Hi, we synchronize OpenLDAP with an Active Directory which is run by another unit, i.e. we have no influence on the configuration of the AD. We synchronize groups and their members instead of users, according to your http://lsc-project.org/wiki/documentation/tutorial/synchronizegroups?s[]=ad<http://lsc-project.org/wiki/documentation/tutorial/synchronizegroups?s%5b%5d=ad> .
This works very well, as long as the groups are small. Unfortunately we have groups with up to 35.000 members. When I try to synchronize them I get the following error: Jul 10 13:56:56 - ERROR - Error while modifying entry XXXX in directory :javax.naming.NamingException: LDAP response read timed out, timeout used:-1ms.; remaining name 'XXXX' Jul 10 13:56:56 - ERROR - Error while synchronizing ID XXXX: java.lang.Exception: Technical problem while applying modifications to the destination In your documentation you recommend to add <pageSize>1000</pageSize> to the AD connection in the lsc.xml file. I have tried this, but it didn't help. With the -t and -i parameters when launching the full Sync I have managed to synchronize the entire group lsc -f /lsc/conf -s all -t50 -i100000 but although all members are seemingly synchronized there is still the same error in the log file, and the entry ends with Jul 10 13:56:56 - ERROR - All entries: 1, to modify entries: 1, successfully modified entries: 0, errors: 1 If I then run the LSC daemon with the same -t and -i -parameters the initial run again seems to synchronize all members, but the log file again shows the same error. And even worse: the automatical synchronizing doesn't work any more afterwards: If I afterwards add a member to the OpenLDAP group it is not synchronized with the AD group. Is there any possibility to manipulate the time out value? Also I have seen that if a group is synchronized all members are replaced. Can that be reduced on one specific member, i.e. with deleting/adding a this single member instead of replacing all members? Thank you in advance, Jutta -------------------- Jutta Biernath Freie Universität Berlin Zentraleinrichtung für Datenverarbeitung (ZEDAT) Identity & Customer Management, FUDIS Fabeckstr. 32 14195 Berlin Tel. +49 30 838-75090 Fax +49 30 838-475090
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
