Hi Community
We are implementing a AD to OpenLDAP synchronisation with version 2.0.2
But we don't manage to make it work
We have created our configuration thanks to the official help and
following topics
http://lsc-project.org/wiki/documentation/2.0/tutorials/openldaptoactivedirectory
http://lists.lsc-project.org/pipermail/lsc-users/2013-May/001477.html
http://lsc-project.org/wiki/documentation/2.0/configuration/syncoptions/sequences
But when we try to synchronise we have the following messages
/etc/lsc-openldap2ad/bin/lsc -f /etc/lsc-openldap2ad/etc -c all -s all -n
jul 05 18:41:05 - DEBUG - Loading XML configuration from:
/etc/lsc-openldap2ad/etc/lsc.xml
jul 05 18:41:06 - INFO - Reflections took 360 ms to scan 1 urls,
producing 60 keys and 226 values
jul 05 18:41:06 - DEBUG - Importing XML schema file:
schemas/lsc-core-2.0.xsd
jul 05 18:41:06 - INFO - Logging configuration successfully loaded from
/etc/lsc-openldap2ad/etc/logback.xml
jul 05 18:41:06 - INFO - LSC configuration successfully loaded from
/etc/lsc-openldap2ad/etc/
jul 05 18:41:06 - INFO - Connecting to LDAP server
ldap://localhost:389/dc=azertyuiop,dc=local as
cn=xxxxxxxxxx,dc=azertyuiop,dc=local
jul 05 18:41:06 - INFO - Connecting to LDAP server
ldap://xxx.xxx.xxx.xxx:389/dc=azertyuiop,dc=local as
cn=xxxxxxx,OU=Ouazertyuiop,dc=azertyuiop,dc=local
jul 05 18:41:06 - WARN - No clean filter has been specified for
task=CreateAdUser. During the clean phase, LSC wouldn't be able to get
the right entries and may delete all destination entries !
jul 05 18:41:06 - INFO - Starting sync for CreateAdUser
jul 05 18:41:06 - INFO - Initializing the sequences factory.
jul 05 18:41:06 - ERROR - Error while modifying entry
cn=uidNumberSequence,ou=HiddenTree,dc=azertyuiop,dc=local in directory
:javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 -
modify/delete: serialNumber: no such value]; remaining name
'cn=uidNumberSequence,ou=HiddenTree'
jul 05 18:41:06 - ERROR - Error while modifying entry
cn=uidNumberSequence,ou=HiddenTree,dc=azertyuiop,dc=local in directory
:javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 -
modify/delete: serialNumber: no such value]; remaining name
'cn=uidNumberSequence,ou=HiddenTree'
jul 05 18:41:06 - WARN - Failed to update the directory for the value
of the sequence
cn=uidNumberSequence,ou=HiddenTree,dc=azertyuiop,dc=local/serialNumber,
retrying: 1/5
jul 05 18:41:06 - WARN - Failed to update the directory for the value
of the sequence
cn=uidNumberSequence,ou=HiddenTree,dc=azertyuiop,dc=local/serialNumber,
retrying: 1/5
jul 05 18:41:06 - ERROR - Error while modifying entry
cn=uidNumberSequence,ou=HiddenTree,dc=azertyuiop,dc=local in directory
:javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 -
modify/delete: serialNumber: no such value]; remaining name
'cn=uidNumberSequence,ou=HiddenTree'
jul 05 18:41:06 - WARN - Failed to update the directory for the value
of the sequence
cn=uidNumberSequence,ou=HiddenTree,dc=azertyuiop,dc=local/serialNumber,
retrying: 1/5
jul 05 18:41:06 - ERROR - Error while modifying entry
cn=uidNumberSequence,ou=HiddenTree,dc=azertyuiop,dc=local in directory
:javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 -
modify/delete: serialNumber: no such value]; remaining name
'cn=uidNumberSequence,ou=HiddenTree'
