Re: [lsc-users] sync from AD server to LDAP server-Error opening the LDAP connection to the destination! LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5

Tue, 23 Jun 2015 02:36:08 -0700 


Le 23/06/2015 11:10, Chiang.Jedison 江序農 IEC1 a écrit :

Hi,


I'm trying to sync the users from AD Server to LDAP server, and met 
some errs, please reference the configuration and log ad below.

Btw, are the domains/admins of source and destination need to be the same?



----------lsc.xml---------------------
​<?xml version="1.0" ?>
<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0">

 <connections>
  <ldapConnection>
      <name>ldap-src-conn</name>
<url>ldap://demo.local/dc=demo,dc=local</url>
<username>cn=administrator,dc=demo,dc=local</username>
<password>abcd-1234</password>
<authentication>SIMPLE</authentication>
      <pageSize>1000</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
  </ldapConnection>
  <ldapConnection>
      <name>ldap-dst-conn</name>
<url>ldap://localhost/dc=wps,dc=inventec,dc=com</url>
<username>cn=admin,dc=wps,dc=inventec,dc=com</username>
<password>inventec</password>
<authentication>SIMPLE</authentication>
      <referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
     <version>VERSION_3</version>
     <pageSize>-1</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
    </ldapConnection>
  </connections>

 <tasks>
    <task>
      <name>ldapContentSync</name>
<bean>org.lsc.beans.SimpleBean</bean>
      <ldapSourceService>
 <name>ldap-src-service</name>
        <connection reference="ldap-src-conn" />
<baseDn>dc=demo,dc=local</baseDn>
       <pivotAttributes>
          <string>mail</string>
        </pivotAttributes>
       <fetchedAttributes>
 <string>cn</string>
          <string>mail</string>
<string>objectclass</string>
<string>sAMAccountName</string>
          <string>sn</string>
<string>unicodePwd</string>
<string>userAccountControl</string>
<string>userPrincipalName</string>

       </fetchedAttributes>
 <getAllFilter>(objectClass=user)</getAllFilter>
 <getOneFilter>(&amp;(objectClass=user)(mail={mail}))</getOneFilter>


   </ldapSourceService>
     <ldapDestinationService>
<name>ldap-dst-service</name>
        <connection reference="ldap-dst-conn" />
<baseDn>dc=wps,dc=inventec,dc=com</baseDn>
               <pivotAttributes>
          <string>mail</string>
        </pivotAttributes>
       <fetchedAttributes>
 <string>cn</string>
          <string>mail</string>
          <string>sn</string>
          <string>uid</string>
<string>userPassword</string>
 <string>objectClass</string>
        </fetchedAttributes>

<getAllFilter>(objectClass=inetOrgPerson)</getAllFilter>
 <getOneFilter>(&amp;(objectClass=inetOrgPerson)(mail={mail}))</getOneFilter>
      </ldapDestinationService>


      <propertiesBasedSyncOptions>
<mainIdentifier>srcBean.getMainIdentifier()</mainIdentifier>
 <defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
        <conditions>
<create>true</create>
<update>true</update>
<delete>true</delete>
<changeId>false</changeId>
        </conditions>
      </propertiesBasedSyncOptions>
    </task>
  </tasks>



  <security>
    <encryption>
<keyfile>etc/lsc.key</keyfile>
     <algorithm>AES</algorithm>
      <strength>128</strength>
    </encryption>
  </security>
</lsc>
​ ----------lsc.xml---------------------

Here is the log after I excuted  "/etc/init.d/lsc start" command,

---------lsc.log----------------------

​Jun 22 14:50:14 - INFO  - Logging configuration successfully loaded 
from /etc/lsc/logback.xml
Jun 22 14:50:14 - INFO  - LSC configuration successfully loaded from 
/etc/lsc/
Jun 22 14:50:14 - INFO  - Configuration and environment successfully 
checked !

2015/06/22 14:50:14 [lsc] Starting LSC
2015/06/22 14:50:14 [lsc] Using JMX port 1099

Jun 22 14:50:15 - INFO  - Logging configuration successfully loaded 
from /etc/lsc/logback.xml
Jun 22 14:50:15 - INFO  - LSC configuration successfully loaded from 
/etc/lsc/
Jun 22 14:50:15 - INFO  - Connecting to LDAP server 
ldap://localhost/dc=wps,dc=inventec,dc=com as 
cn=admin,dc=wps,dc=inventec,dc=com
Jun 22 14:50:15 - INFO  - Connecting to LDAP server 
ldap://demo.local/dc=demo,dc=local as cn=administrator,dc=demo,dc=local
Jun 22 14:50:15 - ERROR - Error opening the LDAP connection to the 
destination! (javax.naming.AuthenticationException: [LDAP: error code 
49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext 
error, data 52e, v23f0 ])
Jun 22 14:50:15 - ERROR - org.lsc.exception.LscConfigurationException: 
Configuration exception: javax.naming.AuthenticationException: [LDAP: 
error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: 
AcceptSecurityContext error, data 52e, v23f0 ]

2015/06/22 14:50:16 [lsc] LSC finished running
​ ---------lsc.log----------------------


Please advise what should I adjust, thanks!



Hello Jed,


the LDAP error code 49 means the authentication was refused. So you must 
have an error in you configuration in the <username> or in the <password>.


--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS


<<attachment: clement_oudot.vcf>>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users





















					Reply via email to