Le 06/04/2016 11:53, Siard van Belkum a écrit :
Ok, I feel like a noob now...

Just to be sure, the problem isn't fixed yet, but I did find an error in my lsc.xml.

instead of srcBean.getDatasetFirstValueById("uid") I had srcBean.getDatasetFirstValue_by_Id("uid") and it wasn't in the mainIdentifier tag, it was in the String tag for the sAMAccountName dataset:

                <dataset>
                    <name>sAMAccountName</name>
                    <policy>KEEP</policy>
                    <createValues>
<string>srcBean.getDatasetFirstValue_by_Id("uid")</string>
                    </createValues>
                </dataset>

After a quick change to the correct naming convention, I got the following console text:

==============================================================
==============================================================

Apr 06 11:36:46 - INFO - Logging configuration successfully loaded from /etc/lsc/openldap2ad/logback.xml Apr 06 11:36:46 - INFO - LSC configuration successfully loaded from /etc/lsc/openldap2ad/ Apr 06 11:36:46 - INFO - Connecting to LDAP server ldap://ldaptest.escaux.com:389/dc=escaux,dc=com <http://ldaptest.escaux.com:389/dc=escaux,dc=com> as cn=Administrator,cn=Users,dc=ldaptest,dc=escaux,dc=com Apr 06 11:36:46 - INFO - Connecting to LDAP server ldap://server.ldap.com:389/dc=ldap,dc=com <http://server.ldap.com:389/dc=ldap,dc=com> as cn=admin,dc=ldap,dc=com
Apr 06 11:36:46 - INFO  - Starting sync for adUser
Apr 06 11:36:47 - INFO - # Updating object CN=tist tisting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser Apr 06 11:36:47 - INFO - # Updating object CN=tost tosting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
# Wed Apr 06 11:36:47 CEST 2016
dn: CN=tist tisting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: [email protected] <mailto:[email protected]>
-

# Wed Apr 06 11:36:47 CEST 2016
dn: CN=tost tosting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: [email protected] <mailto:[email protected]>
-

Apr 06 11:36:47 - INFO - # Updating object CN=test testing,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
# Wed Apr 06 11:36:47 CEST 2016
dn: CN=test testing,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: [email protected] <mailto:[email protected]>
-

Apr 06 11:36:47 - INFO - # Updating object CN=tust tusting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
# Wed Apr 06 11:36:47 CEST 2016
dn: CN=tust tusting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: [email protected] <mailto:[email protected]>
-

Apr 06 11:36:47 - INFO - # Updating object CN=tast tasting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
# Wed Apr 06 11:36:47 CEST 2016
dn: CN=tast tasting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: [email protected] <mailto:[email protected]>
-

Apr 06 11:36:47 - INFO - # Updating object CN=knaap knaapers,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
# Wed Apr 06 11:36:47 CEST 2016
dn: CN=knaap knaapers,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: [email protected] <mailto:[email protected]>
-

Apr 06 11:36:47 - INFO - # Updating object CN=lol loller,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
# Wed Apr 06 11:36:47 CEST 2016
dn: CN=lol loller,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: [email protected] <mailto:[email protected]>
-

Apr 06 11:36:47 - ERROR - Error while adding entry cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com in directory :javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest'
Apr 06 11:36:47 - ERROR - Error while synchronizing ID cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com: java.lang.Exception: Technical problem while applying modifications to the destination
# Wed Apr 06 11:36:47 CEST 2016
dn: cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
_changetype: add_
userPrincipalName: [email protected] <mailto:[email protected]>
sn: user
pwdLastSet: 0
cn: new user
sAMAccountName: nuser
userAccountControl: 512
unicodePwd:: IgBjAGgAYQBuAGcAZQBpAHQAIgA=
givenName: new
objectclass: user
objectclass: organizationalPerson
objectclass: person
objectclass: top

Apr 06 11:36:47 - ERROR - All entries: 9, to modify entries: 8, successfully modified entries: 7, errors: 1
Apr 06 11:36:47 - INFO  - Starting clean for adUser
Apr 06 11:36:47 - INFO - All entries: 8, to modify entries: 0, successfully modified entries: 0, errors: 0

==============================================================
==============================================================

This is the first time I've seen "changetype: add" in one of my console texts. So that's a good thing. As you can see, with this command all the already existing records in AD have been modified succesfully.

After another Synchronisation command I get the following console text:

==============================================================
==============================================================

Apr 06 11:43:06 - INFO - Logging configuration successfully loaded from /etc/lsc/openldap2ad/logback.xml Apr 06 11:43:06 - INFO - LSC configuration successfully loaded from /etc/lsc/openldap2ad/ Apr 06 11:43:06 - INFO - Connecting to LDAP server ldap://ldaptest.escaux.com:389/dc=escaux,dc=com <http://ldaptest.escaux.com:389/dc=escaux,dc=com> as cn=Administrator,cn=Users,dc=ldaptest,dc=escaux,dc=com Apr 06 11:43:06 - INFO - Connecting to LDAP server ldap://server.ldap.com:389/dc=ldap,dc=com <http://server.ldap.com:389/dc=ldap,dc=com> as cn=admin,dc=ldap,dc=com
Apr 06 11:43:06 - INFO  - Starting sync for adUser
Apr 06 11:43:07 - ERROR - Error while adding entry cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com in directory :javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest'
Apr 06 11:43:07 - ERROR - Error while synchronizing ID cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com: java.lang.Exception: Technical problem while applying modifications to the destination
# Wed Apr 06 11:43:07 CEST 2016
dn: cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: add
userPrincipalName: [email protected] <mailto:[email protected]>
sn: user
pwdLastSet: 0
cn: new user
sAMAccountName: nuser
userAccountControl: 512
unicodePwd:: IgBjAGgAYQBuAGcAZQBpAHQAIgA=
givenName: new
objectclass: user
objectclass: organizationalPerson
objectclass: person
objectclass: top

Apr 06 11:43:07 - ERROR - All entries: 9, to modify entries: 1, successfully modified entries: 0, errors: 1
Apr 06 11:43:07 - INFO  - Starting clean for adUser
Apr 06 11:43:07 - INFO - All entries: 8, to modify entries: 0, successfully modified entries: 0, errors: 0



To change password on AD, LDAPS is required. See http://ltb-project.org/wiki/documentation/general/active_directory_certificates and http://lsc-project.org/wiki/documentation/howto/ssltls.

See also http://lsc-project.org/wiki/documentation/howto/activedirectory

--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS
Blog: http://sflx.ca/coudot

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to