Hi Jurgen, It seems that the network connection is broken. Can you check that a firewall is not hanging up or a timeout on the LDAP server ?
Regards, -- Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2012/8/15 Jurgen Weber <[email protected]> > Ok, with your wonderful help I am finally through all the syntax > errors..... Now its time to actually get it to sync something. > > When I run it, I get: > > Aug 15 16:25:45 - ERROR - Error while looking for > (&(objectClass=posixAccount)(uid=USERNAME)) in ou=People,dc=asdf,dc=matrix: > javax.naming.CommunicationException: Broken pipe [Root exception is > java.net.SocketException: Broken pipe]; remaining name 'ou=asdf,dc=iconic' > > What does that errore mean? > > Thanks > > > > On 15/08/12 14:59, dunkan wrote: > > With this parser order matters, reorder your elements to match the order > in the doc and it should work out ok. > > > On Tue, Aug 14, 2012 at 9:38 PM, Jurgen Weber < > [email protected]> wrote: > >> ok, thanks... I am now stuck at: >> >> Aug 15 13:44:15 - ERROR - org.lsc.exception.LscConfigurationException: >> javax.xml.bind.UnmarshalException >> - with linked exception: >> [org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content >> was found starting with element 'pivotAttributes'. One of '{ >> "http://lsc-project.org/XSD/lsc-core-2.0.xsd";<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:cleanFilter, >> "http://lsc-project.org/XSD/lsc-core-2.0.xsd";<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:filterAsync, >> "http://lsc-project.org/XSD/lsc-core-2.0.xsd";<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:dateFormat, >> "http://lsc-project.org/XSD/lsc-core-2.0.xsd";<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:interval}' >> is expected.] >> >> org.lsc.exception.LscConfigurationException: >> javax.xml.bind.UnmarshalException >> - with linked exception: >> [org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content >> was found starting with element 'pivotAttributes'. One of '{ >> "http://lsc-project.org/XSD/lsc-core-2.0.xsd";<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:cleanFilter, >> "http://lsc-project.org/XSD/lsc-core-2.0.xsd";<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:filterAsync, >> "http://lsc-project.org/XSD/lsc-core-2.0.xsd";<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:dateFormat, >> "http://lsc-project.org/XSD/lsc-core-2.0.xsd";<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:interval}' >> is expected.] >> >> >> with the config file: >> >> <lsc >> xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd";<http://lsc-project.org/XSD/lsc-core-2.0.xsd>revision="0"> >> <connections> >> <ldapConnection> >> <name>AD</name> >> <url>ldap://ad.nav.matrix:389/dc=asdfasdf,dc=local</url> >> <username>CN=Administrator,CN=Users,DC=asdfasdf,DC=local</username> >> <password>asdf</password> >> <authentication>SIMPLE</authentication> >> >> <pageSize>1000</pageSize> >> </ldapConnection> >> <ldapConnection> >> <name>openldap</name> >> <url>ldap://asdf.asdf.asdf:389/dc=matrix</url> >> <username>cn=asdf,dc=matrix</username> >> <password>asdf</password> >> <authentication>SIMPLE</authentication> >> >> </ldapConnection> >> </connections> >> <tasks> >> <task> >> <name>adUser</name> >> <bean>org.lsc.beans.SimpleBean</bean> >> <ldapSourceService> >> <name>openldap-src-service</name> >> <connection reference="openldap" /> >> <baseDn>ou=People</baseDn> >> <getAllFilter>(objectClass=posixAccount)</getAllFilter> >> >> <getOneFilter>(&(objectClass=posixAccount)(uid={uid}))</getOneFilter> >> >> <cleanFilter>(&(objectClass=posixAccount)(uid=*))</cleanFilter> >> <filterAsync>modifytimestamp>={0}</filterAsync> >> <dateFormat>yyyyMMddHHmmss</dateFormat> >> <interval>5</interval> >> >> <pivotAttributes><string>uid</string></pivotAttributes> >> <fetchedAttributes> >> <string>cn</string> >> <string>ns</string> >> <string>objectclass</string> >> <string>uid</string> >> <string>mail</string> >> <string>userPassword</string> >> <string>sambaNTPassword</string> >> </fetchedAttributes> >> </ldapSourceService> >> <ldapDestinationService> >> <name>ad-dst-service</name> >> <connection