Thanks a lot Clement, indeed that was the problem (and too bad i missed it!), but I have another question. If the GetAllFilter was not correct, how is it possible that during sync phase groups and members were added, and was only failing during the clean phase?
Thanks a lot again for the quick answer and for helping all of us here on the mail list. PD: Forgot to send it to the mail list. On Thu, Jan 22, 2015 at 11:41 AM, Marcos Rey <[email protected]> wrote: > Thanks a lot Clement, indeed that was the problem (and too bad i missed > it!), but I have another question. If the GetAllFilter was not correct, how > is it possible that during sync phase groups and members were added, and > was only failing during the clean phase? > > Thanks a lot again for the quick answer and for helping all of us here on > the mail list. > > Regards, > > On Thu, Jan 22, 2015 at 10:07 AM, Clément OUDOT <[email protected]> > wrote: > >> 2015-01-22 9:27 GMT+01:00 Marcos Rey <[email protected]>: >> > Hello! >> > >> >> Hi, >> >> >> > I've setting up sync between AD (Windows 2012) to OpenLDAP. User sync >> works >> > like a charm (add, modify, delete) but I'm struggling with group sync. >> > Adding members to a group, or adding groups works like a treat, but the >> > clean phase fails with a filter error that I'm not able to debug. On the >> > freenode channel someone suggested a filter issue (I also believe so) >> but I >> > can't figure out where the problem is. I also enabled the debug level >> on the >> > logs but there's no more information. I'm posting the relevant part of >> the >> > config: >> > >> > <task> >> > <name>sync-ldap-groups</name> >> > <bean>org.lsc.beans.SimpleBean</bean> >> > <asyncLdapSourceService> >> > <name>ad-src-service2</name> >> > <connection reference="ad-src-conn" /> >> > <baseDn>ou=Company,dc=companyaad,dc=company,dc=com</baseDn> >> > <pivotAttributes> >> > <string>cn</string> >> > </pivotAttributes> >> > <fetchedAttributes> >> > <string>sAMAccountName</string> >> > <string>cn</string> >> > <string>member</string> >> > <string>objectCategory</string> >> > </fetchedAttributes> >> > >> > >> <getAllFilter>(&(objectClass=group)(sAMAccountType=268435456))</getAllFilter> >> > <getOneFilter>(&(objectClass=group)(cn={cn}))</getOneFilter> >> > <cleanFilter>(&(objectClass=group)(cn={cn}))</cleanFilter> >> > <serverType>ActiveDirectory</serverType> >> > </asyncLdapSourceService> >> > <ldapDestinationService> >> > <name>ldap-dst-service2</name> >> > <connection reference="ldap-dest-conn" /> >> > <baseDn>ou=Groups,dc=company,dc=com</baseDn> >> > <pivotAttributes> >> > <string>cn</string> >> > </pivotAttributes> >> > <fetchedAttributes> >> > <string>objectClass</string> >> > <string>cn</string> >> > <string>member</string> >> > <string>description</string> >> > <string>o</string> >> > </fetchedAttributes> >> > <getAllFilter>(objectClass=groupOfNames))</getAllFilter> >> > >> > <getOneFilter>(&(objectClass=groupOfNames)(cn={cn}))</getOneFilter> >> > </ldapDestinationService> >> > <propertiesBasedSyncOptions> >> > <mainIdentifier>"cn=" + srcBean.getDatasetFirstValueById("cn") + >> > ",ou=Groups,dc=company,dc=com"</mainIdentifier> >> > <defaultDelimiter>;</defaultDelimiter> >> > <defaultPolicy>FORCE</defaultPolicy> >> > <conditions> >> > <create>true</create> >> > <update>true</update> >> > <delete>true</delete> >> > </conditions> >> > <dataset> >> > <name>objectClass</name> >> > <policy>KEEP</policy> >> > <createValues> >> > <string>"groupOfNames"</string> >> > <string>"top"</string> >> > </createValues> >> > </dataset> >> > <dataset> >> > <name>cn</name> >> > <forceValues> >> > >> > <string>srcBean.getDatasetFirstValueById("sAMAccountName")</string> >> > </forceValues> >> > </dataset> >> > <dataset> >> > <name>member</name> >> > <forceValues> >> > >> <!--string>srcBean.getDatasetFirstValueById("member")</string--> >> > <string> >> > <![CDATA[ >> > var memberIdValues = []; >> > var membersSrcDn = >> > srcBean.getDatasetValuesById("member"); >> > var cn = srcBean.getDatasetFirstValueById("cn"); >> > >> > for (var i=0; i<membersSrcDn.size(); i++) { >> > >> > var memberSrcDn = membersSrcDn.get(i); >> > //We want to get the sAMAccountName for >> each >> > group member >> > var memberAcct = >> > srcLdap.attribute(memberSrcDn, "sAMAccountName").get(0); >> > memberAcct = String("cn="+memberAcct); >> > memberIdValues.push(memberAcct); >> > } >> > memberIdValues >> > ]]> >> > </string> >> > </forceValues> >> > </dataset> >> > <dataset> >> > <name>description</name> >> > <forceValues> >> > <string>srcBean.getDatasetFirstValueById("cn")</string> >> > </forceValues> >> > </dataset> >> > <dataset> >> > <name>o</name> >> > <forceValues> >> > >> > <string>srcBean.getDatasetFirstValueById("objectCategory")</string> >> > </forceValues> >> > </dataset> >> > </propertiesBasedSyncOptions> >> > </task> >> > </tasks> >> > </lsc> >> > >> > And this is the output of the clean phase operation (debug log level >> > produces the same output): >> > >> > Jan 21 17:37:18 - INFO - Logging configuration successfully loaded from >> > /etc/lsc/logback.xml >> > Jan 21 17:37:18 - INFO - LSC configuration successfully loaded from >> > /etc/lsc/ >> > Jan 21 17:37:18 - INFO - Connecting to LDAP server >> > ldap://localhost:389/dc=sapienzaconsulting,dc=com as >> > cn=manager,dc=sapienzaconsulting,dc=com >> > Jan 21 17:37:18 - INFO - Connecting to LDAP server >> > ldap://10.2.14.133:389/dc=sapienzaad,dc=sapienzaconsulting,dc=com as >> > cn=tech1,ou=Sapienza,dc=sapienzaad,dc=sapienzaconsulting,dc=com >> > Jan 21 17:37:19 - INFO - Starting clean for sync-ldap >> > Jan 21 17:37:19 - INFO - All entries: 72, to modify entries: 0, >> > successfully modified entries: 0, errors: 0 >> > Jan 21 17:37:19 - INFO - Starting clean for sync-ldap-groups >> > Jan 21 17:37:19 - ERROR - >> > javax.naming.directory.InvalidSearchFilterException: Unbalanced >> parenthesis; >> > remaining name 'ou=Groups' >> > Jan 21 17:37:19 - ERROR - Empty or non existant destination (no IDs >> found) >> > >> > >> > Thanks in advance a lot for reading the message and for your help. >> > >> >> >> Check the getAllFilter in destination service, there is an extra ) at >> the end: >> >> <getAllFilter>(objectClass=groupOfNames))</getAllFilter> >> >> >> Remove it... >> >> >> Clément. >> > >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
