Hi everyone,
I am trying to synchronize users from an OpenLDAP server (Ubuntu) to an AD
server (2008R2).
I am using the default LDAP scheam on both servers.
I built the lsc.xml configuration file and you can find it enclosed.
The issue I have is the following:
[LDAP: error code 65 - 0000207B: UpdErr: DSID-030511CF, problem 6002
(OBJ_CLASS_VIOLATION), data 0]; remaining name 'cn=ttoto,cn=Users'
I followed the default procedure on the LSC website (
http://lsc-project.org/wiki/documentation/2.0/tutorials/openldaptoactivedirectory
)
I checked the mandatory attributes for each objectClass and it seems that
no attribute is missing.
Does anyone see the mistake I made in my configuration?
Best Regards, Paul Besset.
<?xml version="1.0" ?>
<!--
In the following file, comments are describing each node. Elements are
referenced through XPath expression, whereas attributes are prefixed with
'@'
//lsc Root node of the XML configuration file
@xmlns XML Schema validation is not ready yet (Reserved for futur use)
@id optional, added by XML API
@revision mandatory, used by the Web Administration Interface to version
this file
-->
<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; revision="0">
<!-- ./connections Connections list node, must contain at least two connections -->
<connections>
<ldapConnection>
<name>schoolldap</name>
<url>ldap://schoolldap.fr:389/dc=schoolldap,dc=fr</url>
<username>cn=admin,dc=schoolldap,dc=fr</username>
<password>**********</password>
<authentication>SIMPLE</authentication>
</ldapConnection>
<ldapConnection>
<name>schoolAD</name>
<url>ldap://schoolad.fr:389/dc=schoolad,dc=fr</url>
<username>cn=Administrateur,cn=Users,dc=schoolad,dc=fr</username>
<password>**********</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>1000</pageSize>
</ldapConnection>
</connections>
<tasks>
<task>
<name>adUser</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>schoolldap-src-service</name>
<connection reference="schoolldap" />
<baseDn>cn=People,dc=schoolldap,dc=fr</baseDn>
<pivotAttributes><string>uid</string></pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>sn</string>
<string>uid</string>
<string>mail</string>
</fetchedAttributes>
<getAllFilter>(&(uid=*)(objectClass=inetOrgPerson))</getAllFilter>
<getOneFilter>(&(objectClass=*)(uid={uid}))</getOneFilter>
<cleanFilter>(&(objectClass=*)(uid={uid}))</cleanFilter>
</ldapSourceService>
<ldapDestinationService>
<name>schoolAD-dst-service</name>
<connection reference="schoolAD" />
<baseDn>cn=Users,dc=schoolad,dc=fr</baseDn>
<pivotAttributes><string>sAMAccountName</string></pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>sn</string>
<string>uid</string>
<string>mail</string>
</fetchedAttributes>
<getAllFilter>(&(objectClass=user)(sAMAccountType=805306368))</getAllFilter>
<getOneFilter>(&(objectClass=user)(sAMAccountName={uid}))</getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<!-- ./mainIdentifier This mandatory node must contain a string Javascript expression that will enforce the object main identifier.-->
<mainIdentifier>"cn=" + srcBean.getDatasetFirstValueById("uid") + ",cn=Users,dc=schoolad,dc=fr"</mainIdentifier>
<!-- ./defaultDelimiter This mandatory node must contain a string Javascript expression that will enforce the object main identifier.-->
<defaultDelimiter>,</defaultDelimiter>
<!-- ./defaultPolicy This mandatory node must contain a string Javascript expression that will enforce the object main identifier.-->
<defaultPolicy>FORCE</defaultPolicy>
<!-- ./conditions This optional node may contain one or more of the four node : create, update, delete and changeId -->
<conditions>
<!-- ./create This optional node may contain a boolean Javascript expression that will indicate whenever a new entry must be created or not -->
<create>true</create>
<!-- ./update This optional node may contain a boolean Javascript expression that will indicate whenever a existing entry must be updated or not -->
<!-- <update>true</update> -->
<!-- ./delete This optional node may contain a boolean Javascript expression that will indicate whenever a existing entry must be deleted or not -->
<!-- <delete>true</delete> -->
<!-- ./changeId This optional node may contain a boolean Javascript expression that will indicate whenever an existing object main identifier must be changed or not -->
<changeId>false</changeId>
</conditions>
<dataset>
<name>objectClass</name>
<policy>FORCE</policy>
<createValues>
<string>"top"</string>
<string>"person"</string>
<string>"organizationalPerson"</string>
<string>"user"</string>
<string>"inetOrgPerson"</string>
</createValues>
</dataset>
<dataset>
<name>sAMAccountName</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("uid")</string>
</createValues>
</dataset>
<dataset>
<name>name</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("uid")</string>
</createValues>
</dataset>
<dataset>
<name>instanceType</name>
<policy>FORCE</policy>
<createValues>
<string>"4"</string>
</createValues>
</dataset>
<dataset>
<name>description</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getMainIdentifier()</string>
</createValues>
</dataset>
<dataset>
<!-- userPrincipalName = uid + "@lsc-project.org" -->
<name>userPrincipalName</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("uid") + "@lsc-project.org"</string>
</createValues>
</dataset>
<dataset>
<name>distinguishedName</name>
<policy>FORCE</policy>
<createValues>
<string>"cn=" + srcBean.getDatasetFirstValueById("uid") + ",cn=Users,dc=schoolad,dc=fr"</string>
</createValues>
</dataset>
<dataset>
<name>objectCategory</name>
<policy>FORCE</policy>
<createValues>
<string>"cn=" + srcBean.getDatasetFirstValueById("uid") + ",cn=Users,dc=schoolad,dc=fr"</string>
</createValues>
</dataset>
<dataset>
<name>userAccountControl</name>
<policy>FORCE</policy>
<createValues>
<string>AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT])</string>
</createValues>
</dataset>
<dataset>
<!-- pwdLastSet = 0 to force user to change password on next connection -->
<name>pwdLastSet</name>
<policy>FORCE</policy>
<createValues>
<string>"0"</string>
</createValues>
</dataset>
<dataset>
<!-- unicodePwd = "changeit" at creation (requires SSL connection to AD) -->
<name>unicodePwd</name>
<policy>FORCE</policy>
<createValues>
<string>AD.getUnicodePwd("changeit")</string>
</createValues>
</dataset>
</propertiesBasedSyncOptions>
</task>
</tasks>
<!-- ./security This mandatory node contains the security settings used by LSC -->
<security>
<!-- ./encryption This optional node contains the encryption settings -->
<encryption>
<!-- ./keyfile This optional node contains the keyfile location -->
<keyfile>etc/lsc.key</keyfile>
<!-- ./algorithm This optional node contains the encryption algorithm -->
<algorithm>AES</algorithm>
<!-- ./strength This optional node contains the algorithm key length -->
<strength>128</strength>
</encryption>
</security>
</lsc>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
