Further progress... I've changed the order of the objectClass to be
alphabetical (or possibly just the fact that "user" is last) and this
worked. Users are being created and modified.
<dataset>
<name>objectClass</name>
<policy>FORCE</policy>
<forceValues>
<string>"top";"organizationalPerson";"person";"user"</string>
</forceValues>
</dataset>
The question now is what do we do with the passwords. From what I can
see in the documentation is that the password cannot be created in AD
and users will have the change it at first login. Is there any way
around this?
Thanks, George
On 10/16/2012 12:07 PM, George Dobson wrote:
Thanks for the help David.
I uncommented the objectClass definitions below but still get the
following error:
Oct 16 10:54:01 - ERROR - Error while adding entry CN=xx
xx,OU=UsersTEST,OU=xxxx,DC=zzzz,DC=local in directory
:javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16
- 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute
conversion operation, data 0, v1db1]; remaining name 'CN=xx
xx,OU=UsersTEST,OU=xxxx'
Oct 16 10:54:01 - ERROR - Error while synchronizing ID CN=xx
xx,OU=UsersTEST,OU=xxxx,DC=zzzz,DC=local: java.lang.Exception:
Technical problem while applying modifications to the destination
dn: CN=xx xx,OU=UsersTEST,OU=xxxx,DC=zzzz,DC=local
Technical problem while applying modifications to the destination dn:
CN=xx xx,OU=UsersTEST,OU=xxxx,DC=zzzz,DC=local
changetype: add
mail: xx...@theiconic.com.au
samAccountName: nxxxxx
sn: xx
cn: xx xx
description: XXXXXX (xx...@theiconic.com.au)
userPassword: C#ang3th1s
objectClass: organizationalPerson
objectClass: person
objectClass: posixAccount
objectClass: gosaAccount
objectClass: sambaSamAccount
objectClass: gosaMailAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: top
givenName: xx
I compared the objectClass above the what's in AD, which by default is:
objectClass top; person; organizationalPerson; user
I'm currently playing around with options on how the create a matching
objectClass using the following example and the source objectClass
fetch commented:
<dataset>
<name>objectClass</name>
<policy>FORCE</policy>
<forceValues>
<string>"top";"user";"person";"organizationalPerson"</string>
</forceValues>
</dataset>
This results in a single objectClass line with only
organizationalPerson as a value. I also tried 4 individual dataset
definitions with a different value for each but that also produced the
same single objectClass result.
George
On 10/15/2012 07:17 PM, David Coutadeur wrote:
Hi George,
You don't seem to have any "objectClass" attribute in your
fetchedAttributes... So your entry cannot be added to your destination
directory.
You'll have to search what is a typical entry in your AD, and
specifically what are the object classes associated. (ie multivalued
attributes "objectClass")
David
Le 15/10/2012 10:05, George Dobson a écrit :
Hi,
I set up the following lsc.xml guided by various examples with good
progress but now I'm having trouble in adding new users to AD. Updating
existing users work correctly.