reference="AD" /> >> <baseDn>CN=Users</baseDn> >> >> <getAllFilter>(&(sAMAccountName=*)(objectClass=user))</getAllFilter> >> >> >> <getOneFilter>(&(objectClass=user)(sAMAccountName={uid}))</getOneFilter> >> >> <pivotAttributes><string>sAMAccountName</string></pivotAttributes> >> <fetchedAttributes> >> <string>cn</string> >> <string>ns</string> >> <string>objectclass</string> >> <string>uid</string> >> <string>mail</string> >> <string>userPassword</string> >> <string>sambaNTPassword</string> >> </fetchedAttributes> >> </ldapDestinationService> >> </task> >> </tasks> >> <audits> >> <audit> >> <csv> >> <filename>/tmp/audit.csv</filename> >> <append>true</append> >> <operations>create, delete</operations> >> <attrs>cn;dn;uid</attrs> >> <separator>,</separator> >> <outputHeader>true</outputHeader> >> </csv> >> </audit> >> <audit> >> <ldif> >> <filename>/tmp/audit.csv</filename> >> <append>true</append> >> <operations>create, delete</operations> >> <logOnlyLdif>true</LogOnlyLdif> >> </ldif> >> </audit> >> </audits> >> <security> >> <encryption> >> <keyfile>$LSC_HOME/etc/lsc.key</keyfile> >> <algorithm>AES</algorithm> >> <strength>128</strength> >> </encryption> >> </security> >> </lsc> >> >> any ideas? >> >> Thanks >> >> On 15/08/12 13:09, dunkan wrote: >> >> Yea I think most of the tutorials are outdated, look at >> http://lsc-project.org/wiki/documentation/2.0/configuration/service/sourceldap >> to >> see the syntax. >> >> Here is an example that I was using, some of it is optional. >> >> <tasks> >> <task> >> <name>adUser</name> >> <bean>org.lsc.beans.SimpleBean</bean> >> <ldapSourceService> >> <name>ad-src-service</name> >> <connection reference="AD" /> >> <baseDn>cn=Users,dc=itlab,dc=example,dc=com</baseDn> >> <pivotAttributes><string>sAMAccountName</string></pivotAttributes> >> <fetchedAttributes> >> <string>title</string> >> <string>cn</string> >> <string>uid</string> >> <string>uidNumber</string> >> <string>gidNumber</string> >> <string>sAMAccountName</string> >> <string>loginShell</string> >> <string>homeDirectory</string> >> <string>unixuserpassword</string> >> </fetchedAttributes> >> <getAllFilter>(& (objectClass=user) (sAMAccountName=*) >> (uidNumber=*))</getAllFilter> >> <getOneFilter>(& (objectClass=user) >> (uidNumber=*)(sAMAccountName={sAMAccountName}) )</getOneFilter> >> <cleanFilter>(& (objectClass=user) (sAMAccountName=*) >> (uidNumber=*))</cleanFilter> >> </ldapSourceService> >> >> >> >> -Joel >> >> On Tue, Aug 14, 2012 at 7:57 PM, Jurgen Weber < >> [email protected]> wrote: >> >>> Yeah, thanks. That has gotten me further. ;) So simple. >>> >>> Now I have a >>> >>> Aug 15 12:40:08 - ERROR - org.lsc.exception.LscConfigurationException: >>> javax.xml.bind.UnmarshalException >>> - with linked exception: >>> [org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content >>> was found starting with element 'source'. One of '{ >>> "http://lsc-project.org/XSD/lsc-core-2.0.xsd";<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:bean}' >>> is expected.] >>> org.lsc.exception.LscConfigurationException: >>> javax.xml.bind.UnmarshalException >>> - with linked exception: >>> [org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content >>> was found starting with element 'source'. One of '{ >>> "http://lsc-project.org/XSD/lsc-core-2.0.xsd";<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:bean}' >>> is expected.] >>> at >>> org.lsc.configuration.JaxbXmlConfigurationHelper.getConfiguration(JaxbXmlConfigurationHelper.java:172) >>> ~[lsc-core-2.0.jar:na] >>> >>> the problem seems to be this bit: >>> >>> <task> >>> <name>adUser</name> >>> <source class="ldapSrcService"> >>> <name>ad-src-service</name> >>> <baseDn>cn=Users</baseDn> >>> >>> I pulled this from: >>> >>> >>> http://lsc-project.org/wiki/documentation/2.0/tutorials/openldaptoactivedirectory >>> >>> So it looks like the tutorial is no longer valid? Is this from 1.? or >>> something and 2.0 has different syntax? >>> >>> Jurgen >>> >>> >>> On 15/08/12 12:49, dunkan wrote: >>> >>> Hi Jurgen, >>> >>> Add the xmlns to your lsc element, something like this: >>> >>> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; id="1" >>> revision="0"> >>> >>> -Joel >>> >>> On Tue, Aug 14, 2012 at 5:04 PM, Jurgen Weber < >>> [email protected]> wrote: >>> >>>> Hi >>>> >>>> I am trying to sync from openldap to AD and I can not get the xml to >>>> work.... All I get