For info, with the settings I exposed in my previous mail, I was getting after
updating a user and then doing lsc -s :
déc. 03 15:22:18 - ERROR - Error while adding entry
uid=fr.lee.sin,dmdName=users,dmdName=portal,dmdName=applications,dc=cap,dc=ad
in directory :javax.naming.NameAlreadyBoundException: [LDAP: error code 68 -
Entry Already Exists]; remaining name
'uid=fr.lee.sin,dmdName=users,dmdName=portal,dmdName=applications,dc=cap,dc=ad
déc. 03 15:22:18 - ERROR - Error while synchronizing ID
uid=fr.lee.sin,dmdName=users,dmdName=portal,dmdName=applications,dc=cap,dc=ad:
java.lang.Exception: Technical problem while applying modifications to the
destination
déc. 03 15:22:18 - DEBUG - java.lang.Exception: Technical problem while
applying modifications to the destination
java.lang.Exception: Technical problem while applying modifications to the
destination
at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:783)
[lsc-core-2.1.1.jar:na]
at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:689)
[lsc-core-2.1.1.jar:na]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
[na:1.7.0_45]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
[na:1.7.0_45]
at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
ERROR - All entries: 3, to modify entries: 1, successfully modified entries: 0,
errors: 1
I’m trying to figure out those error messages, first it says it tries to add an
already existing entry, which logically fails. But the second message clearly
states “Technical problem while applying modifications to the destination”. Is
that something I’m getting because of the failed “add” operation ? Or is it a
message that indicates that LSC tried to both add and update ?
I think you just need to use uid as pivot attributes. So use this in
getOneFilter for your destination:
<getOneFilter>(&(objectClass=jPortalUser)(uid={uid}))</getOneFilter>
It seems that the filter with jSprintEmail and sn does not return any entry, so
LSC tries to add the entry.
I tried that with 2 different settings, When I change one value on an attribute
listed in fetchedAttributes (for instance “givenName”), I now get this after
lsc –s
All entries: 3, to modify entries: 0, successfully modified entries: 0, errors: 0
LSC doesn’t see that anything has changed on the source user.
Here are the 2 settings I tried :
<ldapSourceService>
<pivotAttributes>
<string>uid</string>
<string>jSprintEmail</string>
<string>sn</string>
</pivotAttributes>
[…]
<getAllFilter>(&(objectClass=jPortalUser)(memberOf=cn=com1,dmdName=communities,dmdName=groups,dmdName=portal,dmdName=applications,dc=cap,dc=ad,dc=appli,dc=fr))</getAllFilter>
<getOneFilter>(&(objectClass=jPortalUser)(uid={uid}))</getOneFilter>
<cleanFilter>(&(objectClass=jPortalUser)(memberOf=cn=com1,dmdName=communities,dmdName=groups,dmdName=portal,dmdName=applications,dc=cap,dc=ad,dc=appli,dc=fr)(uid={uid}))</cleanFilter>
</ldapSourceService>
<ldapDestinationService>
<pivotAttributes>
<string>uid</string>
</pivotAttributes>
[…]
<getAllFilter>(&(objectClass=jPortalUser))</getAllFilter>
<getOneFilter>(&(objectClass=jPortalUser)(uid={uid}))</getOneFilter>
</ldapDestinationService>
<ldapSourceService>
<pivotAttributes>
<string>uid</string>
</pivotAttributes>
<getAllFilter>(&(objectClass=jPortalUser)(memberOf=cn=com1,dmdName=communities,dmdName=groups,dmdName=portal,dmdName=applications,dc=cap,dc=ad,dc=appli,dc=fr))</getAllFilter>
<getOneFilter>(&(objectClass=jPortalUser)(uid={uid}))</getOneFilter>
<cleanFilter>(&(objectClass=jPortalUser)(memberOf=cn=com1,dmdName=communities,dmdName=groups,dmdName=portal,dmdName=applications,dc=cap,dc=ad,dc=appli,dc=fr)(uid={uid}))</cleanFilter>
</ldapSourceService>
<ldapDestinationService>
<pivotAttributes>
<string>uid</string>
</pivotAttributes>
[…]
<getAllFilter>(&(objectClass=jPortalUser))</getAllFilter>
<getOneFilter>(&(objectClass=jPortalUser)(uid={uid}))</getOneFilter>
</ldapDestinationService>
De : Clément OUDOT [mailto:clem.ou...@gmail.com]
Envoyé : mercredi 3 décembre 2014 15:06
À : FOUCHET, Alexandre
Cc : lsc-userslsc-users
Objet : Re: [lsc-users] [LDAP: error code 68 - Entry Already Exists]
