Does that container exist on the ldap server? ou=staff users,dc=linkedin,dc=biz?
ldapsearch -x -h <ldapserver address> -b 'ou=staff users,dc=linkedin,dc=biz' Does that indicate that the tree is there? It can be empty, but I believe you need to make sure it exists at least. That seems to me what it is saying. -Joel On Fri, Oct 19, 2012 at 6:06 PM, Mike Svoboda <[email protected]> wrote: > No dice. I now am trying this: > > 33 <tasks> > 34 <task> > 35 <name>Sync_Active_Directory_Users</name> > 36 <bean>org.lsc.beans.SimpleBean</bean> > 37 > 38 <ldapSourceService> > 39 <name>ad-src-service</name> > 40 <connection reference="Active_Directory" /> > 41 <baseDn>ou=staff users,dc=linkedin,dc=biz</baseDn> > 42 <pivotAttributes><string>cn</string></pivotAttributes> > 43 <fetchedAttributes> > 44 <string>cn</string> > 45 <string>description</string> > 46 <string>name</string> > 47 <string>objectClass</string> > 48 <string>sn</string> > 49 <string>givenName</string> > 50 </fetchedAttributes> > 51 <getAllFilter>(objectClass=user)</getAllFilter> > 52 <getOneFilter>(&(objectClass=user)(cn={cn}))</getOneFilter> > 53 </ldapSourceService> > 54 > 55 <ldapDestinationService> > 56 <name>openldap-dst-service</name> > 57 <connection reference="OpenLDAP" /> > 58 <baseDn>ou=staff users,dc=linkedin,dc=biz</baseDn> > 59 <pivotAttributes><string>uid</string></pivotAttributes> > 60 <fetchedAttributes> > 61 <string>description</string> > 62 <string>cn</string> > 63 <string>sn</string> > 64 <string>givenName</string> > 65 <string>objectClass</string> > 66 <string>uid</string> > 67 <string>mail</string> > 68 </fetchedAttributes> > 69 <getAllFilter>(objectClass=*)</getAllFilter> > 70 <getOneFilter>(&(objectClass=*)(cn={cn}))</getOneFilter> > 71 </ldapDestinationService> > 72 > 73 <propertiesBasedSyncOptions> > 74 <mainIdentifier>"cn=" + > srcBean.getDatasetFirstValueById("cn") + ",ou=Staff > Users,dc=linkedin,dc=biz"</mainIdentifier> > 75 <defaultDelimiter>;</defaultDelimiter> > 76 <defaultPolicy>FORCE</defaultPolicy> > 77 <dataset> > 78 <name>objectclass</name> > 79 <policy>FORCE</policy> > 80 <forceValues> > 81 <string>"cn"</string> > 82 </forceValues> > 83 </dataset> > 84 </propertiesBasedSyncOptions> > 85 > 86 </task> > 87 </tasks> > > > Output of executing LSC: > > > Oct 20 01:04:25 - ERROR - Error while looking for > (&(objectClass=*)(cn=Jay Ramamurthi)) in ou=staff users,dc=linkedin,dc=biz: > javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; > remaining name 'ou=staff users' > Oct 20 01:04:25 - ERROR - Error while looking for > (&(objectClass=*)(cn=Christopher Abrams)) in ou=staff > users,dc=linkedin,dc=biz: javax.naming.NameNotFoundException: [LDAP: error > code 32 - No Such Object]; remaining name 'ou=staff users' > Oct 20 01:04:25 - ERROR - Error while synchronizing ID {cn=Jay > Ramamurthi}: org.lsc.exception.LscServiceException: > javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; > remaining name 'ou=staff users' > Oct 20 01:04:25 - ERROR - Error while synchronizing ID {cn=Christopher > Abrams}: org.lsc.exception.LscServiceException: > javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; > remaining name 'ou=staff users' > Oct 20 01:04:25 - ERROR - All entries: 3999, to modify entries: 0, > successfully modified entries: 0, errors: 3999 > > Output from syslog on the OpenLDAP server. > > Oct 20 01:04:25 slapd[22055]: conn=1067 op=3997 SRCH base="ou=staff > users,dc=linkedin,dc=biz" scope=2 deref=0 > filter="(&(objectClass=*)(cn=justin church))" > Oct 20 01:04:25 slapd[22055]: conn=1067 op=3997 SRCH attr=description cn > sn givenName objectClass uid mail > Oct 20 01:04:25 slapd[22055]: conn=1067 op=3997 SEARCH RESULT tag=101 > err=32 nentries=0 text= > Oct 20 01:04:25 slapd[22055]: conn=1067 op=3998 SRCH base="ou=staff > users,dc=linkedin,dc=biz" scope=2 deref=0 filter="(&(objectClass=*)(cn=jay > ramamurthi))" > Oct 20 01:04:25 slapd[22055]: conn=1067 