Hi Clément,
Thank you very much. I solved the problem. I can synchronize the users
in OpenLDAP to AD.
Now I have another problem: I want to synchronize groups from my
OpenLDAP to AD and get this Error:
ERROR - Error while modifying entry
CN=kw_lehre,OU=Groups,DC=abk-stuttgart,DC=domain in directory
:javax.naming.InvalidNameException: CN=kw_lehre,OU=Groups: [LDAP: error
code 34 - could not parse [object Array] as a
1.3.6.1.4.1.1466.115.121.1.12 DN]; remaining name 'CN=kw_lehre,OU=Groups'
I use the javascript as described in the documentation. The elements are
configured correctly because individual elements of the Array can be
evaluated but not the complete Array. LSC couldn´t parse the complete Array.
I tried it with different delimiter like '$' or ',' but it still doesn´t
work, so we can exclude a delimiter problem.
I configured the javascript as follows:
<string>
<![CDATA[rjs:
var membersSrcDn = srcBean.getDatasetValuesById("member");
var membersDstDn = [];
for (var i=0; i<membersSrcDn.length; i++) {
var memberSrcDn = membersSrcDn.get(i);
var uid = "";
try {
uid = srcLdap.attribute(memberSrcDn, "uid").get(0);
} catch(e) {
continue;
}
var destDn = ldap.search("CN=Users",
"(sAMAccountName="+uid+")");
if (destDn.length == 0 || destDn.length > 1) {
continue;
}
var destMemberDn = destDn.get(0) + "," +
ldap.getContextDn();
membersDstDn.push(destMemberDn);
}
membersDstDn
]]>
</string>
Thank you in advance for your help.
King regards,
Ali
Am 04.02.15 um 11:35 schrieb Clément OUDOT:
2015-02-04 11:29 GMT+01:00 Ali Oezdemir <[email protected]>:
Hi,
Hi,
I want to synchronize my OpenLDAP with AD over SSL and when I start the
sync, the OpenLDAP can´t connect to AD.
I configured the <ldapConnection> in the lsc.xml file as follows:
<ldapConnection>
<name>AD</name>
<url>ldaps://samba.abk-stuttgart.de/dc=abk-stuttgart,dc=domain</url>
<username>cn=administrator,cn=Users,dc=abk-stuttgart,dc=domain</username>
<password>secret</password>
<authentication>SIMPLE</authentication>
<pageSize>1000</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<!-- <tlsActivated>true</tlsActivated> -->
</ldapConnection>
When I start the synchronization I got the following message and the
connection hangs:
INFO - Reflections took 195 ms to scan 1 urls, producing 55 keys and 115
values
INFO - Logging configuration successfully loaded from
/etc/lsc/samba/logback.xml
INFO - LSC configuration successfully loaded from /etc/lsc/samba/
INFO - Connecting to LDAP server
ldaps://samba.abk-stuttgart.de/dc=abk-stuttgart,dc=domain as
cn=administrator,cn=Users,dc=abk-stuttgart,dc=domain
Are you sure AD is configured with an SSL certificate?
When I start the synchronization with STARTTLS with Port: 389 as follows I
got Error messages:
<ldapConnection>
<name>AD</name>
<url>ldap://samba.abk-stuttgart.de:389/dc=abk-stuttgart,dc=domain</url>
<username>cn=administrator,cn=Users,dc=abk-stuttgart,dc=domain</username>
<password>secret</password>
<authentication>SIMPLE</authentication>
<pageSize>1000</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>true</tlsActivated>
</ldapConnection>
Error Messages:
WARN - Communication error, retrying: connection closed
INFO - Connecting to LDAP server
ldap://samba.abk-stuttgart.de:389/dc=abk-stuttgart,dc=domain as
cn=administrator,cn=Users,dc=abk-stuttgart,dc=domain with STARTTLS extended
operation
ERROR - Error while looking for (&(objectClass=user)(sAMAccountName=afsa))
in cn=Users,dc=abk-stuttgart,dc=domain: javax.naming.CommunicationException:
Request: 3 cancelled; remaining name 'cn=Users'
ERROR - Error while synchronizing ID {uid=afsa}:
org.lsc.exception.LscServiceException: javax.naming.CommunicationException:
Request: 3 cancelled; remaining name 'cn=Users'
ERROR - Error while looking for
(&(objectClass=user)(sAMAccountName=student.test)) in
cn=Users,dc=abk-stuttgart,dc=domain: javax.naming.CommunicationException:
Request: 7 cancelled; remaining name 'cn=Users'
ERROR - Error while synchronizing ID {uid=student.test}:
org.lsc.exception.LscServiceException: javax.naming.CommunicationException:
Request: 7 cancelled; remaining name 'cn=Users'
…
AD does not support STARTTLS.
I have another question respective Password synchronization from OpenLDAP to
AD over SSL:
I want to synchronize the clear passwords from the OpenLDAP to AD and don´t
want to change the passwords.
I configured the <unicodePwd> and the <userAccountControl> tasks as follows:
<dataset>
<name>userAccountControl</name>
<policy>KEEP</policy>
<createValues>
<string>AD.userAccountControlSet( "1",
[AD.UAC_SET_NORMAL_ACCOUNT, AD.UAC_DONT_EXPIRE_PASSWORD])</string>
</createValues>
</dataset>
<dataset>
<name>unicodePwd</name>
<policy>FORCE</policy>
<forceValues>
<string>AD.getUnicodePwd(srcBean.getDatasetFirstValueById(clearPW)</string>
</forceValues>
</dataset>
Is this the right configuration to synchronize the passwords from OpenLDAP
to AD?
Yes, but this will modify password on AD at each LSC execution.
Clément.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
