Thanks for that link, it really helps understanding the different steps in each
phase.
Here’s what I have set in my cfg.
src
<getAllFilter>(&(objectClass=jPortalUser)(memberOf=cn=com2,dmdName=communities,dmdName=groups,dmdName=secureportal,dmdName=applications,dc=marine,dc=defense,dc=gouv,dc=fr))</getAllFilter>
<getOneFilter>(&(objectClass=jPortalUser)(uid={uid}))</getOneFilter>
<cleanFilter>(&(objectClass=jPortalUser)(memberOf=cn=com2,dmdName=communities,dmdName=groups,dmdName=secureportal,dmdName=applications,dc=marine,dc=defense,dc=gouv,dc=fr))</cleanFilter>
Dst
<getAllFilter>(objectClass=jPortalUser)</getAllFilter>
<getOneFilter>(&(objectClass=jPortalUser)(uid={uid}))</getOneFilter>
With lsc –c I get :
nov. 26 16:04:31 - INFO - Connecting to LDAP server
ldap://10.67.111.232:389/dc=appli,dc=fr as cn=lfradmin,dc= appli,dc=fr
nov. 26 16:04:31 - INFO - Connecting to LDAP server ldap://localhost:389/dc=
appli,dc=fr as cn=lfradmin,dc= appli,dc=fr
nov. 26 16:04:31 - ERROR - Empty or non existant destination (no IDs found)
Does that mean that my uids for the same user are different on src and dst LDAP
? The dn’s are exactly the same. I don’t get what it doesn’t find.
with lsc –s after an update of the value of a pivot attribute on source :
nov. 26 16:04:33 - INFO - Connecting to LDAP server
ldap://10.67.111.232:389/dc=gouv,dc=fr as cn=lfradmin,dc=gouv,dc=fr
nov. 26 16:04:33 - INFO - Connecting to LDAP server
ldap://localhost:389/dc=gouv,dc=fr as cn=lfradmin,dc=gouv,dc=fr
nov. 26 16:04:33 - INFO - All entries: 3, to modify entries: 0, successfully
modified entries: 0, errors: 0
2014/11/26 16:04:33 [lsc] LSC finished running
Even after I updated the field jSprintEmail for a user on SRC, I don’t get any
msg in debug logs saying that the SRC user has changed (that’s what I’d expect).
De : Clément OUDOT [mailto:[email protected]]
Envoyé : mercredi 26 novembre 2014 15:28
À : FOUCHET, Alexandre
Cc : lsc-userslsc-users
Objet : Re: [lsc-users] [LSC] Filtering and synchonization
2014-11-26 14:47 GMT+01:00 FOUCHET, Alexandre
<[email protected]<mailto:[email protected]>>:
OK, sorry I got out of the list, didn’t mean to. Thanks for your answers
So, I am still trying to figure out the filters in ldapSourceService &
ldapDestinationService. Not sure what I should put inside each of the 6 :
You are right, this is not really explained in our documentation. I tried to
sum up this on this page:
http://lsc-project.org/wiki/documentation/latest/basics
You should find the answers to your questions.
Unrelated, but at some point when I was playing with the conf, I got this
message after trying to update a jPortalUser :
nov. 26 14:06:13 - ERROR - Error while adding entry
uid=fr.alex.fouchet,dmdName=users,dmdName=community,dmdName=portal,dmdName=applications,dc=cap,dc=ad
in directory :javax.naming.NameAlreadyBoundException: [LDAP: error code 68 -
Entry Already Exists]; remaining name
'uid=fr.alex.fouchet,dmdName=users,dmdName=community,dmdName=portal,dmdName=applications,dc=cap,dc=ad
nov. 26 14:06:13 - ERROR - Error while synchronizing ID
uid=fr.alex.fouchet,dmdName=users,dmdName=community,dmdName=portal,dmdName=applications,dc=cap,dc=ad:
java.lang.Exception: Technical problem while applying modifications to the
destination
nov. 26 14:06:13 - DEBUG - java.lang.Exception: Technical problem while
applying modifications to the destination
java.lang.Exception: Technical problem while applying modifications to the
destination
at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:783)
[lsc-core-2.1.1.jar:na]
at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:689)
[lsc-core-2.1.1.jar:na]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
[na:1.7.0_45]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
[na:1.7.0_45]
at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
# Wed Nov 26 14:06:13 CET 2014
What could cause this kind of error ? That LSC doesn’t have the right to edit
existing objects on the remote LDAP serv ?
The error is "[LDAP: error code 68 - Entry Already Exists]" : means that LSC
tries to add the entry because it does not find it in destination. You should
configure the getOneFilter of your destination with the correct value in order
that LSC can match the source entry and the destination entry.
Clément.
This message contains information that may be privileged or confidential and is
the property of the Capgemini Group. It is intended only for the person to whom
it is addressed. If you are not the intended recipient, you are not authorized
to read, print, retain, copy, disseminate, distribute, or use this message or
any part thereof. If you receive this message in error, please notify the
sender immediately and delete all copies of this message.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
