Re: [lsc-users] Sync AD --> OpenLDAP help needed

Joel Foote Fri, 19 Oct 2012 17:56:18 -0700

Overall this looks pretty clean, nice straight forward setup. Your LDAP
getonefilter is wrong though, could that be your snag?


<getOneFilter>(objectclass=*)(cn={cn})</getOneFilter>
should be
<getOneFilter>(&amp; (objectclass=*)(cn={cn}))</getOneFilter>

-Joel

On Fri, Oct 19, 2012 at 5:43 PM, Mike Svoboda <[email protected]> wrote:

>  I'm trying to get a sync of active directory to dump into OpenLDAP.  I
> can see Active Directory being queried, and it looks like LSC is querying
> OpenLDAP at the destination saying that entries don't exist, but, LSC isn't
> creating them.
>
>  Can someone please help?  I'm going nuts here trying to figure this out.
>  I'm 3x days into this and haven't figured it out yet.  Here's my lsc.xml
>
>       1 <?xml version="1.0" ?>
>      2 <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; id="1"
> xmlns:nis="http://lsc-project.org/XSD/lsc-nis-plugin-1.0"; revision="0">
>      3  <connections>
>      4    <ldapConnection>
>      5      <name>Active_Directory</name>
>      6      <url>xxxxxxx</url>
>      7      <username>xxxxxxxx</username>
>      8      <password>xxxxxxxxx</password>
>      9      <authentication>SIMPLE</authentication>
>     10      <referral>IGNORE</referral>
>     11      <derefAliases>NEVER</derefAliases>
>     12      <version>VERSION_3</version>
>     13      <pageSize>1000</pageSize>
>     14      <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
>     15      <tlsActivated>false</tlsActivated>
>     16    </ldapConnection>
>     17
>     18    <ldapConnection>
>     19      <name>OpenLDAP</name>
>     20      <url>xxxxxxxxx</url>
>     21      <username>xxxxxxxxxx</username>
>     22      <password>xxxxxxxx</password>
>     23      <authentication>SIMPLE</authentication>
>     24      <referral>IGNORE</referral>
>     25      <derefAliases>NEVER</derefAliases>
>     26      <version>VERSION_3</version>
>     27      <pageSize>-1</pageSize>
>     28      <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
>     29      <tlsActivated>false</tlsActivated>
>     30    </ldapConnection>
>     31  </connections>
>     32
>     33  <tasks>
>     34    <task>
>     35      <name>Sync_Active_Directory_Users</name>
>     36      <bean>org.lsc.beans.SimpleBean</bean>
>     37
>     38      <ldapSourceService>
>     39        <name>ad-src-service</name>
>     40        <connection reference="Active_Directory" />
>     41        <baseDn>ou=staff users,dc=linkedin,dc=biz</baseDn>
>     42        <pivotAttributes><string>cn</string></pivotAttributes>
>     43        <fetchedAttributes>
>     44          <string>cn</string>
>     45          <string>description</string>
>     46          <string>name</string>
>     47          <string>objectclass</string>
>     48        </fetchedAttributes>
>     49 <getAllFilter>(objectClass=organizationalPerson)</getAllFilter>
>     50
> <getOneFilter>(&amp;(objectClass=organizationalPerson)(cn={cn}))</getOneFilter>
>     51      </ldapSourceService>
>     52
>     53      <ldapDestinationService>
>     54        <name>openldap-dst-service</name>
>     55        <connection reference="OpenLDAP" />
>     56        <baseDn>ou=staff users,dc=linkedin,dc=biz</baseDn>
>     57        <pivotAttributes><string>cn</string></pivotAttributes>
>     58        <fetchedAttributes>
>     59          <string>cn</string>
>     60  <string>description</string>
>     61          <string>objectclass</string>
>     62          <string>gidNumber</string>
>     63        </fetchedAttributes>
>     64        <getAllFilter>(objectclass=*)</getAllFilter>
>     65 <getOneFilter>(objectclass=*)(cn={cn})</getOneFilter>
>     66      </ldapDestinationService>
>     67
>     68      <propertiesBasedSyncOptions>
>     69         <mainIdentifier>"cn=" +
