Hi All,
I have a problem creating/updating groups from OpenLDAP to AD
I created the following service for the Group transfer (which is
incomplete - lacking group membership details)
<task>
<name>Group</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>openldap-source-service-group</name>
<connection reference="ldap-src-conn" />
<baseDn>ou=group,dc=xxxx,dc=zzzz</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>description</string>
<string>cn</string>
<string>objectClass</string>
</fetchedAttributes>
<getAllFilter>(objectClass=posixGroup)</getAllFilter>
<getOneFilter>(&(objectClass=posixGroup)(cn={cn}))</getOneFilter>
<cleanFilter>(&(objectClass=posixGroup)(cn={cn}))</cleanFilter>
</ldapSourceService>
<ldapDestinationService>
<name>ad-dst-service-group</name>
<connection reference="ldap-dst-conn" />
<baseDn>ou=GroupTEST,ou=xxxxxxxx,dc=xxxx,dc=local</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>description</string>
<string>cn</string>
<string>name</string>
<string>objectClass</string>
</fetchedAttributes>
<getAllFilter>(objectClass=group)</getAllFilter>
<getOneFilter>(&(objectClass=group)(cn={cn}))</getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>"CN=" + srcBean.getDatasetFirstValueById("cn") +
",OU=GroupTEST,OU=xxxxx,DC=zzzz,DC=local"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<dataset>
<name>objectClass</name>
<policy>FORCE</policy>
<forceValues>
<string>"group"</string>
</forceValues>
</dataset>
<dataset>
<name>name</name>
<policy>KEEP</policy>
<createValues>
<string>js:srcBean.getDatasetFirstValueById("cn")</string>
</createValues>
</dataset>
</propertiesBasedSyncOptions>
</task>
The errors I get are as follows:
...
...
Oct 16 15:52:26 - ERROR - Error while looking for
(&(objectClass=group)(cn=icsrefunds)) in
ou=GroupTEST,ou=xxxx,dc=zzzz,dc=local:
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D:
NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=xxxx,DC=local'
]; remaining name 'ou=GroupTEST,ou=xxxx,dc=zzzz,dc=local'
Oct 16 15:52:26 - ERROR - Error while synchronizing ID {cn=icsrefunds}:
org.lsc.exception.LscServiceException:
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D:
NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=xxxx,DC=local'
]; remaining name 'ou=GroupTEST,ou=xxxx,dc=zzzz,dc=local'
Oct 16 15:52:26 - ERROR - Error while looking for
(&(objectClass=group)(cn=ioperations)) in
ou=GroupTEST,ou=xxxx,dc=zzzz,dc=local:
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D:
NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=xxxx,DC=local'
]; remaining name 'ou=GroupTEST,ou=xxxx,dc=zzzz,dc=local'
Oct 16 15:52:26 - ERROR - Error while synchronizing ID {cn=ioperations}:
org.lsc.exception.LscServiceException:
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D:
NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=xxxx,DC=local'
]; remaining name 'ou=GroupTEST,ou=xxxx,dc=zzzz,dc=local'
Oct 16 15:52:26 - ERROR - All entries: 28, to modify entries: 0,
successfully modified entries: 0, errors: 28
Oct 16 15:52:26 - INFO - Starting clean for Group
Oct 16 15:52:26 - ERROR - javax.naming.NameNotFoundException: [LDAP:
error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001
(NO_OBJECT), data 0, best match of:
'DC=theiconic,DC=local'
Oct 16 15:52:26 - ERROR - Empty or non existant destination (no IDs found)
I couldn't find an example for doing groups sync in V2.0. Does anyone
have such an example to use or point me in the right direction?
Thanks in advance.
--
*Regards,*
*GEORGE DOBSON *
SENIOR SYSTEMS ADMINISTRATOR
*THE ICONIC*| *M*+61 401 561 394 | *E*[email protected] |
*W*www.theiconic.com.au <http://www.theiconic.com.au/>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
