Hi, I removed the objectClass from source fetchedAttributes and got the same error.
Next, I changed the logger to DEBUG level. Here is the error message: Dec 04 10:53:23 - ERROR - Error while adding entry cn=test,ou=Groups,ou=Dept,dc=sample,dc=net in directory :javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - invalid structural object class chain (groupOfNames/groupOfUniqueNames)]; remaining name 'cn=test,ou=Groups,ou=Dept' Dec 04 10:53:23 - ERROR - Error while synchronizing ID cn=test,ou=Groups,ou=Dept,dc=sample,dc=net: java.lang.Exception: Technical problem while applying modifications to the destination After searching the Internet, it seems the problem is related to nis.schema versus rfc2307bis.schema. I went ahead to rebuild OpenLDAP by removing nis.schema and adding rfc2307bis.schema. This does not change any behavior at all. The user sync went through without any issue but the group sync still failed with the same error message. Any suggestions? By the way, the system backgrounds: OS: CentOS 6.5 64-bit LSC: version 2.1.1 Java: Oracle/Sun JDK 1.7.0.71 MS 2008R2 64-bit Thanks, Date: Thu, 4 Dec 2014 09:05:15 +0100 Subject: Re: [lsc-users] Sync AD Group To OpenLDAP From: [email protected] To: [email protected] CC: [email protected] 2014-12-04 1:29 GMT+01:00 W. Ho <[email protected]>: Team, I have successfully sync'ed AD users to OpenLDAP. Now I am adding the group sync and having some issues. I created a task section for group sync based on the instruction from the tutorial. When I execute the sync I got the below error message. I believe it has issue to create objectClass in the destination LDAP group ou but I am not sure why it fails. Any help is very appreciated. Dec 03 12:30:07 - ERROR - Error while adding entry cn=test,ou=Groups,ou=Dept,dc=sample,dc=net in directory :javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - objectClass: value #0 invalid per syntax]; remaining name 'cn=test,ou=Groups,ou=Dept' Dec 03 12:30:07 - ERROR - Error while synchronizing ID cn=test,ou=Groups,ou=Dept,dc=sample,dc=net: java.lang.Exception: Technical problem while applying modifications to the destination <task> <name>adGroup</name> <bean>org.lsc.beans.SimpleBean</bean> <ldapSourceService> <name>group-source-service</name> <connection reference="AD" /> <baseDn>ou=Groups,ou=Dept,dc=sample,dc=net</baseDn> <pivotAttributes> <string>cn</string> </pivotAttributes> <fetchedAttributes> <string>dn</string> <string>cn</string> <string>description</string> <string>member</string> <string>objectClass</string> </fetchedAttributes> <getAllFilter><![CDATA[(objectClass=group)]]></getAllFilter> <getOneFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></getOneFilter> <cleanFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></cleanFilter> </ldapSourceService> <ldapDestinationService> <name>group-dst-service</name> <connection reference="openldap" /> <baseDn>ou=Groups,ou=Dept,dc=sample,dc=net</baseDn> <pivotAttributes> <string>cn</string> </pivotAttributes> <fetchedAttributes> <string>dn</string> <string>cn</string> <string>description</string> <string>uniqueMember</string> <string>objectClass</string> </fetchedAttributes> <getAllFilter><![CDATA[(objectClass=groupOfNames)]]></getAllFilter> <getOneFilter><![CDATA[(&(objectClass=groupOfNames)(cn={cn}))]]></getOneFilter> </ldapDestinationService> <propertiesBasedSyncOptions> <mainIdentifier>js:"cn=" + javax.naming.ldap.Rdn.escapeValue(srcBean.getDatasetFirstValueById("cn")) + ",ou=Groups,ou=Dept,dc=sample,dc=net"</mainIdentifier> <defaultDelimiter>;</defaultDelimiter> <defaultPolicy>FORCE</defaultPolicy> <conditions> <create>true</create> <update>true</update> <delete>true</delete> <changeId>true</changeId> </conditions> <dataset> <name>objectclass</name> <policy>FORCE</policy> <createValues> <string>"top"</string> <string>"groupOfNames"</string> </createValues> </dataset> <dataset> <name>cn</name> <policy>FORCE</policy> <forceValues> <string>srcBean.getDatasetFirstValueById("cn")</string> </forceValues> </dataset> <dataset> <name>dn</name> <policy>FORCE</policy> <forceValues> <string>srcBean.getDatasetFirstValueById("dn")</string> </forceValues> </dataset> <dataset> <name>uniqueMember</name> <policy>FORCE</policy> <forceValues> <string> <![CDATA[rjs: var membersSrcDn = srcBean.getDatasetValuesById("member"); var membersDstDn = []; for (var i=0; i<membersSrcDn.size(); i++) { var memberSrcDn = membersSrcDn.get(i); var sAMAccountName = ""; try { sAMAccountName = srcLdap.attribute(memberSrcDn, "sAMAccountName").get(0); } catch(e) { continue; } var destDn = ldap.search("ou=Users,ou=Dept", "(uid=" + sAMAccountName + ")"); if (destDn.size() == 0 || destDn.size() > 1) { continue; } var destMemberDn = destDn.get(0) + "," + ldap.getContextDn(); membersDstDn.push(destMemberDn); } membersDstDn ]]> </string> </forceValues> </dataset> </propertiesBasedSyncOptions> </task> Hi, try to remove objectClass from source fetchedAttributes. If it does not work, try to set DEBUG level in logback.xml to see what is sent by LSC to OpenLDAP. Clément.
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
