Hi all,we are trying to sync an AD's contents to an OpenLDAP. Everything works fine during the first run, but when we start the sync a second time, the following error occurs:
Dez 10 15:08:00 - ERROR - Error while synchronizing ID cn=Surname\\, Firstname,ou=Benutzer,c=de: java.lang.RuntimeException: org.apache.directory.api.ldap.model.exception.LdapInvalidDnException: expecting EQUALS, found '('
# Wed Dec 10 15:08:00 CET 2014 dn: cn=Surname\\, Firstname,ou=Benutzer,c=de changetype: modrdn newrdn: Surname\, Firstname deleteoldrdn: 1 newsuperior: OU=Benutzer,c=de The output when first adding this entry looks like this.Dez 10 16:07:31 - INFO - # Adding new object CN=Surname\, Firstname,OU=Benutzer,c=de for t41
# Wed Dec 10 16:07:31 CET 2014
dn: CN=Surname\, Firstname,OU=Benutzer,c=de
changetype: add
Our MainIdentifier is constructed like so:
<mainIdentifier>srcBean.getMainIdentifier().replace(",DC=de",",c=de")</mainIdentifier>
Interestingly, searching both source and destination directories after
first sync using ldapsearch yields different results:
SOURCE Directory (AD): dn: CN=Surname\, Firstname,OU=Benutzer,DC=de cn: Surname, Firstname DESTINATION directory (OpenLDAP) dn: cn=Surname\2C Firstname,ou=Benutzer,c=de cn: Surname, FirstnameNote the different encoding of the DN in the two outputs. It looks like AD and OpenLDAP encode escaped commas in DN parts differently and that leads to LSC adding escaping backslashes during the second sync. Any ideas what went wrong or what we can do? Is this maybe a bug in the LSC core?
Please note that changing the DN to not include the CN or the CN to not include a comma is not an option.
Regards, Benjamin
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
