Re: [lsc-users] Sync Groups from OpenLDAP to AD

Mon, 15 Oct 2012 23:51:16 -0700

Further feebdack on this... I had the baseDn wrong. With it set correctly I get th following errors: 


Oct 16 17:46:47 - ERROR - Error while adding entry 
CN=it-leadership,OU=GroupTEST,OU=The Iconic,DC=theiconic,DC=local in 
directory :javax.naming.NameNotFoundException: [LDAP: error code 32 - 
0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best 
match of:

    'OU=The Iconic,DC=theiconic,DC=local'
]; remaining name 'CN=it-leadership,OU=GroupTEST,OU=The Iconic'

Oct 16 17:46:47 - ERROR - Error while synchronizing ID 
CN=it-leadership,OU=GroupTEST,OU=The Iconic,DC=theiconic,DC=local: 
java.lang.Exception: Technical problem while applying modifications to 
the destination

dn: CN=it-leadership,OU=GroupTEST,OU=The Iconic,DC=theiconic,DC=local
changetype: add
cn: it-leadership
sAMAccountName: it-leadership
description: it leaders
name: it-leadership
objectClass: group

Thanks in advance.

George

On 10/16/2012 04:49 PM, George Dobson wrote:

Hi All,

I have a problem creating/updating groups from OpenLDAP to AD


I created the following service for the Group transfer (which is 
incomplete - lacking group membership details)


     <task>
      <name>Group</name>
      <bean>org.lsc.beans.SimpleBean</bean>
      <ldapSourceService>
        <name>openldap-source-service-group</name>
        <connection reference="ldap-src-conn" />
       <baseDn>ou=group,dc=xxxx,dc=zzzz</baseDn>
        <pivotAttributes>
          <string>cn</string>
        </pivotAttributes>
        <fetchedAttributes>
          <string>description</string>
          <string>cn</string>
          <string>objectClass</string>
        </fetchedAttributes>
<getAllFilter>(objectClass=posixGroup)</getAllFilter>
<getOneFilter>(&amp;(objectClass=posixGroup)(cn={cn}))</getOneFilter>
<cleanFilter>(&amp;(objectClass=posixGroup)(cn={cn}))</cleanFilter>
      </ldapSourceService>
      <ldapDestinationService>
        <name>ad-dst-service-group</name>
        <connection reference="ldap-dst-conn" />
<baseDn>ou=GroupTEST,ou=xxxxxxxx,dc=xxxx,dc=local</baseDn>
        <pivotAttributes>
          <string>cn</string>
        </pivotAttributes>
        <fetchedAttributes>
          <string>description</string>
          <string>cn</string>
          <string>name</string>
          <string>objectClass</string>
        </fetchedAttributes>
<getAllFilter>(objectClass=group)</getAllFilter>
<getOneFilter>(&amp;(objectClass=group)(cn={cn}))</getOneFilter>
      </ldapDestinationService>
      <propertiesBasedSyncOptions>
        <mainIdentifier>"CN=" + srcBean.getDatasetFirstValueById("cn") +
",OU=GroupTEST,OU=xxxxx,DC=zzzz,DC=local"</mainIdentifier>
        <defaultDelimiter>;</defaultDelimiter>
        <defaultPolicy>FORCE</defaultPolicy>
        <dataset>
          <name>objectClass</name>
          <policy>FORCE</policy>
          <forceValues>
            <string>"group"</string>
          </forceValues>
        </dataset>
        <dataset>
          <name>name</name>
          <policy>KEEP</policy>
          <createValues>
<string>js:srcBean.getDatasetFirstValueById("cn")</string>
          </createValues>
        </dataset>
      </propertiesBasedSyncOptions>
    </task>

The errors I get are as follows:

...
...

Oct 16 15:52:26 - ERROR - Error while looking for 
(&(objectClass=group)(cn=icsrefunds)) in 
ou=GroupTEST,ou=xxxx,dc=zzzz,dc=local: 
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: 
NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:

    'DC=xxxx,DC=local'
]; remaining name 'ou=GroupTEST,ou=xxxx,dc=zzzz,dc=local'

Oct 16 15:52:26 - ERROR - Error while synchronizing ID 
{cn=icsrefunds}: org.lsc.exception.LscServiceException: 
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: 
NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:

    'DC=xxxx,DC=local'
]; remaining name 'ou=GroupTEST,ou=xxxx,dc=zzzz,dc=local'

Oct 16 15:52:26 - ERROR - Error while looking for 
(&(objectClass=group)(cn=ioperations)) in 
ou=GroupTEST,ou=xxxx,dc=zzzz,dc=local: 
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: 
NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:

    'DC=xxxx,DC=local'
]; remaining name 'ou=GroupTEST,ou=xxxx,dc=zzzz,dc=local'

Oct 16 15:52:26 - ERROR - Error while synchronizing ID 
{cn=ioperations}: org.lsc.exception.LscServiceException: 
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: 
NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:

    'DC=xxxx,DC=local'
]; remaining name 'ou=GroupTEST,ou=xxxx,dc=zzzz,dc=local'

Oct 16 15:52:26 - ERROR - All entries: 28, to modify entries: 0, 
successfully modified entries: 0, errors: 28

Oct 16 15:52:26 - INFO  - Starting clean for Group

Oct 16 15:52:26 - ERROR - javax.naming.NameNotFoundException: [LDAP: 
error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 
(NO_OBJECT), data 0, best match of:

    'DC=theiconic,DC=local'
Oct 16 15:52:26 - ERROR - Empty or non existant destination (no IDs found)


I couldn't find an example for doing groups sync in V2.0. Does anyone 
have such an example to use or point me in the right direction?


Thanks in advance.

--

*Regards,*

*GEORGE DOBSON *
SENIOR SYSTEMS ADMINISTRATOR


*THE ICONIC*| *M*+61 401 561 394 | *E*[email protected] | 
*W*www.theiconic.com.au <http://www.theiconic.com.au/>





_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users






















					Reply via email to