Re: [lsc-users] [LSC] Filtering and synchonization

Wed, 26 Nov 2014 05:48:08 -0800 

OK, sorry I got out of the list, didn’t mean to. Thanks for your answers

So, I am still trying to figure out the filters in ldapSourceService & 
ldapDestinationService. Not sure what I should put inside each of the 6 :

·         Src : getAllFilter : 
(&(objectClass=jPortalUser)(memberOf=cn=com2,dmdName=communities,dmdName=groups,dmdName=portal,dmdName=applications,dc=cap,dc=ad,dc=appli,dc=fr))

o   I understand that this is what I want to synchronize => users of type 
jPortalUser being members of com2.

·         Src : getOneFilter : (&(objectClass=jPortalUser)(uid={uid}))

o   I’m not sure I understand this one, I’d say this is the identifier of my 
user object ? if so, it is uid. If not, what should I put there ? I don’t 
really understand the description of that attribute.

o   I have tried using 
(&(objectClass=jPortalUser)(memberOf=cn=com2,dmdName=communities,dmdName=groups,dmdName=portal,dmdName=applications,dc=cap,dc=ad,dc=appli,dc=fr))
 here instead, but it told me :
Nov 26 14:28:58 - ERROR - Too many entries returned (base: "dc=gouv,dc=fr", 
filter: 
"(&(objectClass=jPortalUser)(memberOf=cn=com2,dmdName=communities,dmdName=groups,dmdName=portal,dmdName=applications,dc=cap,dc=ad,dc=
 appli,dc=fr))")
Nov 26 14:28:58 - ERROR - Error while synchronizing ID {uid=fr.alex.fouchet, 
[email protected], jbadpasswordcount=1, sn=fouchet, 
c=FR, jpwdlastset=1412171147940, givenname=alextest, jnotmasked=TRUE, 
jpwdmustchange=1427895947940, jcountrymanager=FALSE, juseractive=FALSE, 
userpassword=xxxx, title=admin, cn=alex fouchet, 
[email protected]}: org.lsc.exception.LscServiceException: 
javax.naming.SizeLimitExceededException: Too many entries returned (base: 
"dc=gouv,dc=fr", filter: 
"(&(objectClass=jPortalUser)(memberOf=cn=com2,dmdName=communities,dmdName=groups,dmdName=portal,dmdName=applications,dc=cap,dc=ad,dc=appli,dc=fr))")

·         Src : cleanFilter : 
(&(objectClass=jPortalUser)(memberOf=cn=com2,dmdName=communities,dmdName=groups,dmdName=portal,dmdName=applications,dc=cap,dc=ad,dc=appli,dc=fr))

o   Clean phase is used to delete objects, right ? I don’t really understand 
what it does.

·         Src : filterAsync : I didn’t use that one

o   Simulate an async task seems to be what I need, does it modify the value of 
the attribute ? What does the default value do ? (modifytimestamp>={0})

·         Dst : getAllFilter : 
(&(objectClass=jPortalUser)(memberOf=cn=com2,dmdName=communities,dmdName=groups,dmdName=portal,dmdName=applications,dc=cap,dc=ad,dc=appli,dc=fr))

o   Is it supposed to give the list of users on the DEST LDAP  that lsc will 
check for their existence on the SRC serv ?

o   I think I got this setting wrong, the attribute memberOf doesn’t exist on 
the DEST LDAP, so I guess I can’t be filtering on that attribute ? I tried 
uid={uid} but it doesn’t seem to do much.

·         Dst : getOneFilter : (&(objectClass=jPortalUser)(uid={uid}))

o   I understand this is the id of the object I want to synchronize.

Also, I recently added a lot more fields to “pivotAttributes” both on src and 
dest LDAP. This is the attributes LSC will listen for right ? Let’s say 
jSprintEmail is one of the pivot attributes (I put it on both src and dest), if 
I modify the value of jSprintEmail attribute of a com2 member on src, it should 
be detected in LSC logs so that it tries to update the corresponding field on 
DEST right ?



Unrelated, but at some point when I was playing with the conf, I got this 
message after trying to update a jPortalUser :
nov. 26 14:06:13 - ERROR - Error while adding entry 
uid=fr.alex.fouchet,dmdName=users,dmdName=community,dmdName=portal,dmdName=applications,dc=cap,dc=ad
 in directory :javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 
Entry Already Exists]; remaining name 
'uid=fr.alex.fouchet,dmdName=users,dmdName=community,dmdName=portal,dmdName=applications,dc=cap,dc=ad
nov. 26 14:06:13 - ERROR - Error while synchronizing ID 
uid=fr.alex.fouchet,dmdName=users,dmdName=community,dmdName=portal,dmdName=applications,dc=cap,dc=ad:
 java.lang.Exception: Technical problem while applying modifications to the 
destination
nov. 26 14:06:13 - DEBUG - java.lang.Exception: Technical problem while 
applying modifications to the destination
java.lang.Exception: Technical problem while applying modifications to the 
destination
        at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:783) 
[lsc-core-2.1.1.jar:na]
        at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:689) 
[lsc-core-2.1.1.jar:na]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) 
[na:1.7.0_45]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) 
[na:1.7.0_45]
        at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
# Wed Nov 26 14:06:13 CET 2014

What could cause this kind of error ? That LSC doesn’t have the right to edit 
existing objects on the remote LDAP serv ?

Alexandre

De : Clément OUDOT [mailto:[email protected]]
Envoyé : mardi 25 novembre 2014 14:33
À : FOUCHET, Alexandre; lsc-userslsc-users
Objet : Re: [lsc-users] [LSC] Filtering and synchonization



2014-11-25 14:28 GMT+01:00 FOUCHET, Alexandre 
<[email protected]<mailto:[email protected]>>:

Please answer to the list.

Yes the mail is stored in jSprintEmail, I change the user mail manually in 
apache directory studio but even on debug mode and interval set to 3, I have 
nothing appearing in debug log. The only thing I see as debug are the inserts 
of my new users.
When I run lsc –c all (I only have one task), I get nov. 25 14:26:06 - INFO  - 
All entries: 7, to modify entries: 0, successfully modified entries: 0, errors: 0

This means that the 7 users of the destination are in the source, so no delete 
is needed.

When I run lsc –s all, I get nov. 25 14:26:11 - INFO  - All entries: 1, to 
modify entries: 0, successfully modified entries: 0, errors: 0

Only one entry is found in the source, is it correct?


After delete / update I get the same results. I think I might try with the 
scripts

Should async work better if I use executable plugin ? With the bash scripts for 
instance (list get add etc.).

No, async mode will not work with executable plugin in source.

Clément.
This message contains information that may be privileged or confidential and is 
the property of the Capgemini Group. It is intended only for the person to whom 
it is addressed. If you are not the intended recipient, you are not authorized 
to read, print, retain, copy, disseminate, distribute, or use this message or 
any part thereof. If you receive this message in error, please notify the 
sender immediately and delete all copies of this message.

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to