Re: [lsc-users] LDAP ERROR 64 in LSC log while modifying an entry

[Clément OUDOT]

Le 25/06/2015 13:44, Tomáš Lukl a écrit :

Hello,

Hello Tomáš,

I am getting an ERROR during destination entry modification which I do not 
really understand:

Jun 25 13:30:37 - ERROR - Error while modifying entry 
uid=1245,ou=nnh,ou=internal,ou=accounts,o=artiisgroup.cz in directory 
:javax.naming.InvalidNameException: uid=1245,ou=nnh,ou=internal,ou=accounts: 
[LDAP: error code 64 - naming attribute 'uid' is not present in entry]$
Jun 25 13:30:37 - ERROR - Error while synchronizing ID 
uid=1245,ou=nnh,ou=internal,ou=accounts,o=artiisgroup.cz: java.lang.Exception: 
Technical problem while applying modifications to the destination
# Thu Jun 25 13:30:37 CEST 2015
dn: uid=1245,ou=nnh,ou=internal,ou=accounts,o=artiisgroup.cz
changetype: modify
delete: uid



The synchronization takes place between AD (source) and OpenLDAP (destination). 
The destination entry exists. Here is the relevant part of the LSC.XML:

     <task>
       <name>SyncUVNOpenLDAP</name>
       <bean>org.lsc.beans.SimpleBean</bean>
       <ldapSourceService>
         <name>ldap-src-service</name>
         <connection reference="ldap-src-conn" />
         <baseDn>OU=NNH,DC=NNH,DC=LOCAL</baseDn>
         <pivotAttributes>
           <string>sAMAccountName</string>
         </pivotAttributes>
         <fetchedAttributes>
           <string>sAMAccountName</string>
           <string>cn</string>
           <string>sn</string>
           <string>userPassword</string>
           <string>objectClass</string>
           <string>givenName</string>
         </fetchedAttributes>
         
<getAllFilter><![CDATA[(&(objectClass=user)(memberOf=CN=group,CN=Users,DC=nnh,DC=local))]]></getAllFilter>
         
<getOneFilter><![CDATA[(&(objectClass=user)(sAMAccountName={sAMAccountName}))]]></getOneFilter>
         <interval>3600</interval>
       </ldapSourceService>
       <ldapDestinationService>
         <name>ldap-dst-service</name>
         <connection reference="ldap-dst-conn" />
         <baseDn>ou=nnh,ou=internal,ou=accounts,o=artiisgroup.cz</baseDn>
         <pivotAttributes>
           <string>uid</string>
         </pivotAttributes>
         <fetchedAttributes>
           <string>uid</string>
           <string>cn</string>
           <string>sn</string>
           <string>userPassword</string>
           <string>objectClass</string>
           <string>givenName</string>
           <string>userUniqueId</string>
           <string>managed</string>
         </fetchedAttributes>
         <getAllFilter>(objectClass=inetorgperson)</getAllFilter>
         
<getOneFilter>(&amp;(objectClass=inetorgperson)(uid={sAMAccountName}))</getOneFilter>
       </ldapDestinationService>
       <propertiesBasedSyncOptions>
         <mainIdentifier>"uid=" + srcBean.getDatasetFirstValueById("sAMAccountName") + 
",ou=nnh,ou=internal,ou=accounts,o=artiisgroup.cz"</mainIdentifier>
         <defaultDelimiter>;</defaultDelimiter>
         <defaultPolicy>FORCE</defaultPolicy>
         <conditions>
                 <create>true</create>
                 <update>true</update>
                 <delete>true</delete>
                 <changeId>false</changeId>
         </conditions>
         <dataset>
           <name>objectClass</name>
           <policy>KEEP</policy>
           <defaultValues></defaultValues>
           <forceValues>
             <string>"top"</string>
             <string>"person"</string>
             <string>"organizationalPerson"</string>
             <string>"inetOrgPerson"</string>
             <string>"agUser"</string>
           </forceValues>
           <createValues></createValues>
           <delimiter>,</delimiter>
         </dataset>
         <dataset>
           <name>userUniqueId</name>
           <policy>KEEP</policy>
           <defaultValues></defaultValues>
           <forceValues>
             <string>js:&apos;xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx&apos;.replace(/[xy]/g, 
function(c) {var r = Math.random()*16|0,v=c==&apos;x&apos;?r:r&amp;0x3|0x8;return 
v.toString(16);});</string>
           </forceValues>
           <createValues></createValues>
         </dataset>
         <dataset>
           <name>userPassword</name>
           <policy>KEEP</policy>
           <defaultValues></defaultValues>
           <forceValues>
             <string>"{SASL}" + 
srcBean.getDatasetFirstValueById("sAMAccountName")</string>
           </forceValues>
           <createValues></createValues>
         </dataset>
         <dataset>
           <name>managed</name>
           <policy>KEEP</policy>
           <defaultValues></defaultValues>
           <forceValues>
             <string>"TRUE"</string>
           </forceValues>
           <createValues></createValues>
         </dataset>
       </propertiesBasedSyncOptions>
     </task>


This error takes place for all entries in the destination basedn.

Any help or clue is appreciated.

You need to add a dataset to map uid to sAMAccountName, for example:

        <dataset>
          <name>uid</name>
          <policy>KEEP</policy>
          <forceValues>
            <string>srcBean.getDatasetFirstValueById("sAMAccountName")</string>
          </forceValues>
        </dataset>


--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users