2015-02-04 11:29 GMT+01:00 Ali Oezdemir <[email protected]>: > Hi, > >
Hi, > > I want to synchronize my OpenLDAP with AD over SSL and when I start the > sync, the OpenLDAP can´t connect to AD. > > I configured the <ldapConnection> in the lsc.xml file as follows: > > > > <ldapConnection> > > <name>AD</name> > > > <url>ldaps://samba.abk-stuttgart.de/dc=abk-stuttgart,dc=domain</url> > > > <username>cn=administrator,cn=Users,dc=abk-stuttgart,dc=domain</username> > > <password>secret</password> > > <authentication>SIMPLE</authentication> > > <pageSize>1000</pageSize> > > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > > <!-- <tlsActivated>true</tlsActivated> --> > > </ldapConnection> > > > > When I start the synchronization I got the following message and the > connection hangs: > > > > INFO - Reflections took 195 ms to scan 1 urls, producing 55 keys and 115 > values > > INFO - Logging configuration successfully loaded from > /etc/lsc/samba/logback.xml > > INFO - LSC configuration successfully loaded from /etc/lsc/samba/ > > INFO - Connecting to LDAP server > ldaps://samba.abk-stuttgart.de/dc=abk-stuttgart,dc=domain as > cn=administrator,cn=Users,dc=abk-stuttgart,dc=domain > > Are you sure AD is configured with an SSL certificate? > > When I start the synchronization with STARTTLS with Port: 389 as follows I > got Error messages: > > > > <ldapConnection> > > <name>AD</name> > > > <url>ldap://samba.abk-stuttgart.de:389/dc=abk-stuttgart,dc=domain</url> > > > <username>cn=administrator,cn=Users,dc=abk-stuttgart,dc=domain</username> > > <password>secret</password> > > <authentication>SIMPLE</authentication> > > <pageSize>1000</pageSize> > > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > > <tlsActivated>true</tlsActivated> > > </ldapConnection> > > > > Error Messages: > > > > WARN - Communication error, retrying: connection closed > > INFO - Connecting to LDAP server > ldap://samba.abk-stuttgart.de:389/dc=abk-stuttgart,dc=domain as > cn=administrator,cn=Users,dc=abk-stuttgart,dc=domain with STARTTLS extended > operation > > ERROR - Error while looking for (&(objectClass=user)(sAMAccountName=afsa)) > in cn=Users,dc=abk-stuttgart,dc=domain: javax.naming.CommunicationException: > Request: 3 cancelled; remaining name 'cn=Users' > > ERROR - Error while synchronizing ID {uid=afsa}: > org.lsc.exception.LscServiceException: javax.naming.CommunicationException: > Request: 3 cancelled; remaining name 'cn=Users' > > ERROR - Error while looking for > (&(objectClass=user)(sAMAccountName=student.test)) in > cn=Users,dc=abk-stuttgart,dc=domain: javax.naming.CommunicationException: > Request: 7 cancelled; remaining name 'cn=Users' > > ERROR - Error while synchronizing ID {uid=student.test}: > org.lsc.exception.LscServiceException: javax.naming.CommunicationException: > Request: 7 cancelled; remaining name 'cn=Users' > > … > AD does not support STARTTLS. > > I have another question respective Password synchronization from OpenLDAP to > AD over SSL: > > > > I want to synchronize the clear passwords from the OpenLDAP to AD and don´t > want to change the passwords. > > I configured the <unicodePwd> and the <userAccountControl> tasks as follows: > > > > <dataset> > > <name>userAccountControl</name> > > <policy>KEEP</policy> > > <createValues> > > <string>AD.userAccountControlSet( "1", > [AD.UAC_SET_NORMAL_ACCOUNT, AD.UAC_DONT_EXPIRE_PASSWORD])</string> > > </createValues> > > </dataset> > > > > <dataset> > > <name>unicodePwd</name> > > <policy>FORCE</policy> > > <forceValues> > > > <string>AD.getUnicodePwd(srcBean.getDatasetFirstValueById(clearPW)</string> > > </forceValues> > > </dataset> > > > > Is this the right configuration to synchronize the passwords from OpenLDAP > to AD? > > Yes, but this will modify password on AD at each LSC execution. Clément. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
