Re: [lsc-users] LSC: Users aren't created in AD when synchronising

[Siard van Belkum]

Ok, I feel like a noob now...

Just to be sure, the problem isn't fixed yet, but I did find an error in my
lsc.xml.

instead of srcBean.getDatasetFirstValueById("uid") I
had srcBean.getDatasetFirstValue*by*Id("uid") and it wasn't in the
mainIdentifier tag, it was in the String tag for the sAMAccountName dataset:

                <dataset>
                    <name>sAMAccountName</name>
                    <policy>KEEP</policy>
                    <createValues>
                        <string>srcBean.getDatasetFirstValue*by*
Id("uid")</string>
                    </createValues>
                </dataset>

After a quick change to the correct naming convention, I got the following
console text:

==============================================================
==============================================================

Apr 06 11:36:46 - INFO  - Logging configuration successfully loaded from
/etc/lsc/openldap2ad/logback.xml
Apr 06 11:36:46 - INFO  - LSC configuration successfully loaded from
/etc/lsc/openldap2ad/
Apr 06 11:36:46 - INFO  - Connecting to LDAP server ldap://
ldaptest.escaux.com:389/dc=escaux,dc=com as
cn=Administrator,cn=Users,dc=ldaptest,dc=escaux,dc=com
Apr 06 11:36:46 - INFO  - Connecting to LDAP server ldap://
server.ldap.com:389/dc=ldap,dc=com as cn=admin,dc=ldap,dc=com
Apr 06 11:36:46 - INFO  - Starting sync for adUser
Apr 06 11:36:47 - INFO  - # Updating object CN=tist
tisting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
Apr 06 11:36:47 - INFO  - # Updating object CN=tost
tosting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
# Wed Apr 06 11:36:47 CEST 2016
dn: CN=tist tisting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: ttist...@escaux.com
-

# Wed Apr 06 11:36:47 CEST 2016
dn: CN=tost tosting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: ttost...@escaux.com
-

Apr 06 11:36:47 - INFO  - # Updating object CN=test
testing,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
# Wed Apr 06 11:36:47 CEST 2016
dn: CN=test testing,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: ttest...@escaux.com
-

Apr 06 11:36:47 - INFO  - # Updating object CN=tust
tusting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
# Wed Apr 06 11:36:47 CEST 2016
dn: CN=tust tusting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: ttust...@escaux.com
-

Apr 06 11:36:47 - INFO  - # Updating object CN=tast
tasting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
# Wed Apr 06 11:36:47 CEST 2016
dn: CN=tast tasting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: ttast...@escaux.com
-

Apr 06 11:36:47 - INFO  - # Updating object CN=knaap
knaapers,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
# Wed Apr 06 11:36:47 CEST 2016
dn: CN=knaap knaapers,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: kknaap...@escaux.com
-

Apr 06 11:36:47 - INFO  - # Updating object CN=lol
loller,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
# Wed Apr 06 11:36:47 CEST 2016
dn: CN=lol loller,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: llol...@escaux.com
-

Apr 06 11:36:47 - ERROR - Error while adding entry cn=new
user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com in directory
:javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest'
Apr 06 11:36:47 - ERROR - Error while synchronizing ID cn=new
user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com:
java.lang.Exception: Technical problem while applying modifications to the
destination
# Wed Apr 06 11:36:47 CEST 2016
dn: cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
*changetype: add*
userPrincipalName: nu...@escaux.com
sn: user
pwdLastSet: 0
cn: new user
sAMAccountName: nuser
userAccountControl: 512
unicodePwd:: IgBjAGgAYQBuAGcAZQBpAHQAIgA=
givenName: new
objectclass: user
objectclass: organizationalPerson
objectclass: person
objectclass: top

Apr 06 11:36:47 - ERROR - All entries: 9, to modify entries: 8,
successfully modified entries: 7, errors: 1
Apr 06 11:36:47 - INFO  - Starting clean for adUser
Apr 06 11:36:47 - INFO  - All entries: 8, to modify entries: 0,
successfully modified entries: 0, errors: 0

==============================================================
==============================================================

This is the first time I've seen "changetype: add" in one of my console
texts. So that's a good thing.
As you can see, with this command all the already existing records in AD
have been modified succesfully.

