2014-11-25 15:59 GMT+01:00 Biernath, Jutta <[email protected]>:
> Hello, Clément, > > > > still trying to practice > > http://lsc-project.org/wiki/documentation/tutorial/synchronizegroups > > > > Now I have the next problem. > > > > Whenever I try to synchronize what happens is: > > > > - the member attribute in the destination is tried to be written > (does not work, the group does not exist yet) > > - then the group is tried to be written (does not work, it needs > a member, but that was refused before) > > > > so an error occurs, and nothing is written. > > > > The error messages: (xxx are valid dns) > > > > Nov 25 15:29:37 - DEBUG - In object "xxxx": Attribute "member" is in > FORCE status > > Nov 25 15:29:37 - DEBUG - In object "xxxx": Attribute "member" will not > be written to the destination > > Nov 25 15:29:37 - DEBUG - In object "xxxx": Attribute "cn" is in FORCE > status > > Nov 25 15:29:37 - DEBUG - In object "xxxx": Adding attribute "cn" with > values [SYNC-TEST] > > Nov 25 15:29:37 - DEBUG - In object "xxxx": Attribute "objectClass" is in > KEEP status > > Nov 25 15:29:37 - DEBUG - In object "xxxx": Adding attribute > "objectClass" with values [groupOfNames, top] > > Nov 25 15:29:37 - ERROR - Error while adding entry ... in directory > :javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - > object class 'groupOfNames' requires attribute 'member']; remaining name > xxxxxxx > > Nov 25 15:29:37 - ERROR - Error while synchronizing ID ...: > java.lang.Exception: Technical problem while applying modifications to the > destination …….. > > > > > > In case the group exists already in the destination (with one member) > there is first deleted the member attribute, which causes an error (because > the group needs a member …) and the step where a new member could be added > is never reached: > > > > Nov 25 15:47:11 - DEBUG - In object "xxxx": Attribute "member" is in > FORCE status > > Nov 25 15:47:11 - DEBUG - In object "xxxx": Deleting attribute "member" > > Nov 25 15:47:11 - DEBUG - In object "xxxx": Attribute "cn" is in FORCE > status > > Nov 25 15:47:11 - DEBUG - In object "xxxx": Attribute "cn" will not be > written to the destination > > Nov 25 15:47:11 - DEBUG - In object "xxxx": Attribute "objectClass" is in > KEEP status > > Nov 25 15:47:11 - ERROR - Error while modifying entry xxxx in directory > :javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - > object class 'groupOfNames' requires attribute 'member']; remaining name > 'xxxxx' > > Nov 25 15:47:11 - ERROR - Error while synchronizing ID xxxx: > java.lang.Exception: Technical problem while applying modifications to the > destination > > Nov 25 15:47:11 - DEBUG - java.lang.Exception: Technical problem while > applying modifications to the destination > > > > > > Where can I determine the sequence? I.e. can I determine that first > there’s the group written, and then the membership? Whereever I could > influence the sequence in lsc.xml I have already placed the member as last > entry. > > > > And, very important for my later productive system: can I determine a > default member? <defaultValue></defaultValue> within the member dataset did > not work (caused an error). > > > > > The problem seems to be that your script does not find any member, so LSC tries to create the group without member, or try to remove member of an existing group. You need to find why no values are returned in your script. You may have done an error when adapting it to your configuration. Clément.
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
