2014-12-04 1:29 GMT+01:00 W. Ho <[email protected]>: > Team, > > I have successfully sync'ed AD users to OpenLDAP. Now I am adding the > group sync and having some issues. > > I created a task section for group sync based on the instruction from the > tutorial. When I execute the sync I got the below error message. I > believe it has issue to create objectClass in the destination LDAP group ou > but I am not sure why it fails. Any help is very appreciated. > > Dec 03 12:30:07 - ERROR - Error while adding entry > cn=test,ou=Groups,ou=Dept,dc=sample,dc=net in directory > :javax.naming.directory.InvalidAttributeValueException: [LDAP: error code > 21 - objectClass: value #0 invalid per syntax]; remaining name > 'cn=test,ou=Groups,ou=Dept' > Dec 03 12:30:07 - ERROR - Error while synchronizing ID > cn=test,ou=Groups,ou=Dept,dc=sample,dc=net: java.lang.Exception: Technical > problem while applying modifications to the destination > > <task> > <name>adGroup</name> > <bean>org.lsc.beans.SimpleBean</bean> > <ldapSourceService> > <name>group-source-service</name> > <connection reference="AD" /> > <baseDn>ou=Groups,ou=Dept,dc=sample,dc=net</baseDn> > <pivotAttributes> > <string>cn</string> > </pivotAttributes> > <fetchedAttributes> > <string>dn</string> > <string>cn</string> > <string>description</string> > <string>member</string> > <string>objectClass</string> > </fetchedAttributes> > <getAllFilter><![CDATA[(objectClass=group)]]></getAllFilter> > > <getOneFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></getOneFilter> > > <cleanFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></cleanFilter> > </ldapSourceService> > <ldapDestinationService> > <name>group-dst-service</name> > <connection reference="openldap" /> > <baseDn>ou=Groups,ou=Dept,dc=sample,dc=net</baseDn> > <pivotAttributes> > <string>cn</string> > </pivotAttributes> > <fetchedAttributes> > <string>dn</string> > <string>cn</string> > <string>description</string> > <string>uniqueMember</string> > <string>objectClass</string> > </fetchedAttributes> > <getAllFilter><![CDATA[(objectClass=groupOfNames)]]></getAllFilter> > > > <getOneFilter><![CDATA[(&(objectClass=groupOfNames)(cn={cn}))]]></getOneFilter> > </ldapDestinationService> > <propertiesBasedSyncOptions> > <mainIdentifier>js:"cn=" + > javax.naming.ldap.Rdn.escapeValue(srcBean.getDatasetFirstValueById("cn")) + > ",ou=Groups,ou=Dept,dc=sample,dc=net"</mainIdentifier> > <defaultDelimiter>;</defaultDelimiter> > <defaultPolicy>FORCE</defaultPolicy> > <conditions> > <create>true</create> > <update>true</update> > <delete>true</delete> > <changeId>true</changeId> > </conditions> > <dataset> > <name>objectclass</name> > <policy>FORCE</policy> > <createValues> > <string>"top"</string> > <string>"groupOfNames"</string> > </createValues> > </dataset> > <dataset> > <name>cn</name> > <policy>FORCE</policy> > <forceValues> > <string>srcBean.getDatasetFirstValueById("cn")</string> > </forceValues> > </dataset> > <dataset> > <name>dn</name> > <policy>FORCE</policy> > <forceValues> > <string>srcBean.getDatasetFirstValueById("dn")</string> > </forceValues> > </dataset> > <dataset> > <name>uniqueMember</name> > <policy>FORCE</policy> > <forceValues> > <string> > <![CDATA[rjs: > var membersSrcDn = srcBean.getDatasetValuesById("member"); > var membersDstDn = []; > for (var i=0; i<membersSrcDn.size(); i++) { > var memberSrcDn = membersSrcDn.get(i); > var sAMAccountName = ""; > try { > sAMAccountName = srcLdap.attribute(memberSrcDn, > "sAMAccountName").get(0); > } catch(e) { > continue; > } > var destDn = ldap.search("ou=Users,ou=Dept", "(uid=" > + sAMAccountName + ")"); > if (destDn.size() == 0 || destDn.size() > 1) { > continue; > } > var destMemberDn = destDn.get(0) + "," + > ldap.getContextDn(); > membersDstDn.push(destMemberDn); > } > membersDstDn > ]]> > </string> > </forceValues> > </dataset> > </propertiesBasedSyncOptions> > </task> > > >
Hi, try to remove objectClass from source fetchedAttributes. If it does not work, try to set DEBUG level in logback.xml to see what is sent by LSC to OpenLDAP. Clément.
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