2014-12-03 14:55 GMT+01:00 FOUCHET, Alexandre
<alexandre.fouc...@capgemini.com<mailto:alexandre.fouc...@capgemini.com>>:
Hi,
I am facing a problem when I try to update a user, I think LSC tries to add a
new entry instead of just updating the already existing one :
déc. 03 14:27:15 - ERROR - Error while adding entry
uid=fr.lee.sin,dmdName=users,dmdName=portal,dmdName=applications,dc=cap,dc=ad
in directory :javax.naming.NameAlreadyBoundException: [LDAP: error code 68 -
Entry Already Exists]; remaining name
'uid=fr.lee.sin,dmdName=users,dmdName=portal,dmdName=applications,dc=cap,dc=ad
déc. 03 14:27:15 - ERROR - Error while synchronizing ID
uid=fr.lee.sin,dmdName=users,dmdName=portal,dmdName=applications,dc=cap,dc=ad:
java.lang.Exception: Technical problem while applying modifications to the
destination
déc. 03 14:27:15 - DEBUG - java.lang.Exception: Technical
problem while applying modifications to the destination
java.lang.Exception: Technical problem while applying
modifications to the destination
at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:783)
[lsc-core-2.1.1.jar:na]
at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:689)
[lsc-core-2.1.1.jar:na]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown
Source) [na:1.7.0_45]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
Source) [na:1.7.0_45]
at java.lang.Thread.run(Unknown Source) [na:1.7.0_45]
I am fairly sure it is due to me not using getOneFilter correctly. Could
someone please help me out ?
Config :
<ldapSourceService>
<name>ldap-src-service-com1</name>
<connection reference="ldap-src-conn" />
<baseDn>dc=appli,dc=fr</baseDn>
<pivotAttributes>
<string>uid</string>
<string>jSprintEmail</string>
<string>sn</string>
</pivotAttributes>
<fetchedAttributes>
<string>objectClass</string>
<string>cn</string>
<string>jUserActive</string>
<string>sn</string>
<string>title</string>
<string>uid</string>
<string>userPassword</string>
<string>c</string>
<string>givenName</string>
<string>jBadPasswordCount</string>
<string>jSprintEmail</string>
<string>mail</string>
</fetchedAttributes>
<getAllFilter>(&(objectClass=jPortalUser)(memberOf=cn=com1,dmdName=communities,dmdName=groups,dmdName=portal,dmdName=applications,dc=cap,dc=ad,dc=appli,dc=fr))</getAllFilter>
<getOneFilter>(&(objectClass=jPortalUser)(uid={uid}))</getOneFilter>
<cleanFilter>(&(objectClass=jPortalUser)(memberOf=cn=com1,dmdName=communities,dmdName=groups,dmdName=portal,dmdName=applications,dc=cap,dc=ad,dc=appli,dc=fr)(uid={uid}))</cleanFilter>
</ldapSourceService>
<ldapDestinationService>
<connection reference="ldap-dst-conn-com1" />
<baseDn>dc=gouv,dc=fr</baseDn>
<pivotAttributes>
<string>uid</string>
</pivotAttributes>
<fetchedAttributes>
<string>objectClass</string>
<string>cn</string>
<string>jUserActive</string>
<string>sn</string>
<string>title</string>
<string>uid</string>
<string>userPassword</string>
<string>c</string>
<string>givenName</string>
<string>jBadPasswordCount</string>
<string>jSprintEmail</string>
<string>mail</string>
</fetchedAttributes>
<getAllFilter>(&(objectClass=jPortalUser))</getAllFilter>
<getOneFilter>(&(objectClass=jPortalUser)(uid={uid})(jSprintEmail={jSprintEmail})(sn={sn}))</getOneFilter>
</ldapDestinationService>
[…]
<conditions>
<create>true</create>
<update>true</update>
<delete>true</delete>
<changeId>false</changeId>
</conditions>
I think you just need to use uid as pivot attributes. So use this in
getOneFilter for your destination:
<getOneFilter>(&(objectClass=jPortalUser)(uid={uid}))</getOneFilter>
It seems that the filter with jSprintEmail and sn does not return any entry, so
LSC tries to add the entry.
Clément.
This message contains information that may be privileged or confidential and is
the property of the Capgemini Group. It is intended only for the person to whom
it is addressed. If you are not the intended recipient, you are not authorized
to read, print, retain, copy, disseminate, distribute, or use this message or
any part thereof. If you receive this message in error, please notify the
sender immediately and delete all copies of this message.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users
