Re: [lsc-users] LSC: Users aren't created in AD when synchronising

Siard van Belkum Wed, 06 Apr 2016 07:58:52 -0700

I have configured ldaps for both the source and the destination:

    <connections>
        <!-- Connection to Active Directory. -->
        <ldapConnection>
            <name>AD</name>
            <url>ldaps://ldaptest.escaux.com:636/dc=escaux,dc=com</url>


<username>cn=Administrator,cn=Users,dc=ldaptest,dc=escaux,dc=com</username>
            <password>Adminpass123</password>
            <authentication>SIMPLE</authentication>
            <pageSize>1000</pageSize>
        </ldapConnection>
        <!-- Connection to OpenLDAP. -->
        <ldapConnection>
            <name>openldap</name>
            <url>ldaps://server.ldap.com:636/dc=ldap,dc=com</url>
            <username>cn=admin,dc=ldap,dc=com</username>
            <password>speedy</password>
            <authentication>SIMPLE</authentication>
            <pageSize>1000</pageSize>
        </ldapConnection>
    </connections>

But I still get the same console text:

Apr 06 16:46:18 - INFO  - Logging configuration successfully loaded from
/etc/lsc/openldap2ad/logback.xml
Apr 06 16:46:18 - INFO  - LSC configuration successfully loaded from
/etc/lsc/openldap2ad/
Apr 06 16:46:18 - INFO  - Connecting to LDAP server ldaps://
ldaptest.escaux.com:636/dc=escaux,dc=com as
cn=Administrator,cn=Users,dc=ldaptest,dc=escaux,dc=com
Apr 06 16:46:18 - INFO  - Connecting to LDAP server ldaps://
server.ldap.com:636/dc=ldap,dc=com as cn=admin,dc=ldap,dc=com
Apr 06 16:46:18 - INFO  - Starting sync for adUser
Apr 06 16:46:18 - ERROR - Error while adding entry cn=new
user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com in directory
:javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest'
Apr 06 16:46:18 - ERROR - Error while synchronizing ID cn=new
user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com:
java.lang.Exception: Technical problem while applying modifications to the
destination
# Wed Apr 06 16:46:18 CEST 2016
dn: cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
changetype: add
userPrincipalName: [email protected]
sn: user
pwdLastSet: 0
cn: new user
sAMAccountName: nuser
userAccountControl: 512
unicodePwd:: IgBjAGgAYQBuAGcAZQBpAHQAIgA=
givenName: new
objectclass: user
objectclass: organizationalPerson
objectclass: person
objectclass: top

Apr 06 16:46:18 - ERROR - All entries: 9, to modify entries: 1,
successfully modified entries: 0, errors: 1
Apr 06 16:46:18 - INFO  - Starting clean for adUser
Apr 06 16:46:18 - INFO  - All entries: 8, to modify entries: 0,
successfully modified entries: 0, errors: 0


Greetings,
Siard vB


On Wed, Apr 6, 2016 at 12:54 PM, Clément OUDOT <
[email protected]> wrote:

