Re: [lsc-users] Sync - Update and Add - OpenLDAP to AD

Tue, 16 Oct 2012 16:23:31 -0700 

Thanks, Clément

I tried the AD.getUnicodePwd but got some errors, as follows.
Oct 17 10:18:00 - ERROR - Error while adding entry CN=Danila Santaniello,OU=UsersTEST,OU=The Iconic,DC=theiconic,DC=local in directory :javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0 
]; remaining name 'CN=Danila Santaniello,OU=UsersTEST,OU=The Iconic'
Oct 17 10:18:00 - ERROR - Error while synchronizing ID CN=Danila Santaniello,OU=UsersTEST,OU=The Iconic,DC=theiconic,DC=local: java.lang.Exception: Technical problem while applying modifications to the destination 
dn: CN=Danila Santaniello,OU=UsersTEST,OU=The Iconic,DC=theiconic,DC=local
changetype: add
mail: danila.santanie...@theiconic.com.au
samAccountName: dsantaniello
sn: Santaniello
cn: Danila Santaniello
userAccountControl: 544
unicodePwd:: IgBDACMAYQBuAGcAMwB0AGgAMQBzACIA
objectClass: user
givenName: Danila
This still however use a constant "new" password. What I actually meant to ask is if there's a known way to transfer the password for the user held in OpenLDAP. 

Regards,
George



On 10/16/2012 07:48 PM, Clément OUDOT wrote:

2012/10/16 George Dobson <george.dob...@theiconic.com.au>:

Further progress... I've changed the order of the objectClass  to be
alphabetical (or possibly just the fact that "user" is last) and this
worked. Users are being created and modified.

         <dataset>
           <name>objectClass</name>
           <policy>FORCE</policy>
           <forceValues>
             <string>"top";"organizationalPerson";"person";"user"</string>
           </forceValues>
         </dataset>


It would be better to have a <string> markup per value.



The question now is what do we do with the passwords. From what I can see in
the documentation is that the password cannot be created in AD and users
will have the change it at first login. Is there any way around this?

You can set a password in AD, see
http://lsc-project.org/wiki/documentation/2.0/configuration/syncoptions/activedirectory

Clément.



_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to