is the following exception: >>>> >>>> [org.xml.sax.SAXParseException: cvc-elt.1: Cannot find the declaration >>>> of element 'lsc'.] >>>> >>>> and yes, I have the element defined. Using version 2.0. Config file: >>>> >>>> <lsc> >>>> <connections> >>>> <ldapConnection> >>>> <id>AD</id> >>>> <authentication>simple</authentication> >>>> <url>ldap://asdfasdf:389/dc=asdf,dc=local</url> >>>> <username>CN=Administrator,CN=Users,DC=asdf,DC=local</username> >>>> <password>asdf</password> >>>> <pageSize>1000</pageSize> >>>> </ldapConnection> >>>> <ldapConnection> >>>> <id>openldap</id> >>>> <authentication>SIMPLE</authentication> >>>> <url>ldap://asdf:389/dc=matrix</url> >>>> <username>cn=admin,dc=matrix</username> >>>> <password>asdf</password> >>>> </ldapConnection> >>>> </connections> >>>> <tasks> >>>> <task> >>>> <name>adUser</name> >>>> <source class="ldapSrcService"> >>>> <name>ad-src-service</name> >>>> <baseDn>cn=Users</baseDn> >>>> <getAllFilter>(&(sAMAccountName=*)(objectClass=user))</getAllFilter> >>>> >>>> <getOneFilter>(&(objectClass=inetOrgPerson)(uid={uid}))</getOneFilter> >>>> <pivotAttributes><string>sAMAccountName</string></pivotAttributes> >>>> </source> >>>> <destination class="ldapDstService"> >>>> <name>openldap-dst-service</name> >>>> <baseDn>ou=People</baseDn> >>>> <getAllFilter>(&(uid=*)(objectClass=posixAccount))</getAllFilter> >>>> >>>> <getOneFilter>(&(objectClass=user)(sAMAccountName={uid}))</getOneFilter> >>>> <pivotAttributes><string>uid</string></pivotAttributes> >>>> </destination> >>>> <propertiesBasedSyncOptions> >>>> <mainIdentifier>"cn=" + srcBean.getDatasetFirstValueById("cn") + >>>> ",ou=users"</mainIdentifier> >>>> <defaultPolicy>FORCE</defaultPolicy> >>>> <defaultDelimiter>;</defaultDelimiter> >>>> <dataset> >>>> <name>objectClass</name> >>>> <policy>FORCE</policy> >>>> <forceValues> >>>> <string>"top";"user";"person";"organizationalPerson"</string> >>>> </forceValues> >>>> </dataset> >>>> <dataset> >>>> <name>sAMAccountName</name> >>>> <policy>KEEP</policy> >>>> <createValues> >>>> <string>srcBean.getDatasetFirstValueById("uid")</string> >>>> </createValues> >>>> </dataset> >>>> <dataset> >>>> <!-- userPrincipalName = uid + "@lsc-project.org" --> >>>> <name>userPrincipalName</name> >>>> <policy>FORCE</policy> >>>> <forceValues> >>>> <string>srcBean.getDatasetFirstValueById("uid") + >>>> "@asdf.local"</string> >>>> </forceValues> >>>> </dataset> >>>> <dataset> >>>> <name>userAccountControl</name> >>>> <policy>KEEP</policy> >>>> <createValues> >>>> <string>AD.userAccountControlSet( "0", >>>> [AD.UAC_SET_NORMAL_ACCOUNT])</string> >>>> </createValues> >>>> </dataset> >>>> <dataset> >>>> <!-- pwdLastSet = 0 to force user to change password on next >>>> connection --> >>>> <name>pwdLastSet</name> >>>> <policy>KEEP</policy> >>>> <createValues> >>>> <string>"1"</string> >>>> </createValues> >>>> </dataset> >>>> <dataset> >>>> <!-- unicodePwd = "changeit" at creation (requires SSL connection >>>> to AD) --> >>>> <name>unicodePwd</name> >>>> <policy>KEEP</policy> >>>> <createValues> >>>> <string>AD.getUnicodePwd("changeit")</string> >>>> </createValues> >>>> </dataset> >>>> </> >>>> </task> >>>> </tasks> >>>> </lsc> >>>> >>>> So what is wrong with this? >>>> >>>> Thanks >>>> >>>> -- >>>> Jurgen Weber >>>> >>>> Systems Engineer >>>> IT Infrastructure Team Leader >>>> >>>> THE ICONIC | E [email protected] | www.theiconic.com.au >>>> >>>> _______________________________________________________________ >>>> Ldap Synchronization Connector (LSC) - http://lsc-project.org >>>> >>>> lsc-users mailing list >>>> [email protected] >>>> http://lists.lsc-project.org/listinfo/lsc-users >>>> >>> >>> >>> -- >>> Jurgen Weber >>> >>> Systems Engineer >>> IT Infrastructure Team Leader >>> >>> THE ICONIC | E [email protected] | www.theiconic.com.au >>> >>> >> >> -- >> Jurgen Weber >> >> Systems Engineer >> IT Infrastructure Team Leader >> >> THE ICONIC | E [email protected] | www.theiconic.com.au >> >> > > -- > Jurgen Weber > > Systems Engineer > IT Infrastructure Team Leader > > THE ICONIC | E [email protected] | www.theiconic.com.au > > > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] > http://lists.lsc-project.org/listinfo/lsc-users > >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