Error:
Oct 15 18:33:58 - ERROR - Error while adding entry CN=xx
xx,OU=UsersTEST,OU=xxxx,DC=zzzz,DC=local in directory
:javax.naming.directory.SchemaViolationException: [LDAP: error code 65 -
0000207B: UpdErr: DSID-030511CF, problem 6002 (OBJ_CLASS_VIOLATION), data 0
]; remaining name 'CN=xx xx,OU=UsersTEST,OU=xxxx'
Oct 15 18:33:58 - ERROR - Error while synchronizing ID
CN=xxxx,OU=UsersTEST,OU=xxxx,DC=zzzz,DC=local: java.lang.Exception:
Technical problem while applying modifications to the destination
dn: CN=xx xx,OU=UsersTEST,OU=xxxx,DC=zzzz,DC=local
changetype: add
mail:xx...@theiconic.com.au
samAccountName: nxxxxx
sn: xx
cn: xx xx
description: XXXXXX (xx...@theiconic.com.au)
userPassword: C#ang3th1s
givenName: xx
lsc.xml
<?xml version="1.0" ?>
<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; revision="0">
<connections>
<ldapConnection>
<name>ldap-src-conn</name>
<url>ldap://localhost:389/dc=dddd,dc=mmmm</url>
<username>uid=supersys,ou=People,dc=mmmm</username>
<password>qweqwe</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>-1</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
</ldapConnection>
<ldapConnection>
<name>ldap-dst-conn</name>
<url>ldap:/123.123.123.123:389/dc=zzzz,dc=local</url>
<username>CN=binduser,DC=zzzz,DC=local</username>
<password>bindpasswd</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>1000</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
</ldapConnection>
</connections>
<audits>
<csvAudit>
<name>csv</name>
<append>true</append>
<operations>create, delete</operations>
<file>/tmp/audit.csv</file>
<datasets>cn, dn</datasets>
<separator>;</separator>
</csvAudit>
<ldifAudit>
<name>ldif</name>
<append>false</append>
<file>/tmp/audit.ldif</file>
</ldifAudit>
</audits>
<tasks>
<task>
<name>People</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>openldap-source-service</name>
<connection reference="ldap-src-conn" />
<baseDn>ou=People,dc=dddd,dc=mmmm</baseDn>
<pivotAttributes>
<string>uid</string>
</pivotAttributes>
<fetchedAttributes>
<string>description</string>
<string>cn</string>
<string>sn</string>
<string>givenName</string>
<string>userPassword</string>
<!-- <string>objectClass</string> -->
<string>uid</string>
<string>mail</string>
</fetchedAttributes>
<getAllFilter>(objectClass=inetorgperson)</getAllFilter>
<getOneFilter>(&(objectClass=inetorgperson)
(uid={uid}))</getOneFilter>
<cleanFilter>(&(objectClass=inetorgperson)
(uid={samAccountName}))</cleanFilter>
</ldapSourceService>
<ldapDestinationService>
<name>ad-dst-service</name>
<connection reference="ldap-dst-conn" />
<baseDn>ou=UsersTEST,ou=xxxx</baseDn>
<pivotAttributes>
<string>samAccountName</string>
</pivotAttributes>
<fetchedAttributes>
<string>description</string>
<string>cn</string>
<string>sn</string>
<string>givenName</string>
<string>userPassword</string>
<!-- <string>objectClass</string> -->
<string>samAccountName</string>
<string>mail</string>
</fetchedAttributes>
<getAllFilter>(objectClass=user)</getAllFilter>
<getOneFilter>(&(objectClass=user)(samAccountName={uid}))</getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>"CN=" + srcBean.getDatasetFirstValueById("cn") +
",OU=UsersTEST,OU=xxxx,DC=zzzz,DC=local"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<dataset>
<name>description</name>
<policy>FORCE</policy>
<forceValues>
<string>js:srcBean.getDatasetFirstValueById("sn").toUpperCase() +
" (" + srcBean.getDatasetFirstValueById("mail") +
")"</string>
</forceValues>
</dataset>
<dataset>
<name>samAccountName</name>
<policy>KEEP</policy>
<createValues>
<string>js:srcBean.getDatasetFirstValueById("uid")</string>
</createValues>
</dataset>
<!--
<dataset>
<name>objectClass</name>
<policy>KEEP</policy>
<createValues>
<string>"user"</string>
</createValues>
</dataset>
-->
<dataset>
<name>userPassword</name>
<policy>KEEP</policy>
<createValues>
<string>"C#ang3th1s"</string>
</createValues>
</dataset>
</propertiesBasedSyncOptions>
</task>
</tasks>
</lsc>
I haven't implemented any security keys between the servers thinking it
wouldn't be required for this.
The attributes as shown in the output is sufficient info to create an
account manually.
Is there something incorrectly configured of am I missing additional
steps? Thanks in advance.
_______________________________________________________________
Ldap Synchronization Connector (LSC) -http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users