After another Synchronisation command I get the following console text:

==============================================================
==============================================================

Apr 06 11:43:06 - INFO  - Logging configuration successfully loaded from
/etc/lsc/openldap2ad/logback.xml
Apr 06 11:43:06 - INFO  - LSC configuration successfully loaded from
/etc/lsc/openldap2ad/
Apr 06 11:43:06 - INFO  - Connecting to LDAP server ldap://
ldaptest.escaux.com:389/dc=escaux,dc=com as
cn=Administrator,cn=Users,dc=ldaptest,dc=escaux,dc=com
Apr 06 11:43:06 - INFO  - Connecting to LDAP server ldap://
server.ldap.com:389/dc=ldap,dc=com as cn=admin,dc=ldap,dc=com
Apr 06 11:43:06 - INFO  - Starting sync for adUser
Apr 06 11:43:07 - ERROR - Error while adding entry cn=new
user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com in directory
:javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest'
Apr 06 11:43:07 - ERROR - Error while synchronizing ID cn=new
user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com:
java.lang.Exception: Technical problem while applying modifications to the
destination
# Wed Apr 06 11:43:07 CEST 2016
dn: cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: add
userPrincipalName: nu...@escaux.com
sn: user
pwdLastSet: 0
cn: new user
sAMAccountName: nuser
userAccountControl: 512
unicodePwd:: IgBjAGgAYQBuAGcAZQBpAHQAIgA=
givenName: new
objectclass: user
objectclass: organizationalPerson
objectclass: person
objectclass: top

Apr 06 11:43:07 - ERROR - All entries: 9, to modify entries: 1,
successfully modified entries: 0, errors: 1
Apr 06 11:43:07 - INFO  - Starting clean for adUser
Apr 06 11:43:07 - INFO  - All entries: 8, to modify entries: 0,
successfully modified entries: 0, errors: 0

==============================================================
==============================================================

Greetings,
Siard vB

Ps: These commands were done while I had js: active in lsc.xml


On Wed, Apr 6, 2016 at 11:19 AM, Siard van Belkum <
siard.van.bel...@escaux.com> wrote:

