Hi, I want to synchronize my OpenLDAP with AD over SSL and when I start the sync, the OpenLDAP can´t connect to AD.
I configured the <ldapConnection> in the lsc.xml file as follows: <ldapConnection> <name>AD</name> <url>ldaps://samba.abk-stuttgart.de/dc=abk-stuttgart,dc=domain</url> <username>cn=administrator,cn=Users,dc=abk-stuttgart,dc=domain</username> <password>secret</password> <authentication>SIMPLE</authentication> <pageSize>1000</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <!-- <tlsActivated>true</tlsActivated> --> </ldapConnection> When I start the synchronization I got the following message and the connection hangs: INFO - Reflections took 195 ms to scan 1 urls, producing 55 keys and 115 values INFO - Logging configuration successfully loaded from /etc/lsc/samba/logback.xml INFO - LSC configuration successfully loaded from /etc/lsc/samba/ INFO - Connecting to LDAP server ldaps://samba.abk-stuttgart.de/dc=abk-stuttgart,dc=domain as cn=administrator,cn=Users,dc=abk-stuttgart,dc=domain When I start the synchronization with STARTTLS with Port: 389 as follows I got Error messages: <ldapConnection> <name>AD</name> <url>ldap://samba.abk-stuttgart.de:389/dc=abk-stuttgart,dc=domain</url> <username>cn=administrator,cn=Users,dc=abk-stuttgart,dc=domain</username> <password>secret</password> <authentication>SIMPLE</authentication> <pageSize>1000</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>true</tlsActivated> </ldapConnection> Error Messages: WARN - Communication error, retrying: connection closed INFO - Connecting to LDAP server ldap://samba.abk-stuttgart.de:389/dc=abk-stuttgart,dc=domain as cn=administrator,cn=Users,dc=abk-stuttgart,dc=domain with STARTTLS extended operation ERROR - Error while looking for (&(objectClass=user)(sAMAccountName=afsa)) in cn=Users,dc=abk-stuttgart,dc=domain: javax.naming.CommunicationException: Request: 3 cancelled; remaining name 'cn=Users' ERROR - Error while synchronizing ID {uid=afsa}: org.lsc.exception.LscServiceException: javax.naming.CommunicationException: Request: 3 cancelled; remaining name 'cn=Users' ERROR - Error while looking for (&(objectClass=user)(sAMAccountName=student.test)) in cn=Users,dc=abk-stuttgart,dc=domain: javax.naming.CommunicationException: Request: 7 cancelled; remaining name 'cn=Users' ERROR - Error while synchronizing ID {uid=student.test}: org.lsc.exception.LscServiceException: javax.naming.CommunicationException: Request: 7 cancelled; remaining name 'cn=Users' ... I have another question respective Password synchronization from OpenLDAP to AD over SSL: I want to synchronize the clear passwords from the OpenLDAP to AD and don´t want to change the passwords. I configured the <unicodePwd> and the <userAccountControl> tasks as follows: <dataset> <name>userAccountControl</name> <policy>KEEP</policy> <createValues> <string>AD.userAccountControlSet( "1", [AD.UAC_SET_NORMAL_ACCOUNT, AD.UAC_DONT_EXPIRE_PASSWORD])</string> </createValues> </dataset> <dataset> <name>unicodePwd</name> <policy>FORCE</policy> <forceValues> <string>AD.getUnicodePwd(srcBean.getDatasetFirstValueById(clearPW)</string> </forceValues> </dataset> Is this the right configuration to synchronize the passwords from OpenLDAP to AD? Thank you in advance for your help. Regards, Ali
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
