Hello,
I am trying to migrate accounts from OpenLDAP to AD but it appears that
our AD won't set the user password through a SIMPLE authentication login
If I use the resulting LDIF with ldapadd and -Y GSSAPI it works
So I am wondering how to configure the AD connection in lsc.xml to use
GSSAPI instead of SIMPLE
First I had a message about gsseg_jaas.conf
so I created on ... but I don't know what to pu in it
now I have another error message :
juin 18 11:50:29 - INFO - LSC configuration successfully loaded from
/etc/lsc/openldap2ad/
javax.security.auth.login.LoginException: Aucun LoginModule configuré pour
org.lsc.jndi.JndiServices
at
javax.security.auth.login.LoginContext.init(LoginContext.java:272)
at
javax.security.auth.login.LoginContext.<init>(LoginContext.java:425)
at
org.lsc.jndi.JndiServices.getLdapProperties(JndiServices.java:358)
at org.lsc.jndi.JndiServices.getInstance(JndiServices.java:465)
at
org.lsc.jndi.AbstractSimpleJndiService.<init>(AbstractSimpleJndiService.java:176)
at
org.lsc.jndi.SimpleJndiDstService.<init>(SimpleJndiDstService.java:98)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at org.lsc.Task.<init>(Task.java:117)
at org.lsc.SimpleSynchronize.init(SimpleSynchronize.java:104)
at org.lsc.SimpleSynchronize.launch(SimpleSynchronize.java:154)
at org.lsc.Launcher.run(Launcher.java:223)
at org.lsc.Launcher.launch(Launcher.java:158)
at org.lsc.Launcher.main(Launcher.java:141)
juin 18 11:50:29 - INFO - Connecting to LDAP server
ldap://my.ad.com/DC=my,DC=ad,DC=com
CN=ADM,ou=AdminUsers,ou=FR,DC=my,DC=ad,DC=com
juin 18 11:50:30 - ERROR - Error opening the LDAP connection to the
destination! (javax.naming.AuthenticationException: GSSAPI [Root exception
is javax.security.sasl.SaslException: Failure to initialize security
context [Caused by GSSException: Invalid name provided (Mechanism level:
Cannot locate default realm)]])
juin 18 11:50:30 - ERROR - org.lsc.exception.LscConfigurationException:
Configuration exception: javax.naming.AuthenticationException: GSSAPI
[Root exception is javax.security.sasl.SaslException: Failure to
initialize security context [Caused by GSSException: Invalid name provided
(Mechanism level: Cannot locate default realm)]]
Can you please let me know if it is possible to use kerberos auth for the
update and how to configure it ?
Best regards.
Franck Rakotoindrainy_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
