Re: [lsc-users] LSC: Users aren't created in AD when synchronising

Clément OUDOT Wed, 06 Apr 2016 03:54:42 -0700


Le 06/04/2016 11:53, Siard van Belkum a écrit :

Ok, I feel like a noob now...
Just to be sure, the problem isn't fixed yet, but I did find an errorin my lsc.xml.
instead of srcBean.getDatasetFirstValueById("uid") Ihad srcBean.getDatasetFirstValue_by_Id("uid") and it wasn't in themainIdentifier tag, it was in the String tag for the sAMAccountNamedataset:
                <dataset>
                    <name>sAMAccountName</name>
                    <policy>KEEP</policy>
                    <createValues>
<string>srcBean.getDatasetFirstValue_by_Id("uid")</string>
                    </createValues>
                </dataset>
After a quick change to the correct naming convention, I got thefollowing console text:
==============================================================
==============================================================
Apr 06 11:36:46 - INFO - Logging configuration successfully loadedfrom /etc/lsc/openldap2ad/logback.xmlApr 06 11:36:46 - INFO - LSC configuration successfully loaded from/etc/lsc/openldap2ad/Apr 06 11:36:46 - INFO - Connecting to LDAP serverldap://ldaptest.escaux.com:389/dc=escaux,dc=com<http://ldaptest.escaux.com:389/dc=escaux,dc=com> ascn=Administrator,cn=Users,dc=ldaptest,dc=escaux,dc=comApr 06 11:36:46 - INFO - Connecting to LDAP serverldap://server.ldap.com:389/dc=ldap,dc=com<http://server.ldap.com:389/dc=ldap,dc=com> as cn=admin,dc=ldap,dc=com
Apr 06 11:36:46 - INFO  - Starting sync for adUser
Apr 06 11:36:47 - INFO - # Updating object CN=tisttisting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUserApr 06 11:36:47 - INFO - # Updating object CN=tosttosting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
# Wed Apr 06 11:36:47 CEST 2016
dn: CN=tist tisting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: [email protected] <mailto:[email protected]>
-

# Wed Apr 06 11:36:47 CEST 2016
dn: CN=tost tosting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: [email protected] <mailto:[email protected]>
-
Apr 06 11:36:47 - INFO - # Updating object CN=testtesting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
# Wed Apr 06 11:36:47 CEST 2016
dn: CN=test testing,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: [email protected] <mailto:[email protected]>
-
Apr 06 11:36:47 - INFO - # Updating object CN=tusttusting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
# Wed Apr 06 11:36:47 CEST 2016
dn: CN=tust tusting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: [email protected] <mailto:[email protected]>
-
Apr 06 11:36:47 - INFO - # Updating object CN=tasttasting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
# Wed Apr 06 11:36:47 CEST 2016
dn: CN=tast tasting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: [email protected] <mailto:[email protected]>
-
Apr 06 11:36:47 - INFO - # Updating object CN=knaapknaapers,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
# Wed Apr 06 11:36:47 CEST 2016
dn: CN=knaap knaapers,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: [email protected] <mailto:[email protected]>
-
Apr 06 11:36:47 - INFO - # Updating object CN=lolloller,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
# Wed Apr 06 11:36:47 CEST 2016
dn: CN=lol loller,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: modify
replace: userPrincipalName
userPrincipalName: [email protected] <mailto:[email protected]>
-
Apr 06 11:36:47 - ERROR - Error while adding entry cn=newuser,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com in directory:javax.naming.OperationNotSupportedException: [LDAP: error code 53 -0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest'
Apr 06 11:36:47 - ERROR - Error while synchronizing ID cn=newuser,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com:java.lang.Exception: Technical problem while applying modifications tothe destination
# Wed Apr 06 11:36:47 CEST 2016
dn: cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
_changetype: add_
userPrincipalName: [email protected] <mailto:[email protected]>
sn: user
pwdLastSet: 0
cn: new user
sAMAccountName: nuser
userAccountControl: 512
unicodePwd:: IgBjAGgAYQBuAGcAZQBpAHQAIgA=
givenName: new
objectclass: user
objectclass: organizationalPerson
objectclass: person
objectclass: top
Apr 06 11:36:47 - ERROR - All entries: 9, to modify entries: 8,successfully modified entries: 7, errors: 1
Apr 06 11:36:47 - INFO  - Starting clean for adUser
Apr 06 11:36:47 - INFO - All entries: 8, to modify entries: 0,successfully modified entries: 0, errors: 0
==============================================================
==============================================================
This is the first time I've seen "changetype: add" in one of myconsole texts. So that's a good thing.As you can see, with this command all the already existing records inAD have been modified succesfully.
After another Synchronisation command I get the following console text:

==============================================================
==============================================================
Apr 06 11:43:06 - INFO - Logging configuration successfully loadedfrom /etc/lsc/openldap2ad/logback.xmlApr 06 11:43:06 - INFO - LSC configuration successfully loaded from/etc/lsc/openldap2ad/Apr 06 11:43:06 - INFO - Connecting to LDAP serverldap://ldaptest.escaux.com:389/dc=escaux,dc=com<http://ldaptest.escaux.com:389/dc=escaux,dc=com> ascn=Administrator,cn=Users,dc=ldaptest,dc=escaux,dc=comApr 06 11:43:06 - INFO - Connecting to LDAP serverldap://server.ldap.com:389/dc=ldap,dc=com<http://server.ldap.com:389/dc=ldap,dc=com> as cn=admin,dc=ldap,dc=com
Apr 06 11:43:06 - INFO  - Starting sync for adUser
Apr 06 11:43:07 - ERROR - Error while adding entry cn=newuser,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com in directory:javax.naming.OperationNotSupportedException: [LDAP: error code 53 -0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest'
Apr 06 11:43:07 - ERROR - Error while synchronizing ID cn=newuser,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com:java.lang.Exception: Technical problem while applying modifications tothe destination
# Wed Apr 06 11:43:07 CEST 2016
dn: cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: add
userPrincipalName: [email protected] <mailto:[email protected]>
sn: user
pwdLastSet: 0
cn: new user
sAMAccountName: nuser
userAccountControl: 512
unicodePwd:: IgBjAGgAYQBuAGcAZQBpAHQAIgA=
givenName: new
objectclass: user
objectclass: organizationalPerson
objectclass: person
objectclass: top
Apr 06 11:43:07 - ERROR - All entries: 9, to modify entries: 1,successfully modified entries: 0, errors: 1
Apr 06 11:43:07 - INFO  - Starting clean for adUser
Apr 06 11:43:07 - INFO - All entries: 8, to modify entries: 0,successfully modified entries: 0, errors: 0

To change password on AD, LDAPS is required. Seehttp://ltb-project.org/wiki/documentation/general/active_directory_certificatesand http://lsc-project.org/wiki/documentation/howto/ssltls.


See also http://lsc-project.org/wiki/documentation/howto/activedirectory

--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS
Blog: http://sflx.ca/coudot

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Re: [lsc-users] LSC: Users aren't created in AD when synchronising

Reply via email to