> Even with the escaping the error still persists.
>
> I've compared the two console texts that are returned.
>
> Without DN escaping:
>
> Apr 06 11:15:08 - INFO  - Logging configuration successfully loaded from
> /etc/lsc/openldap2ad/logback.xml
> Apr 06 11:15:08 - INFO  - LSC configuration successfully loaded from
> /etc/lsc/openldap2ad/
> Apr 06 11:15:08 - INFO  - Connecting to LDAP server ldap://
> ldaptest.escaux.com:389/dc=escaux,dc=com as
> cn=Administrator,cn=Users,dc=ldaptest,dc=escaux,dc=com
> Apr 06 11:15:08 - INFO  - Connecting to LDAP server ldap://
> server.ldap.com:389/dc=ldap,dc=com as cn=admin,dc=ldap,dc=com
> Apr 06 11:15:08 - INFO  - Starting sync for adUser
> Apr 06 11:15:08 - ERROR - Fail to compute expression:
> srcBean.getDatasetFirstValuebyId("uid") on id=cn=new
> user,ou=People,dc=ldap,dc=com
> Reason: javax.script.ScriptException:
> sun.org.mozilla.javascript.EcmaError: TypeError: Cannot find function
> getDatasetFirstValuebyId in object id: cn=new user,ou=People,dc=ldap,dc=com
> => uid - nuser
> => sn - user
> => userpassword - [B@15dc6730
> => cn - new user
> => givenname - new
> . (<Unknown source>#5) in <Unknown source> at line number 5
> Apr 06 11:15:08 - ERROR - Error while synchronizing ID {uid=nuser}:
> org.lsc.exception.LscServiceException: javax.script.ScriptException:
> sun.org.mozilla.javascript.EcmaError: TypeError: Cannot find function
> getDatasetFirstValuebyId in object id: cn=new user,ou=People,dc=ldap,dc=com
> => uid - nuser
> => sn - user
> => userpassword - [B@15dc6730
> => cn - new user
> => givenname - new
> . (<Unknown source>#5) in <Unknown source> at line number 5
> Apr 06 11:15:08 - ERROR - All entries: 9, to modify entries: 0,
> successfully modified entries: 0, errors: 1
> Apr 06 11:15:08 - INFO  - Starting clean for adUser
> Apr 06 11:15:08 - INFO  - All entries: 8, to modify entries: 0,
> successfully modified entries: 0, errors: 0
>
>
> With DN escaping:
>
> Apr 06 11:13:52 - INFO  - Logging configuration successfully loaded from
> /etc/lsc/openldap2ad/logback.xml
> Apr 06 11:13:52 - INFO  - LSC configuration successfully loaded from
> /etc/lsc/openldap2ad/
> Apr 06 11:13:52 - INFO  - Connecting to LDAP server ldap://
> ldaptest.escaux.com:389/dc=escaux,dc=com as
> cn=Administrator,cn=Users,dc=ldaptest,dc=escaux,dc=com
> Apr 06 11:13:52 - INFO  - Connecting to LDAP server ldap://
> server.ldap.com:389/dc=ldap,dc=com as cn=admin,dc=ldap,dc=com
> Apr 06 11:13:52 - INFO  - Starting sync for adUser
> Apr 06 11:13:53 - ERROR - Fail to compute expression:
> srcBean.getDatasetFirstValuebyId("uid") on id=cn=new
> user,ou=People,dc=ldap,dc=com
> Reason: javax.script.ScriptException:
> sun.org.mozilla.javascript.EcmaError: TypeError: Cannot find function
> getDatasetFirstValuebyId in object id: cn=new user,ou=People,dc=ldap,dc=com
> => uid - nuser
> => sn - user
> => userpassword - [B@6ea3fff1
> => cn - new user
> => givenname - new
> . (<Unknown source>#5) in <Unknown source> at line number 5
> Apr 06 11:13:53 - ERROR - Error while synchronizing ID {uid=nuser}:
> org.lsc.exception.LscServiceException: javax.script.ScriptException:
> sun.org.mozilla.javascript.EcmaError: TypeError: Cannot find function
> getDatasetFirstValuebyId in object id: cn=new user,ou=People,dc=ldap,dc=com
> => uid - nuser
> => sn - user
> => userpassword - [B@6ea3fff1
> => cn - new user
> => givenname - new
> . (<Unknown source>#5) in <Unknown source> at line number 5
> Apr 06 11:13:53 - ERROR - All entries: 9, to modify entries: 0,
> successfully modified entries: 0, errors: 1
> Apr 06 11:13:53 - INFO  - Starting clean for adUser
> Apr 06 11:13:53 - INFO  - All entries: 8, to modify entries: 0,
> successfully modified entries: 0, errors: 0
>
>
> The only thing that's different is the userPassword value ([B@15dc6730
> and [B@6ea3fff1). I don't think that has anything to do with my problem
> though.
>
> Siard vB
>
> On Wed, Apr 6, 2016 at 11:09 AM, Clément OUDOT <
> clement.ou...@savoirfairelinux.com> wrote:
>
>>
>>
>> Le 06/04/2016 10:20, Siard van Belkum a écrit :
>>
>>> I've debugged using rdjs: / Rhino Debugger.
>>>
>>> Using the steps shown in the images (Attachment), I've found that the
>>> function srcBean.getDatasetFirstValueById("cn") works as expected for the
>>> most part. For every records in my source directory (openLDAP), this
>>> function returns the cn three times.
>>>
>>> When the debugger arrives at the "new user" record it only returns the
>>> cn one time and. Would you know what the reason for this is because I think
>>> this is where the problem appears.
>>>
>>> Could it be that the problem lies with Active Directory (the destination
>>> directory). Or is there something that doesn't let new users be created in
>>> AD?
>>>
>>> What are your thoughts on this?
>>>
>>
>>
>> Did you apply the DN escaping? See
>> http://lsc-project.org/wiki/documentation/latest/upgrade#dn_escaping
>>
>> This may fix your problem.
>>
>> --
>> Clément OUDOT
>> Consultant en logiciels libres, Expert infrastructure et sécurité
>> Savoir-faire Linux
>> 87, rue de Turbigo - 75003 PARIS
>> Blog: http://sflx.ca/coudot
>>
>> _______________________________________________________________
>> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>>
>> lsc-users mailing list
>> lsc-users@lists.lsc-project.org
>> http://lists.lsc-project.org/listinfo/lsc-users
>>
>>
>
>
> --
> Siard van Belkum
> Intern
> Escaux
>
> Escaux, Communication as easy as the web
> Chaussée de Bruxelles 408, 1300 Wavre, Belgium
> Direct:
> Main: +3226860900
> www.escaux.com
>



-- 
Siard van Belkum
Intern
Escaux

Escaux, Communication as easy as the web
Chaussée de Bruxelles 408, 1300 Wavre, Belgium
Direct:
Main: +3226860900
www.escaux.com

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users