12 7:40 AM, Sébastien Bahloul wrote:
Hi Roy,
Sorry but I don't understand what is the problem you are
facing.
It is odd isn't it!
Can you try two things :
- first try to catch the network stream through a
wireshark network capture
PostgreSQL server traffic: I see the initial query
(id=getUidPwList) and it returns the result I expect (one
column table of all the uids). Then the iteration of the
second query (id=getUidPwResult) which does select "uid,
unicodepw,cn from usercns where uid=$1" with the bind
variable $1 equal to each uid (as expected). This again
returns the correct row for every uid.
AD server traffic: Strangely all I see is the bind, which is
successful, then there is nothing more!
The entire capture is at http://pastebin.com/a7p4GkeU
Note that I had to switch to non-TLS to get the capture, but
it does not seem to matter. I changed the destination
attribute to "description" so that TLS/SSL to the AD server
should not be required.
- second, modify the logback.xml file to active a DEBUG
loglevel (instead of INFO)
It is all at DEBUG already (you can see some output tagged
DEBUG below)
Jun 25 15:29:46 - DEBUG - Loading XML configuration from:
/etc/lsc/lsc.xml
Jun 25 15:29:46 - INFO - Logging configuration successfully
loaded from /etc/lsc/logback.xml
Jun 25 15:29:46 - INFO - LSC configuration successfully
loaded from /etc/lsc/
Jun 25 15:29:46 - INFO - Connecting to LDAP server
ldap://dc1.mdibl.net:389/DC=mdibl,DC=net
<http://dc1.mdibl.net:389/DC=mdibl,DC=net> as
CN=lscsync,CN=Users,DC=mdibl,DC=net
Jun 25 15:29:46 - DEBUG - Reading sql-map-config.xml from
file:/etc/lsc/sql-map-config.xml
Jun 25 15:29:47 - WARN - No clean request has been specified
for task=syncPasswords. During the clean phase, LSC wouldn't
be able to get the right entries and may delete all
destination entries !
Jun 25 15:29:47 - INFO - Starting sync for syncPasswords
Jun 25 15:29:47 - DEBUG - Synchronizing syncPasswords for
{uid=adent}
Jun 25 15:29:47 - ERROR - Unable to get object for id=adent
Jun 25 15:29:47 - ERROR - All entries: 1, to modify entries:
0, modified entries: 0, errors: 1
Is there a way to get more verbosity for the AD interactions?
Is it relevant that the error says "id=adent" rather than
"uid=adent"? The uid is the unique attribute for both source
and destination.
Thank you ,
Roy
--
Roy McMorran
Systems Administrator
MDI Biological Laboratory
[email protected] <mailto:[email protected]>
--
Roy McMorran
Systems Administrator
MDI Biological Laboratory
[email protected] <mailto:[email protected]>
--
Roy McMorran
Systems Administrator
MDI Biological Laboratory
[email protected]
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