op=3998 SRCH attr=description cn > sn givenName objectClass uid mail > Oct 20 01:04:25 slapd[22055]: conn=1067 op=3998 SEARCH RESULT tag=101 > err=32 nentries=0 text= > Oct 20 01:04:25 slapd[22055]: conn=1067 op=3999 SRCH base="ou=staff > users,dc=linkedin,dc=biz" scope=2 deref=0 > filter="(&(objectClass=*)(cn=christopher abrams))" > Oct 20 01:04:25 slapd[22055]: conn=1067 op=3999 SRCH attr=description cn > sn givenName objectClass uid mail > Oct 20 01:04:25 slapd[22055]: conn=1067 op=3999 SEARCH RESULT tag=101 > err=32 nentries=0 text= > > > > > I'm guessing I have something wrong in my propertiesBasedSyncOptions > stanza. > > > > > From: Joel Foote <[email protected]> > Date: Friday, October 19, 2012 2:56 PM > To: Mike Svoboda <[email protected]> > Cc: "[email protected]" <[email protected]> > Subject: Re: [lsc-users] Sync AD --> OpenLDAP help needed > > Overall this looks pretty clean, nice straight forward setup. Your LDAP > getonefilter is wrong though, could that be your snag? > > <getOneFilter>(objectclass=*)(cn={cn})</getOneFilter> > should be > <getOneFilter>(& (objectclass=*)(cn={cn}))</getOneFilter> > > -Joel > > On Fri, Oct 19, 2012 at 5:43 PM, Mike Svoboda <[email protected]>wrote: > >> I'm trying to get a sync of active directory to dump into OpenLDAP. I >> can see Active Directory being queried, and it looks like LSC is querying >> OpenLDAP at the destination saying that entries don't exist, but, LSC isn't >> creating them. >> >> Can someone please help? I'm going nuts here trying to figure this >> out. I'm 3x days into this and haven't figured it out yet. Here's my >> lsc.xml >> >> 1 <?xml version="1.0" ?> >> 2 <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; id="1" >> xmlns:nis="http://lsc-project.org/XSD/lsc-nis-plugin-1.0"; revision="0"> >> 3 <connections> >> 4 <ldapConnection> >> 5 <name>Active_Directory</name> >> 6 <url>xxxxxxx</url> >> 7 <username>xxxxxxxx</username> >> 8 <password>xxxxxxxxx</password> >> 9 <authentication>SIMPLE</authentication> >> 10 <referral>IGNORE</referral> >> 11 <derefAliases>NEVER</derefAliases> >> 12 <version>VERSION_3</version> >> 13 <pageSize>1000</pageSize> >> 14 <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >> 15 <tlsActivated>false</tlsActivated> >> 16 </ldapConnection> >> 17 >> 18 <ldapConnection> >> 19 <name>OpenLDAP</name> >> 20 <url>xxxxxxxxx</url> >> 21 <username>xxxxxxxxxx</username> >> 22 <password>xxxxxxxx</password> >> 23 <authentication>SIMPLE</authentication> >> 24 <referral>IGNORE</referral> >> 25 <derefAliases>NEVER</derefAliases> >> 26 <version>VERSION_3</version> >> 27 <pageSize>-1</pageSize> >> 28 <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >> 29 <tlsActivated>false</tlsActivated> >> 30 </ldapConnection> >> 31 </connections> >> 32 >> 33 <tasks> >> 34 <task> >> 35 <name>Sync_Active_Directory_Users</name> >> 36 <bean>org.lsc.beans.SimpleBean</bean> >> 37 >> 38 <ldapSourceService> >> 39 <name>ad-src-service</name> >> 40 <connection reference="Active_Directory" /> >> 41 <baseDn>ou=staff users,dc=linkedin,dc=biz</baseDn> >> 42 <pivotAttributes><string>cn</string></pivotAttributes> >> 43 <fetchedAttributes> >> 44 <string>cn</string> >> 45 <string>description</string> >> 46 <string>name</string> >> 47 <string>objectclass</string> >> 48 </fetchedAttributes> >> 49 <getAllFilter>(objectClass=organizationalPerson)</getAllFilter> >> 50 >> <getOneFilter>(&(objectClass=organizationalPerson)(cn={cn}))</getOneFilter> >> 51 </ldapSourceService> >> 52 >> 53 <ldapDestinationService> >> 54 <name>openldap-dst-service</name> >> 55 <connection reference="OpenLDAP" /> >> 56 <baseDn>ou=staff users,dc=linkedin,dc=biz</baseDn> >> 57 <pivotAttributes><string>cn</string></pivotAttributes> >> 58 <fetchedAttributes> >> 59 <string>cn</string> >> 60 <string>description</string> >> 61 <string>objectclass</string> >> 62 <string>gidNumber</string> >> 63 </fetchedAttributes> >> 64 <getAllFilter>(objectclass=*)</getAllFilter> >> 65 <getOneFilter>(objectclass=*)(cn={cn})</getOneFilter> >> 66 </ldapDestinationService> >> 67 >> 68 <propertiesBasedSyncOptions> >> 69 <mainIdentifier>"cn=" + >> srcBean.getDatasetFirstValueById("cn") + ",ou=Staff >> Users,dc=linkedin,dc=biz"</mainIdentifier> >> 70 <defaultDelimiter>;</defaultDelimiter> >> 71 <defaultPolicy>FORCE</defaultPolicy> >> 72 <dataset> >> 73 <name>objectclass</name> >> 74 <policy>FORCE</policy> >> 75 <forceValues> >> 76 <string>"cn"</string> >> 77 </forceValues> >> 78 </dataset> >> 79 </propertiesBasedSyncOptions> >> 80 >> 81 </task> >> 82 </tasks> >> 83 </lsc> >> >> >> >> >> When I execute, I get this: >> >> Oct 20 00:34:17 - INFO - Reflections took 149 ms to scan 1 urls, >> producing 60 keys and 226 values >> Oct 20 00:34:17 - INFO - Logging configuration successfully loaded from >> /etc/lsc/logback.xml >> Oct 20 00:34:17 - INFO - LSC configuration successfully loaded from >> /etc/lsc/ >> Oct 20 00:34:17 - INFO - Connecting to LDAP server xxxxxxx >> Oct 20 00:34:17 - INFO - Connecting to LDAP server xxxxxxxx >> Oct 20 00:34:17 - WARN - No clean filter has been specified for >> task=Sync_Active_Directory_Users. During the clean phase, LSC wouldn't be >> able to get the right entries and may delete all destination entries ! >> Oct 20 00:34:17 - INFO - Starting sync for Sync_Active_Directory_Users >> Oct 20 00:38:45 - ERROR - Error while looking for >> (objectclass=*)(cn=Heather Wright) in ou=staffu users,dc=linkedin,dc=biz: >> javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; >> remaining name 'ou=staffu users' >> Oct 20 00:38:45 - ERROR - Error while looking for >> (objectclass=*)(cn=Anita Akemi) in ou=staffu users,dc=linkedin,dc=biz: >> javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; >> remaining name 'ou=staffu users' >> Oct 20 00:38:45 - ERROR - Error while synchronizing ID {cn=Heather >> Wright}: org.lsc.exception.LscServiceException: >> javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; >> remaining name 'ou=staffu users' >> … >> ….. >> Oct 20 00:38:53 - ERROR - All entries: 4000, to modify entries: 0, >> successfully modified entries: 0, errors: 4000 >> >> >> >> From the OpenLDAP server, I see it complaining about not being able to >> find the entries, which I expect, because the OpenLDAP server is empty at >> this point. I'm wanting LSC to populate the OpenLDAP server from >> information that its discovered from Active Directory. >> >> Here's some of the syslog messages from the OpenLDAP server >> >> Oct 20 00:38:45 slapd[22055]: conn=1038 op=1 SRCH base="ou=staffu >> users,dc=linkedin,dc=biz" scope=2 deref=0 filter="(objectClass=*)" >> Oct 20 00:38:45 slapd[22055]: conn=1038 op=1 SRCH attr=cn Heather Wright >> Oct 20 00:38:45 slapd[22055]: conn=1038 op=1 SEARCH RESULT tag=101 >> err=32 nentries=0 text= >> Oct 20 00:38:45 slapd[22055]: conn=1038 op=2 SRCH base="ou=staffu >> users,dc=linkedin,dc=biz" scope=2 deref=0 filter="(objectClass=*)" >> Oct 20 00:38:45 slapd[22055]: conn=1038 op=2 SRCH attr=cn Anita Akemi >> Oct 20 00:38:45 slapd[22055]: conn=1038 op=3 SRCH base="ou=staffu >> users,dc=linkedin,dc=biz" scope=2 deref=0 filter="(objectClass=*)" >> Oct 20 00:38:45 slapd[22055]: conn=1038 op=3 SRCH attr=cn Viktor Stanchev >> Oct 20 00:38:45 slapd[22055]: conn=1038 op=2 SEARCH RESULT tag=101 >> err=32 nentries=0 text= >> Oct 20 00:38:45 slapd[22055]: conn=1038 op=3 SEARCH RESULT tag=101 >> err=32 nentries=0 text= >> >> >> Can someone help point me in the right direction to get LSC to create >> and update these objects as needed? >> >> Thanks >> Mike >> >> _______________________________________________________________ >> Ldap Synchronization Connector (LSC) - http://lsc-project.org >> >> lsc-users mailing list >> [email protected] >> http://lists.lsc-project.org/listinfo/lsc-users >> >> >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