> srcBean.getDatasetFirstValueById("cn") + ",ou=Staff
> Users,dc=linkedin,dc=biz"</mainIdentifier>
>     70         <defaultDelimiter>;</defaultDelimiter>
>     71         <defaultPolicy>FORCE</defaultPolicy>
>     72         <dataset>
>     73           <name>objectclass</name>
>     74           <policy>FORCE</policy>
>     75           <forceValues>
>     76             <string>"cn"</string>
>     77           </forceValues>
>     78         </dataset>
>     79      </propertiesBasedSyncOptions>
>     80
>     81    </task>
>     82 </tasks>
>     83 </lsc>
>
>
>
>
>  When I execute, I get this:
>
>  Oct 20 00:34:17 - INFO  - Reflections took 149 ms to scan 1 urls,
> producing 60 keys and 226 values
> Oct 20 00:34:17 - INFO  - Logging configuration successfully loaded from
> /etc/lsc/logback.xml
> Oct 20 00:34:17 - INFO  - LSC configuration successfully loaded from
> /etc/lsc/
> Oct 20 00:34:17 - INFO  - Connecting to LDAP server xxxxxxx
> Oct 20 00:34:17 - INFO  - Connecting to LDAP server xxxxxxxx
> Oct 20 00:34:17 - WARN  - No clean filter has been specified for
> task=Sync_Active_Directory_Users. During the clean phase, LSC wouldn't be
> able to get the right entries and may delete all destination entries !
> Oct 20 00:34:17 - INFO  - Starting sync for Sync_Active_Directory_Users
>  Oct 20 00:38:45 - ERROR - Error while looking for
> (objectclass=*)(cn=Heather Wright) in ou=staffu users,dc=linkedin,dc=biz:
> javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object];
> remaining name 'ou=staffu users'
> Oct 20 00:38:45 - ERROR - Error while looking for (objectclass=*)(cn=Anita
>  Akemi) in ou=staffu users,dc=linkedin,dc=biz:
> javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object];
> remaining name 'ou=staffu users'
> Oct 20 00:38:45 - ERROR - Error while synchronizing ID {cn=Heather
> Wright}: org.lsc.exception.LscServiceException:
> javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object];
> remaining name 'ou=staffu users'
>  …
> …..
>  Oct 20 00:38:53 - ERROR - All entries: 4000, to modify entries: 0,
> successfully modified entries: 0, errors: 4000
>
>
>
>  From the OpenLDAP server, I see it complaining about not being able to
> find the entries, which I expect, because the OpenLDAP server is empty at
> this point.  I'm wanting LSC to populate the OpenLDAP server from
> information that its discovered from Active Directory.
>
>  Here's some of the syslog messages from the OpenLDAP server
>
>   Oct 20 00:38:45  slapd[22055]: conn=1038 op=1 SRCH base="ou=staffu
> users,dc=linkedin,dc=biz" scope=2 deref=0 filter="(objectClass=*)"
> Oct 20 00:38:45  slapd[22055]: conn=1038 op=1 SRCH attr=cn Heather Wright
> Oct 20 00:38:45  slapd[22055]: conn=1038 op=1 SEARCH RESULT tag=101 err=32
> nentries=0 text=
> Oct 20 00:38:45  slapd[22055]: conn=1038 op=2 SRCH base="ou=staffu
> users,dc=linkedin,dc=biz" scope=2 deref=0 filter="(objectClass=*)"
> Oct 20 00:38:45  slapd[22055]: conn=1038 op=2 SRCH attr=cn Anita  Akemi
> Oct 20 00:38:45  slapd[22055]: conn=1038 op=3 SRCH base="ou=staffu
> users,dc=linkedin,dc=biz" scope=2 deref=0 filter="(objectClass=*)"
> Oct 20 00:38:45  slapd[22055]: conn=1038 op=3 SRCH attr=cn Viktor Stanchev
> Oct 20 00:38:45  slapd[22055]: conn=1038 op=2 SEARCH RESULT tag=101 err=32
> nentries=0 text=
> Oct 20 00:38:45  slapd[22055]: conn=1038 op=3 SEARCH RESULT tag=101 err=32
> nentries=0 text=
>
>
>  Can someone help point me in the right direction to get LSC to create
> and update these objects as needed?
>
>  Thanks
> Mike
>
> _______________________________________________________________
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>
> lsc-users mailing list
> [email protected]
> http://lists.lsc-project.org/listinfo/lsc-users
>
>

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Re: [lsc-users] Sync AD --> OpenLDAP help needed

Reply via email to