Re: [lsc-users] ldap 2 ldap lsc sync failed with anonymous bind, syntax ?

[Jehan Procaccia]

Le 23/12/2015 14:44, Clément OUDOT a écrit :


2015-12-22 18:25 GMT+01:00 Jehan Procaccia <jehan.procac...@tem-tsp.eu 
<mailto:jehan.procac...@tem-tsp.eu>>:

    Hello

    I did succeed a lsc sync from openldap to openldap with a binddn
    and bindpassword
    now I must fetch (pull) entries from an openldap without binddn
    (anonymous acces) . I thought it would be simpler ...
    but is always failed with that error :

    /Caused by: org.xml.sax.SAXParseException: cvc-complex-type.2.4.a
    : Contenu non valide trouvé à partir de l'élément
    'authentication'. L'une des valeurs
    '{"http://lsc-project.org/XSD/lsc-core-2.1.xsd";
    <http://lsc-project.org/XSD/lsc-core-2.1.xsd>:username}' est
    attendue.//
    /

    my lsc.xml contain for the source ldap connection:

     <connections>
        <ldapConnection>
          <name>stetienne</name>
          <url>ldap://ldap.ste.fr/ou=people,dc=ste,dc=fr</url>
          <!-- comment, no binddn available
    <username>cn=rep,ou=System,dc=ste,dc=fr</username>
          <password>secret</password>
             -->
          <authentication>*NONE*</authentication>
    I also tried from   <authentication>*ANONYMOUS*</authentication> ,
    apparently not suported
    /Caused by: org.xml.sax.SAXParseException: cvc-enumeration-valid :
    La valeur 'ANONYMOUS' n'est pas un facet valide par rapport à
    l'énumération '[NONE, SIMPLE, SASL, DIGEST-MD5, GSSAPI]'. Il doit
    s'agir d'une valeur provenant de l'énumération./

    From http://tools.ltb-project.org/attachments/693/lsc.xml => is is
    mention that username is mandatory !?  "/./username mandatory, the
    DN to bind with -->/"

    How can I sync PULL with anonymous bind ?



Hi Jehan,

could you try with <username> and <password> with dummy values, and 
<authentication> set to NONE?


Clément.

good advice, that works by resseting credentials elements:

<ldapConnection>
      <name>remotetp</name>
      <url>ldaps://ldap.remotetp.fr/dc=tp,dc=fr</url>
*<username>cn=repze,ou=System,dc=tp,dc=fr</username>**
**      <password>secret</password>*
      <authentication>NONE</authentication>

déc. 23 15:08:01 - INFO  - LSC configuration successfully loaded from 
/etc/lsc/ldap-remotetp-2-ldaplsc/
déc. 23 15:08:01 - INFO  - Connecting to LDAP server 
ldap://127.0.0.1:389/dc=lsc,dc=fr as cn=admin,dc=lsc,dc=fr
déc. 23 15:08:01 - INFO  - Connecting to LDAP server 
ldaps://ldap.remotetp.fr/dc=tp,dc=fr as cn=repze,ou=System,dc=tp,dc=fr
déc. 23 15:08:01 - INFO  - Starting sync for user

déc. 23 15:08:02 - INFO  - All entries: 2, to modify entries: 2, 
successfully modified entries: 2, errors: 0

that would be better if we could remove those fake credentials though ...

Thanks .

jehan .

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users