I have an Openldap server 2.4 on Centos 6 and this is the config file
slapd.conf:
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
# enable on-the-fly configuration (cn=config)
database config
access to *
by
dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
by * none
# enable server status monitoring (cn=monitor)
database monitor
access to *
by
dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
by dn.exact="cn=root,dc=meyclub,dc=net" read
by * none
#######################################################################
# database definitions
#######################################################################
database bdb
suffix "dc=meyclub,dc=net"
checkpoint 1024 15
rootdn "cn=root,dc=meyclub,dc=net"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
rootpw {SSHA}ymkqc5nI9efKS1H2V3i47W+zAARg/naL
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/[email protected]
and this is the xml file that i'm using : its the same one of tutorila (the
Sample):
<?xml version="1.0" ?>
<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; revision="0">
<connections>
<ldapConnection>
<name>dst-ldap</name>
<url>ldap://localhost:389/dc=meyclub,dc=net</url>
<username>cn=root,dc=meyclub,dc=net</username>
<password>Proweb</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>-1</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
<saslMutualAuthentication>false</saslMutualAuthentication>
</ldapConnection>
<ldapConnection>
<name>src-ad</name>
<url>ldap://srv-ad-06.meyclub.net:389/dc=meyclub,dc=net</url>
<username>cn=Aziza
LICHIR,ou=Informatique,ou=SMH,ou=Utilisateurs,dc=meyclub,dc=net</username>
<password>Proweb38</password>
<authentication>SIMPLE</authentication>
<pageSize>1000</pageSize>
</ldapConnection>
</connections>
<audits/>
<tasks>
<task>
<name>MySyncTask</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>MySyncTask-src</name>
<connection reference="src-ad" />
<baseDn>ou=STRASBOURG,ou=Utilisateurs,dc=meyclub,dc=net</baseDn>
<pivotAttributes>
<string>mail</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>sn</string>
<string>givenName</string>
<string>mail</string>
<string>sAMAccountName</string>
</fetchedAttributes>
<getAllFilter>(&(mail=*)(objectClass=user))</getAllFilter>
<getOneFilter>(&(objectClass=organizationalPerson)(mail={mail}))</getOneFilter>
<cleanFilter>(&(objectClass=organizationalPerson)(mail={mail}))</cleanFilter>
<interval>6</interval>
</ldapSourceService>
<ldapDestinationService>
<name>MySyncTask-dst</name>
<connection reference="dst-ldap"/>
<baseDn>ou=people,dc=meyclub,dc=net</baseDn>
<pivotAttributes>
<string>mail</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>sn</string>
<string>objectClass</string>
<string>givenName</string>
<string>mail</string>
<string>uid</string>
</fetchedAttributes>
<getAllFilter>(objectClass=inetOrgPerson)</getAllFilter>
<getOneFilter>(&(objectClass=inetOrgPerson)(mail={mail}))</getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>"mail=" + srcBean.getDatasetFirstValueById("mail")
+ ",ou=people,dc=meyclub,dc=net"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<dataset>
<name>objectClass</name>
<policy>FORCE</policy>
<forceValues>
<string>"inetOrgPerson"</string>
<string>"organizationalPerson"</string>
<string>"person"</string>
<string>"top"</string>
</forceValues>
<delimiter>,</delimiter>
</dataset>
<dataset>
<name>uid</name>
<policy>FORCE</policy>
<forceValues>
<string>
srcBean.getDatasetFirstValueById("sAMAccountName")</string>
</forceValues>
</dataset>
<dataset>
<name>default</name>
<policy>FORCE</policy>
</dataset>
</propertiesBasedSyncOptions>