jul 05 18:41:06 - WARN - Failed to update the directory for the value
of the sequence
cn=uidNumberSequence,ou=HiddenTree,dc=azertyuiop,dc=local/serialNumber,
retrying: 2/5
jul 05 18:41:06 - ERROR - Error while modifying entry
cn=uidNumberSequence,ou=HiddenTree,dc=azertyuiop,dc=local in directory
:javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 -
modify/delete: serialNumber: no such value]; remaining name
'cn=uidNumberSequence,ou=HiddenTree'
jul 05 18:41:06 - WARN - Failed to update the directory for the value
of the sequence
cn=uidNumberSequence,ou=HiddenTree,dc=azertyuiop,dc=local/serialNumber,
retrying: 2/5
jul 05 18:41:06 - ERROR - Error while modifying entry
cn=uidNumberSequence,ou=HiddenTree,dc=azertyuiop,dc=local in directory
:javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 -
modify/delete: serialNumber: no such value]; remaining name
'cn=uidNumberSequence,ou=HiddenTree'
jul 05 18:41:06 - WARN - Failed to update the directory for the value
of the sequence
cn=uidNumberSequence,ou=HiddenTree,dc=azertyuiop,dc=local/serialNumber,
retrying: 3/5
jul 05 18:41:07 - INFO - All entries: 12, to modify entries: 12,
successfully modified entries: 0, errors: 0
jul 05 18:41:07 - INFO - Starting clean for CreateAdUser
jul 05 18:41:07 - ERROR - Empty or non existant destination (no IDs found)
That's a bit strange because
cn=uidNumberSequence,ou=HiddenTree,dc=azertyuiop,dc=local already exist
on the openldap server (we created it)
And serialNumber increase every time we execute the synchronisation
ldapsearch -LLL -h 127.0.0.1 -p 389 -D
'cn=xxxxxx,dc=azertyuiop,dc=local' -w xxxxxxxx
'cn=uidNumberSequence,OU=HiddenTree, dc=azertyuiop, dc=local'
dn: cn=uidNumberSequence,ou=HiddenTree,dc=azertyuiop,dc=local
cn: uidNumberSequence
objectClass: device
objectClass: top
serialNumber: 1108
We have also created it in AD (but I think it's not necessary?)
ldapsearch -LLL -h xxx.xxx.xxx.xxx -p 389 -D
'cn=impresora,OU=Ouazertyuiop,dc=azertyuiop,dc=local' -w xxxxxxxxxxxxxxx
-b 'cn=uidNumberSequence,ou=HiddenTree,dc=azertyuiop,dc=local'
dn: CN=uidNumberSequence,OU=HiddenTree,DC=azertyuiop,DC=local
objectClass: top
objectClass: device
cn: uidNumberSequence
serialNumber: 1024
distinguishedName: CN=uidNumberSequence,OU=HiddenTree,DC=azertyuiop,DC=local
instanceType: 4
whenCreated: 20130705164650.0Z
whenChanged: 20130705164650.0Z
uSNCreated: 1167081
uSNChanged: 1167081
showInAdvancedViewOnly: TRUE
name: uidNumberSequence
objectGUID:: J2o9o0CK/k2HuLkfuYdrCA==
objectCategory: CN=Device,CN=Schema,CN=Configuration,DC=azertyuiop,DC=local
dSCorePropagationData: 16010101000000.0Z
Here is our configuration file
If you could give us a hand, it would be great
Thanks
Best
Damien
<?xml version="1.0" ?>
<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; revision="0">
<connections>
<ldapConnection>
<name>AD</name>
<url>ldap://xxx.xxx.xxx.xxx:389/dc=azertyuiop,dc=local</url>
<username>cn=xxxxxx,OU=Ouazertyuiop,dc=azertyuiop,dc=local</username>
<password>xxxxxxxxxxx</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>1000</pageSize>
<factory></factory>
<tlsActivated>false</tlsActivated>
</ldapConnection>
<ldapConnection>
<name>OpenLDAP</name>
<url>ldap://localhost:389/dc=azertyuiop,dc=local</url>
<username>cn=xxxxxxxx,dc=azertyuiop,dc=local</username>