>
>
> Le 06/04/2016 11:53, Siard van Belkum a écrit :
>
> Ok, I feel like a noob now...
>
> Just to be sure, the problem isn't fixed yet, but I did find an error in
> my lsc.xml.
>
> instead of srcBean.getDatasetFirstValueById("uid") I
> had srcBean.getDatasetFirstValue*by*Id("uid") and it wasn't in the
> mainIdentifier tag, it was in the String tag for the sAMAccountName dataset:
>
>                 <dataset>
>                     <name>sAMAccountName</name>
>                     <policy>KEEP</policy>
>                     <createValues>
>                         <string>srcBean.getDatasetFirstValue*by*
> Id("uid")</string>
>                     </createValues>
>                 </dataset>
>
> After a quick change to the correct naming convention, I got the following
> console text:
>
> ==============================================================
> ==============================================================
>
> Apr 06 11:36:46 - INFO  - Logging configuration successfully loaded from
> /etc/lsc/openldap2ad/logback.xml
> Apr 06 11:36:46 - INFO  - LSC configuration successfully loaded from
> /etc/lsc/openldap2ad/
> Apr 06 11:36:46 - INFO  - Connecting to LDAP server ldap://
> ldaptest.escaux.com:389/dc=escaux,dc=com as
> cn=Administrator,cn=Users,dc=ldaptest,dc=escaux,dc=com
> Apr 06 11:36:46 - INFO  - Connecting to LDAP server ldap://
> server.ldap.com:389/dc=ldap,dc=com as cn=admin,dc=ldap,dc=com
> Apr 06 11:36:46 - INFO  - Starting sync for adUser
> Apr 06 11:36:47 - INFO  - # Updating object CN=tist
> tisting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
> Apr 06 11:36:47 - INFO  - # Updating object CN=tost
> tosting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
> # Wed Apr 06 11:36:47 CEST 2016
> dn: CN=tist tisting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
> changetype: modify
> replace: userPrincipalName
> userPrincipalName: [email protected]
> -
>
> # Wed Apr 06 11:36:47 CEST 2016
> dn: CN=tost tosting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
> changetype: modify
> replace: userPrincipalName
> userPrincipalName: [email protected]
> -
>
> Apr 06 11:36:47 - INFO  - # Updating object CN=test
> testing,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
> # Wed Apr 06 11:36:47 CEST 2016
> dn: CN=test testing,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
> changetype: modify
> replace: userPrincipalName
> userPrincipalName: [email protected]
> -
>
> Apr 06 11:36:47 - INFO  - # Updating object CN=tust
> tusting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
> # Wed Apr 06 11:36:47 CEST 2016
> dn: CN=tust tusting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
> changetype: modify
> replace: userPrincipalName
> userPrincipalName: [email protected]
> -
>
> Apr 06 11:36:47 - INFO  - # Updating object CN=tast
> tasting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
> # Wed Apr 06 11:36:47 CEST 2016
> dn: CN=tast tasting,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
> changetype: modify
> replace: userPrincipalName
> userPrincipalName: [email protected]
> -
>
> Apr 06 11:36:47 - INFO  - # Updating object CN=knaap
> knaapers,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
> # Wed Apr 06 11:36:47 CEST 2016
> dn: CN=knaap knaapers,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
> changetype: modify
> replace: userPrincipalName
> userPrincipalName: [email protected]
> -
>
> Apr 06 11:36:47 - INFO  - # Updating object CN=lol
> loller,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com for adUser
> # Wed Apr 06 11:36:47 CEST 2016
> dn: CN=lol loller,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
> changetype: modify
> replace: userPrincipalName
> userPrincipalName: [email protected]
> -
>
> Apr 06 11:36:47 - ERROR - Error while adding entry cn=new
> user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com in directory
> :javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
> 0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0
> ]; remaining name 'cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest'
> Apr 06 11:36:47 - ERROR - Error while synchronizing ID cn=new
> user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com:
> java.lang.Exception: Technical problem while applying modifications to the
> destination
> # Wed Apr 06 11:36:47 CEST 2016
> dn: cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
> *changetype: add*
> userPrincipalName: [email protected]
> sn: user
> pwdLastSet: 0
> cn: new user
> sAMAccountName: nuser
> userAccountControl: 512
> unicodePwd:: IgBjAGgAYQBuAGcAZQBpAHQAIgA=
> givenName: new
> objectclass: user
> objectclass: organizationalPerson
> objectclass: person
> objectclass: top
>
> Apr 06 11:36:47 - ERROR - All entries: 9, to modify entries: 8,
> successfully modified entries: 7, errors: 1
> Apr 06 11:36:47 - INFO  - Starting clean for adUser
> Apr 06 11:36:47 - INFO  - All entries: 8, to modify entries: 0,
> successfully modified entries: 0, errors: 0
>
> ==============================================================
> ==============================================================
>
> This is the first time I've seen "changetype: add" in one of my console
> texts. So that's a good thing.
> As you can see, with this command all the already existing records in AD
> have been modified succesfully.
>
> After another Synchronisation command I get the following console text:
>
> ==============================================================
> ==============================================================
>
> Apr 06 11:43:06 - INFO  - Logging configuration successfully loaded from
> /etc/lsc/openldap2ad/logback.xml
> Apr 06 11:43:06 - INFO  - LSC configuration successfully loaded from
> /etc/lsc/openldap2ad/
> Apr 06 11:43:06 - INFO  - Connecting to LDAP server ldap://
> ldaptest.escaux.com:389/dc=escaux,dc=com as
> cn=Administrator,cn=Users,dc=ldaptest,dc=escaux,dc=com
> Apr 06 11:43:06 - INFO  - Connecting to LDAP server ldap://
> server.ldap.com:389/dc=ldap,dc=com as cn=admin,dc=ldap,dc=com
> Apr 06 11:43:06 - INFO  - Starting sync for adUser
> Apr 06 11:43:07 - ERROR - Error while adding entry cn=new
> user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com in directory
> :javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
> 0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0
> ]; remaining name 'cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest'
> Apr 06 11:43:07 - ERROR - Error while synchronizing ID cn=new
> user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com:
> java.lang.Exception: Technical problem while applying modifications to the
> destination
> # Wed Apr 06 11:43:07 CEST 2016
> dn: cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
> changetype: add
> userPrincipalName: [email protected]
> sn: user
> pwdLastSet: 0
> cn: new user
> sAMAccountName: nuser
> userAccountControl: 512
> unicodePwd:: IgBjAGgAYQBuAGcAZQBpAHQAIgA=
> givenName: new
> objectclass: user
> objectclass: organizationalPerson
> objectclass: person
> objectclass: top
>
> Apr 06 11:43:07 - ERROR - All entries: 9, to modify entries: 1,
> successfully modified entries: 0, errors: 1
> Apr 06 11:43:07 - INFO  - Starting clean for adUser
> Apr 06 11:43:07 - INFO  - All entries: 8, to modify entries: 0,
> successfully modified entries: 0, errors: 0
>
>
>
> To change password on AD, LDAPS is required. See
> http://ltb-project.org/wiki/documentation/general/active_directory_certificates
> and http://lsc-project.org/wiki/documentation/howto/ssltls.
>
> See also http://lsc-project.org/wiki/documentation/howto/activedirectory
>
> --
> Clément OUDOT
> Consultant en logiciels libres, Expert infrastructure et sécurité
> Savoir-faire Linux
> 87, rue de Turbigo - 75003 PARIS
> Blog: http://sflx.ca/coudot
>
>
> _______________________________________________________________
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>
> lsc-users mailing list
> [email protected]
> http://lists.lsc-project.org/listinfo/lsc-users
>



-- 
Siard van Belkum
Intern
Escaux

Escaux, Communication as easy as the web
Chaussée de Bruxelles 408, 1300 Wavre, Belgium
Direct:
Main: +3226860900
www.escaux.com

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Re: [lsc-users] LSC: Users aren't created in AD when synchronising

Reply via email to