</task>
<task>
<name>GroupSyncTask</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>GroupSyncTask-src</name>
<connection reference="src-ad" />
<baseDn>OU=Groupe_Securite,DC=meyclub,DC=net</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>member</string>
</fetchedAttributes>
<getAllFilter>(&(member=*)(objectClass=group))</getAllFilter>
<getOneFilter>(&(objectClass=group)(cn={cn}))</getOneFilter>
<cleanFilter>(&(objectClass=group)(cn={cn}))</cleanFilter>
<interval>100</interval>
</ldapSourceService>
<ldapDestinationService>
<name>GroupSyncTask-dst</name>
<connection reference="dst-ldap"/>
<baseDn>ou=group,dc=meyclub,dc=net</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>member</string>
</fetchedAttributes>
<getAllFilter>(objectClass=groupOfNames)</getAllFilter>
<getOneFilter>(&(objectClass=groupOfNames)(cn={cn}))</getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>"cn=" + srcBean.getDatasetValuesById("cn")+
",ou=group,dc=meyclub,dc=net" </mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<dataset>
<name>objectClass</name>
<policy>FORCE</policy>
<forceValues>
<string>"groupOfNames"</string>
<string>"top"</string>
</forceValues>
<delimiter>$</delimiter>
</dataset>
<dataset>
<name>default</name>
<policy>FORCE</policy>
</dataset>
</propertiesBasedSyncOptions>
</task>
</tasks>
</lsc>
2013/4/9 Clément OUDOT <[email protected]>
>
>
> 2013/4/9 Aziza Lichir <[email protected]>
>
>> I did exactely what you said but it doesnt recognise the ou=group i get
>> this error :
>>
>> avr. 09 12:23:07 - DEBUG - Loading XML configuration from:
>> /root/lsc-2.0.1/sample/hsqldb/bin/../etc/lsc.xml
>> avr. 09 12:23:08 - INFO - Reflections took 400 ms to scan 1 urls,
>> producing 60 keys and 226 values
>> avr. 09 12:23:08 - DEBUG - Importing XML schema file:
>> schemas/lsc-core-2.0.xsd
>> avr. 09 12:23:08 - INFO - Logging configuration successfully loaded from
>> /root/lsc-2.0.1/sample/hsqldb/bin/../etc/logback.xml
>> avr. 09 12:23:08 - INFO - LSC configuration successfully loaded from
>> /root/lsc-2.0.1/sample/hsqldb/bin/../etc/
>> avr. 09 12:23:08 - INFO - Connecting to LDAP server
>> ldap://localhost:389/dc=meyclub,dc=net as cn=root,dc=meyclub,dc=net
>> avr. 09 12:23:09 - INFO - Connecting to LDAP server ldap://
>> srv-ad-06.meyclub.net:389/dc=meyclub,dc=net as cn=Aziza
>> LICHIR,ou=Informatique,ou=SMH,ou=Utilisateurs,dc=meyclub,dc=net
>>
>> .......
>>
>> avr. 09 12:23:11 - ERROR - Error while looking for
>> (&(objectClass=groupOfNames)(cn=GG_OrdinateursWindows7)) in
>> ou=group,dc=meyclub,dc=net: javax.naming.NameNotFoundException: [LDAP:
>> error code 32 - No Such Object]; remaining name 'ou=group'
>> avr. 09 12:23:11 - ERROR - Error while synchronizing ID
>> {cn=GG_OrdinateursWindows7}: org.lsc.exception.LscServiceException:
>> javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object];
>> remaining name 'ou=group'
>> avr. 09 12:23:11 - ERROR - All entries: 39, to modify entries: 0,
>> successfully modified entries: 0, errors: 39
>> avr. 09 12:23:11 - INFO - Starting clean for GroupSyncTask
>> avr. 09 12:23:11 - ERROR - javax.naming.NameNotFoundException: [LDAP:
>> error code 32 - No Such Object]; remaining name 'ou=group'
>> avr. 09 12:23:11 - ERROR - Empty or non existant destination (no IDs
>> found)
>>
>>
>>
>
> Are you sure to have modifed the destination service and not the source
> service? Could you send your complete configuration?
>
> Clément.
>
--
*___________________________________________________________*
**
*Aziza Lichir*
*Tél : 0777053628
*
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