<password>xxxxxxxxxx</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>-1</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
</ldapConnection>
</connections>
<audits>
<csvAudit>
<name>AD2OpenLDAP</name>
<append>true</append>
<operations>create, delete</operations>
<file>/tmp/dump.csv</file>
<datasets>cn, dn</datasets>
<separator>,</separator>
</csvAudit>
</audits>
<tasks>
<task>
<name>CreateAdUser</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>ad-src-service</name>
<connection reference="AD" />
<baseDn>dc=azertyuiop,dc=local</baseDn>
<pivotAttributes>
<string>sAMAccountName</string>
</pivotAttributes>
<fetchedAttributes>
<string>sAMAccountName</string>
<string>cn</string>
<string>givenName</string>
<string>sn</string>
</fetchedAttributes>
<getAllFilter>(&(objectClass=User)(objectCategory=Person)(|(sAMAccountName=b*)(sAMAccountName=e*))(!(sAMAccountName=company*)))</getAllFilter>
<getOneFilter>(&(objectClass=User)(objectCategory=Person)(sAMAccountName={sAMAccountName}))</getOneFilter>
</ldapSourceService>
<ldapDestinationService>
<name>openldap-dst-service</name>
<connection reference="OpenLDAP" />
<baseDn>dc=azertyuiop,dc=local</baseDn>
<pivotAttributes>
<string>uid</string>
</pivotAttributes>
<fetchedAttributes>
<string>dn</string>
<string>sn</string>
<string>cn</string>
<string>uid</string>
<string>givenName</string>
<string>ObjectClass</string>
<string>uidNumber</string>
<string>gidNumber</string>
<string>homeDirectory</string>
<string>userPassword</string>
</fetchedAttributes>
<getAllFilter>(&(uid=*)(objectClass=inetOrgPerson))</getAllFilter>
<getOneFilter>(&(objectClass=inetOrgPerson)(sAMAccountName={sAMAccountName}))</getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>"uid=" +
srcBean.getDatasetFirstValueById("sAMAccountName") +
",ou=Ouazertyuiop,dc=azertyuiop,dc=local"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<dataset>
<name>objectClass</name>
<policy>FORCE</policy>
<forceValues>
<string>"top"</string>
<string>"person"</string>
<string>"organizationalPerson"</string>
<string>"inetOrgPerson"</string>
<string>"posixAccount"</string>
</forceValues>
</dataset>
<dataset>
<name>uid</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("sAMAccountName")</string>
</createValues>
</dataset>
<dataset>
<name>uidNumber</name>
<policy>KEEP</policy>
<createValues>
<string>SequencesFactory.getInstance(ldap.getJndiServices()).getNextValue("cn=uidNumberSequence,ou=HiddenTree,dc=azertyuiop,dc=local","serialNumber")</string>
</createValues>
</dataset>
<dataset>
<name>homeDirectory</name>
<policy>FORCE</policy>
<createValues>
<string>"/home/" +
srcBean.getDatasetFirstValueById("sAMAccountName")</string>
</createValues>
</dataset>
<dataset>
<name>givenName</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("givenName")</string>
</createValues>
</dataset>
<dataset>
<name>sn</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("sn")</string>
</createValues>
</dataset>
<dataset>
<name>cn</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("cn")</string>
</createValues>
</dataset>
<dataset>
<name>userPassword</name>
<policy>FORCE</policy>
<createValues>
<string>"{SASL}" +
srcBean.getDatasetFirstValueById("sAMAccountName") +
"@casadevelazquez.org"</string>
</createValues>
</dataset>
</propertiesBasedSyncOptions>
</task>
</tasks>
</lsc>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users
