Hi Aaron, Can you send the service part of your configuration ? I think that some fetched attributes of your ad service is missing
Regards, Le 9 juin 2013 05:56, "Ashtar Communications" < [email protected]> a écrit : > Hi, > > First of all, thanks for writing this tool - it's really bailing me out of > a tough spot. > > I am having difficulty getting passwords to sync from OpenLDAP to Active > Directory Lightweight Directory Services. I have followed the tutorial and > the advice in the documentation, and I've tried to read every previous > thread I could find on this list about it, but I'm still struggling to get > it to work. I apologize for asking what I'm sure is a common question, but > this is very much not my area of expertise. > > Specifically, my issue is that users are created during sync, but the > password attribute doesn't appear to be set. After I run lsc, I can see > newly created users in AD LDS - but when I use my application on the AD LDS > machine to log in with one of those new users, it fails to authenticate > with the password I provided in the lsc.xml file. Instead, it allows me to > log in using the new username and a blank password. > > I'm not getting any error messages in the console when lsc runs. Even > turning up all the logback settings to DEBUG, I can see each attribute > being set, but zero references in the console to unicodePwd at all - it's > as if it's just being ignored entirely. > > My connection password to AD LDS is correct and has administrative rights. > I can connect over SSL and reset the user password successfully using > another online LDAP tool, using the same admin credentials. > > The password I'm trying to set complies with the AD LDS password policy - > I can manually set the same password on the AD side. > > I'm using lsc 2.0.2 on ubuntu. > > Edited excerpt from my lsc.xml file (can provide the whole thing if it > would help): > <propertiesBasedSyncOptions> > <mainIdentifier>"CN=" + srcBean.getDatasetFirstValueById("cn") + > ",cn=Test,dc=test,dc=local"</mainIdentifier> > <defaultDelimiter>;</defaultDelimiter> > <defaultPolicy>FORCE</defaultPolicy> > <dataset> > <name>userAccountControl</name> > <policy>KEEP</policy> > <createValues> > <string>AD.userAccountControlSet( "0", > [AD.UAC_SET_NORMAL_ACCOUNT])</string> > </createValues> > </dataset> > <dataset> > <name>unicodePwd</name> > <policy>FORCE</policy> > <createValues> > <string>AD.getUnicodePwd("change1t!")</string> > </createValues> > </dataset> > </propertiesBasedSyncOptions> > > Ultimately, I will need to use the userPassword attribute from OpenLDAP to > sync to AD for each user - but I can't even get this to work just > specifying a FORCE for the same password for all users. > > Any idea what I'm doing wrong? > > One other question - I am also noticing that the msDS-UserAccountDisabled > attribute for all the synced accounts is set to TRUE - my first few > attempts at configuring the xml file to change that all failed. Does anyone > know a quick way to enable all the new accounts? I assume it has something > to do with the userAccountControl section, but the example in the tutorial > didn't seem to do it. > > Thank you in advance for any assistance, > > aaron > > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] > http://lists.lsc-project.org/listinfo/lsc-users > >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
