Thanks! Thanks! Thanks! You’re my heroes!!!!
☺ Jutta -------------------- Jutta Biernath Freie Universität Berlin Zentraleinrichtung für Datenverarbeitung (ZEDAT) Identity & Customer Management, FUDIS Fabeckstr. 32 14195 Berlin Tel. +49 30 838-75090 Fax +49 30 838-475090 Von: Marcin Baluta [mailto:[email protected]] Gesendet: Dienstag, 25. November 2014 16:50 An: Biernath, Jutta; Clément OUDOT Cc: lsc-userslsc-users Betreff: RE: [lsc-users] Groups sync Maybe you could try this: java.lang.System.out.println(variable) Cheers Marcin Baluta Systems Administrator tyntec GmbH Semerteichstr. 54 - 56 | 44141 Dortmund, Germany T +49 231 477 90 405 | F +49 231 108 799 2 www.tyntec.com<http://www.tyntec.com/> From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Biernath, Jutta Sent: Dienstag, 25. November 2014 16:48 To: Clément OUDOT Cc: lsc-userslsc-users Subject: Re: [lsc-users] Groups sync Thank you, Clément, will check. Do you know if there’s a possibility to output the strings that are used in the CDATA-JavaScript-Expressions into the logfiles or stdout (for debugging)? I’ve googled and tested, but couldn’t find a solution. JavaScript functions of course do not work. The JS-code looks all ok for me, so a check of the used strings would help me a lot. Maybe it’s a simple thing, but I do not find it. Regards, Jutta -------------------- Jutta Biernath Freie Universität Berlin Zentraleinrichtung für Datenverarbeitung (ZEDAT) Identity & Customer Management, FUDIS Fabeckstr. 32 14195 Berlin Tel. +49 30 838-75090 Fax +49 30 838-475090 Von: Clément OUDOT [mailto:[email protected]] Gesendet: Dienstag, 25. November 2014 16:04 An: Biernath, Jutta Cc: lsc-userslsc-users Betreff: Re: [lsc-users] Groups sync 2014-11-25 15:59 GMT+01:00 Biernath, Jutta <[email protected]<mailto:[email protected]>>: Hello, Clément, still trying to practice http://lsc-project.org/wiki/documentation/tutorial/synchronizegroups Now I have the next problem. Whenever I try to synchronize what happens is: - the member attribute in the destination is tried to be written (does not work, the group does not exist yet) - then the group is tried to be written (does not work, it needs a member, but that was refused before) so an error occurs, and nothing is written. The error messages: (xxx are valid dns) Nov 25 15:29:37 - DEBUG - In object "xxxx": Attribute "member" is in FORCE status Nov 25 15:29:37 - DEBUG - In object "xxxx": Attribute "member" will not be written to the destination Nov 25 15:29:37 - DEBUG - In object "xxxx": Attribute "cn" is in FORCE status Nov 25 15:29:37 - DEBUG - In object "xxxx": Adding attribute "cn" with values [SYNC-TEST] Nov 25 15:29:37 - DEBUG - In object "xxxx": Attribute "objectClass" is in KEEP status Nov 25 15:29:37 - DEBUG - In object "xxxx": Adding attribute "objectClass" with values [groupOfNames, top] Nov 25 15:29:37 - ERROR - Error while adding entry ... in directory :javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - object class 'groupOfNames' requires attribute 'member']; remaining name xxxxxxx Nov 25 15:29:37 - ERROR - Error while synchronizing ID ...: java.lang.Exception: Technical problem while applying modifications to the destination …….. In case the group exists already in the destination (with one member) there is first deleted the member attribute, which causes an error (because the group needs a member …) and the step where a new member could be added is never reached: Nov 25 15:47:11 - DEBUG - In object "xxxx": Attribute "member" is in FORCE status Nov 25 15:47:11 - DEBUG - In object "xxxx": Deleting attribute "member" Nov 25 15:47:11 - DEBUG - In object "xxxx": Attribute "cn" is in FORCE status Nov 25 15:47:11 - DEBUG - In object "xxxx": Attribute "cn" will not be written to the destination Nov 25 15:47:11 - DEBUG - In object "xxxx": Attribute "objectClass" is in KEEP status Nov 25 15:47:11 - ERROR - Error while modifying entry xxxx in directory :javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - object class 'groupOfNames' requires attribute 'member']; remaining name 'xxxxx' Nov 25 15:47:11 - ERROR - Error while synchronizing ID xxxx: java.lang.Exception: Technical problem while applying modifications to the destination Nov 25 15:47:11 - DEBUG - java.lang.Exception: Technical problem while applying modifications to the destination Where can I determine the sequence? I.e. can I determine that first there’s the group written, and then the membership? Whereever I could influence the sequence in lsc.xml I have already placed the member as last entry. And, very important for my later productive system: can I determine a default member? <defaultValue></defaultValue> within the member dataset did not work (caused an error). The problem seems to be that your script does not find any member, so LSC tries to create the group without member, or try to remove member of an existing group. You need to find why no values are returned in your script. You may have done an error when adapting it to your configuration. Clément.
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
