Hi Mike,
On 20/10/12 03:06, Mike Svoboda wrote:
No dice. I now am trying this:
33 <tasks>
34 <task>
35 <name>Sync_Active_Directory_Users</name>
36 <bean>org.lsc.beans.SimpleBean</bean>
37
38 <ldapSourceService>
39 <name>ad-src-service</name>
40 <connection reference="Active_Directory" />
41 <baseDn>ou=staff users,dc=linkedin,dc=biz</baseDn>
42 <pivotAttributes><string>cn</string></pivotAttributes>
43 <fetchedAttributes>
44 <string>cn</string>
45 <string>description</string>
46 <string>name</string>
47 <string>objectClass</string>
48 <string>sn</string>
49 <string>givenName</string>
50 </fetchedAttributes>
51<getAllFilter>(objectClass=user)</getAllFilter>
52<getOneFilter>(&(objectClass=user)(cn={cn}))</getOneFilter>
53 </ldapSourceService>
54
55 <ldapDestinationService>
56 <name>openldap-dst-service</name>
57 <connection reference="OpenLDAP" />
58 <baseDn>ou=staff users,dc=linkedin,dc=biz</baseDn>
59 <pivotAttributes><string>uid</string></pivotAttributes>
60 <fetchedAttributes>
61 <string>description</string>
62 <string>cn</string>
63 <string>sn</string>
64 <string>givenName</string>
65 <string>objectClass</string>
66 <string>uid</string>
67 <string>mail</string>
68 </fetchedAttributes>
69<getAllFilter>(objectClass=*)</getAllFilter>
70 <getOneFilter>(&(objectClass=*)(cn={cn}))</getOneFilter>
71 </ldapDestinationService>
72
73 <propertiesBasedSyncOptions>
74 <mainIdentifier>"cn=" +
srcBean.getDatasetFirstValueById("cn") + ",ou=Staff
Users,dc=linkedin,dc=biz"</mainIdentifier>
75<defaultDelimiter>;</defaultDelimiter>
76<defaultPolicy>FORCE</defaultPolicy>
77 <dataset>
78 <name>objectclass</name>
79 <policy>FORCE</policy>
80 <forceValues>
81 <string>"cn"</string>
82 </forceValues>
83 </dataset>
84 </propertiesBasedSyncOptions>
85
86 </task>
87</tasks>
Output of executing LSC:
Oct 20 01:04:25 - ERROR - Error while looking for
(&(objectClass=*)(cn=Jay Ramamurthi)) in ou=staff
users,dc=linkedin,dc=biz: javax.naming.NameNotFoundException: [LDAP:
error code 32 - No Such Object]; remaining name 'ou=staff users'
Oct 20 01:04:25 - ERROR - Error while looking for
(&(objectClass=*)(cn=Christopher Abrams)) in ou=staff
users,dc=linkedin,dc=biz: javax.naming.NameNotFoundException: [LDAP:
error code 32 - No Such Object]; remaining name 'ou=staff users'
Oct 20 01:04:25 - ERROR - Error while synchronizing ID {cn=Jay
Ramamurthi}: org.lsc.exception.LscServiceException:
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such
Object]; remaining name 'ou=staff users'
Oct 20 01:04:25 - ERROR - Error while synchronizing ID {cn=Christopher
Abrams}: org.lsc.exception.LscServiceException:
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such
Object]; remaining name 'ou=staff users'
Oct 20 01:04:25 - ERROR - All entries: 3999, to modify entries: 0,
successfully modified entries: 0, errors: 3999
Output from syslog on the OpenLDAP server.
Oct 20 01:04:25 slapd[22055]: conn=1067 op=3997 SRCH base="ou=staff
users,dc=linkedin,dc=biz" scope=2 deref=0
filter="(&(objectClass=*)(cn=justin church))"
Oct 20 01:04:25 slapd[22055]: conn=1067 op=3997 SRCH attr=description
cn sn givenName objectClass uid mail
Oct 20 01:04:25 slapd[22055]: conn=1067 op=3997 SEARCH RESULT tag=101
err=32 nentries=0 text=
Oct 20 01:04:25 slapd[22055]: conn=1067 op=3998 SRCH base="ou=staff
users,dc=linkedin,dc=biz" scope=2 deref=0
filter="(&(objectClass=*)(cn=jay ramamurthi))"
Oct 20 01:04:25 slapd[22055]: conn=1067 op=3998 SRCH attr=description
cn sn givenName objectClass uid mail
Oct 20 01:04:25 slapd[22055]: conn=1067 op=3998 SEARCH RESULT tag=101
err=32 nentries=0 text=
Oct 20 01:04:25 slapd[22055]: conn=1067 op=3999 SRCH base="ou=staff
users,dc=linkedin,dc=biz" scope=2 deref=0
filter="(&(objectClass=*)(cn=christopher abrams))"
Oct 20 01:04:25 slapd[22055]: conn=1067 op=3999 SRCH attr=description
cn sn givenName objectClass uid mail
Oct 20 01:04:25 slapd[22055]: conn=1067 op=3999 SEARCH RESULT tag=101
err=32 nentries=0 text=
I'm guessing I have something wrong in my propertiesBasedSyncOptions
stanza.
These error messages indicate the issue is in the destination directory
allright (filter is "(&(objectClass=*)(cn=<fullname>))" as indicated in
the ldapDestinationService section of your config.
The error logged by OpenLDAP, error 32 "No such entry" indicates that
the *base* of the search does not exist, that is the "ou=staff
users,dc=linkedin,dc=biz" entry. If it did exist, and no entries matched
the filter, the LDAP error code would be 0 (Success) but the number of
results would be 0. LSC will not (by design) create any entries other
than the ones you tell it to sync, that is it will not create the OU to
hold users if you told it to sync users. Creating it manually should
make this sync work.
By the way, your filter could be optimized slightly
("(&(objectClass=*)(cn={cn}))") since "(objectClass=*)" basically
means "everything" in LDAP, so this could be shortened to "(cn={cn})".
On a similar note (optimization), I would recommend against using full
names for syncs, but a unique ID instead (ie username, or employee
number if you have one) to avoid issues in the future with name changes
(married name vs maiden name) or two people with duplicate names. This
is just optimization though, so shouldn't stop you from getting your LSC
sync working.
Hope this helps,
Jonathan
PS: it's good to see I'm not the only one doing LSC and CFEngine!! :)
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
