2012/10/1 "POISSON Frédéric" <frederic.pois...@admin.gmessaging.net>: > Hello all, > > I'm looking to documentation on asyncLdapSourceService ( eg > http://lsc-project.org/wiki/documentation/2.0/configuration/service/sourceasyncldap). > It is written that LSC 2.0 is using change notification for an Active > Directory (explanation found on > http://msdn.microsoft.com/en-us/library/windows/desktop/aa772153%28v=vs.85%29.aspx). > > I was trying to run that configuration on LSC 2.0 from an Active directory > to an OpenLDAP with a : > > <getAllFilter><![CDATA[(&(objectClass=organizationalPerson)(objectClass=user)(sAMAccountName=*)(!(objectClass=computer)))]]></getAllFilter> > > But i have an error like this : > ERROR - Error while synchronizing ID null: > org.lsc.exception.LscServiceCommunicationException: 000020B9: SvcErr: > DSID-0311044B, problem 5003 (WILL_NOT_PERFORM), data 0 > > I made a tcpdump capture and i see that extension used is > 1.2.840.113556.1.4.528 and i have the same behavior with my OpenLDAP > ldapsearch command : > ldapsearch -x -LL -l 10 -H ldap://<Active Directory>/ -s sub -b'<Search > base>' -D"<Bind dn>" -w secret -e '!1.2.840.113556.1.4.528' > '(&(objectClass=organizationalPerson)(objectClass=user)(sAMAccountName=*)(!(objectClass=computer)))' > > I receive an unwilling to perform error code 53 : > Server is unwilling to perform (53) > Additional information: 000020B9: SvcErr: DSID-0311044B, problem 5003 > (WILL_NOT_PERFORM), data 0 > > And i don't have this error if i use a filter '(objectClass=*)' and i see > notification with my ldapsearch command and so on LSC can run correctly with > that filter. > > Is there an information i miss when i read the asyncLdapSourceService > documentation ? > Or is there any specific configuration on AD to have the correct behavior > with the right filter ?
Hi, I searched on the Web and found: http://msdn.microsoft.com/en-us/library/windows/desktop/aa366983%28v=vs.85%29.aspx Extract: The filter, (objectclass = *), is the only filter allowed on a persistent search. Seems not possible to use other filter with AD persistent search control. Clément. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list lsc-users@lists.lsc-project.org http://lists.lsc-project.org/listinfo/lsc-users
