Dear Mr. Oudot,
It works!
I can now add users to openLDAP and easily get them created in AD via
LSC synchronization.
This is what I've changed in lsc.xml.
from
<dataset>
<!-- unicodePwd = "changeit" at creation (requires SSL
connection to AD) -->
<name>unicodePwd</name>
<policy>KEEP</policy>
<createValues>
<string>AD.getUnicodePwd("changeit")</string>
</createValues>
</dataset>
to
<dataset>
<!-- unicodePwd = "changeit" at creation (requires SSL
connection to AD) -->
<name>unicodePwd</name>
<policy>KEEP</policy>
<createValues>
<string>AD.getUnicodePwd(srcBean.getDatasetFirstValueById("userpassword"))</string>
</createValues>
</dataset>
As you said, the password ("changeit") did not meet the requirements of AD.
So I changed the given password to the password that the openLDAP users
enter.
As this is most likely the final message, I'd like to thanks you for your
assistance with my problems. I've learned a lot and I'm very grateful for
that.
Greetings,
Siard vB
On Wed, Apr 6, 2016 at 6:40 PM, Clément OUDOT <[email protected]> wrote:
>
>
> 2016-04-06 16:58 GMT+02:00 Siard van Belkum <[email protected]>:
>
>> I have configured ldaps for both the source and the destination:
>>
>> <connections>
>> <!-- Connection to Active Directory. -->
>> <ldapConnection>
>> <name>AD</name>
>> <url>ldaps://ldaptest.escaux.com:636/dc=escaux,dc=com</url>
>>
>> <username>cn=Administrator,cn=Users,dc=ldaptest,dc=escaux,dc=com</username>
>> <password>Adminpass123</password>
>> <authentication>SIMPLE</authentication>
>> <pageSize>1000</pageSize>
>> </ldapConnection>
>> <!-- Connection to OpenLDAP. -->
>> <ldapConnection>
>> <name>openldap</name>
>> <url>ldaps://server.ldap.com:636/dc=ldap,dc=com</url>
>> <username>cn=admin,dc=ldap,dc=com</username>
>> <password>speedy</password>
>> <authentication>SIMPLE</authentication>
>> <pageSize>1000</pageSize>
>> </ldapConnection>
>> </connections>
>>
>> But I still get the same console text:
>>
>> Apr 06 16:46:18 - INFO - Logging configuration successfully loaded from
>> /etc/lsc/openldap2ad/logback.xml
>> Apr 06 16:46:18 - INFO - LSC configuration successfully loaded from
>> /etc/lsc/openldap2ad/
>> Apr 06 16:46:18 - INFO - Connecting to LDAP server ldaps://
>> ldaptest.escaux.com:636/dc=escaux,dc=com as
>> cn=Administrator,cn=Users,dc=ldaptest,dc=escaux,dc=com
>> Apr 06 16:46:18 - INFO - Connecting to LDAP server ldaps://
>> server.ldap.com:636/dc=ldap,dc=com as cn=admin,dc=ldap,dc=com
>> Apr 06 16:46:18 - INFO - Starting sync for adUser
>> Apr 06 16:46:18 - ERROR - Error while adding entry cn=new
>> user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com in directory
>> :javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
>> 0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0
>> ]; remaining name 'cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest'
>> Apr 06 16:46:18 - ERROR - Error while synchronizing ID cn=new
>> user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com:
>> java.lang.Exception: Technical problem while applying modifications to the
>> destination
>> # Wed Apr 06 16:46:18 CEST 2016
>> dn: cn=new user,ou=lsctest,ou=ESCAUX,dc=ldaptest,dc=escaux,dc=com
>> changetype: add
>> userPrincipalName: [email protected]
>> sn: user
>> pwdLastSet: 0
>> cn: new user
>> sAMAccountName: nuser
>> userAccountControl: 512
>> unicodePwd:: IgBjAGgAYQBuAGcAZQBpAHQAIgA=
>> givenName: new
>> objectclass: user
>> objectclass: organizationalPerson
>> objectclass: person
>> objectclass: top
>>
>> Apr 06 16:46:18 - ERROR - All entries: 9, to modify entries: 1,
>> successfully modified entries: 0, errors: 1
>> Apr 06 16:46:18 - INFO - Starting clean for adUser
>> Apr 06 16:46:18 - INFO - All entries: 8, to modify entries: 0,
>> successfully modified entries: 0, errors: 0
>>
>>
>>
>
> Then the reason is that the password is too simple and does not match
> minimum complexity level configured in Active Directory.
>
>
> Clément.
>
--
Siard van Belkum
Intern
Escaux
Escaux, Communication as easy as the web
Chaussée de Bruxelles 408, 1300 Wavre, Belgium
Direct:
Main: +3226860900
www.escaux.com
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
