Hello Jon,
Thanks for the tip! after your suggestion I modified the js code a
bit. Our ldap directory already contains the uid of the member in the
memberUid attributes of the group objects. Updated code looks like
this:
<snip>
var membersSrcDn = srcBean.getDatasetValuesById("memberUid");
var membersDstDn = [];
for (var i=0; i<membersSrcDn.size(); i++) {
var uid = membersSrcDn.get(i);
var destDn = ldap.search("OU=People",
"(sAMAccountName=" + uid + ")");
if (destDn.size() == 0 || destDn.size() > 1) {
continue;
}
var destMemberDn = destDn.get(0) + "," + ldap.getContextDn();
membersDstDn.push(destMemberDn);
}
membersDstDn
</snip>
Now I get this output:
Jun 07 16:20:18 - INFO - Starting sync for group
Jun 07 16:20:18 - DEBUG - In object
"CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": List of
attributes considered for writing in destination: [member, cn,
description, objectClass]
Jun 07 16:20:18 - DEBUG - In object
"CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": Attribute
"member" is in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": Attribute
"member" will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": Attribute
"cn" is in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": Attribute
"cn" will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": Attribute
"description" is in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": Attribute
"description" will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": Attribute
"objectClass" is in KEEP status
Jun 07 16:20:19 - DEBUG - Entry
"CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com" will not be
written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=tech,OU=Group,DC=adds,DC=example,DC=com": List of attributes
considered for writing in destination: [member, cn, description,
objectClass]
Jun 07 16:20:19 - DEBUG - In object
"CN=tech,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" is
in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=tech,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" will
not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=tech,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" is in
FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=tech,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" will not
be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=tech,OU=Group,DC=adds,DC=example,DC=com": Attribute "description"
is in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=tech,OU=Group,DC=adds,DC=example,DC=com": Attribute "description"
will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=tech,OU=Group,DC=adds,DC=example,DC=com": Attribute "objectClass"
is in KEEP status
Jun 07 16:20:19 - DEBUG - Entry
"CN=tech,OU=Group,DC=adds,DC=example,DC=com" will not be written to
the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=finance,OU=Group,DC=adds,DC=example,DC=com": List of attributes
considered for writing in destination: [member, cn, description,
objectClass]
Jun 07 16:20:19 - DEBUG - In object
"CN=finance,OU=Group,DC=adds,DC=example,DC=com": Attribute "member"
is in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=finance,OU=Group,DC=adds,DC=example,DC=com": Attribute "member"
will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=finance,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" is in
FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=finance,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" will
not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=finance,OU=Group,DC=adds,DC=example,DC=com": Attribute
"description" is in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=finance,OU=Group,DC=adds,DC=example,DC=com": Attribute
"description" will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=finance,OU=Group,DC=adds,DC=example,DC=com": Attribute
"objectClass" is in KEEP status
Jun 07 16:20:19 - DEBUG - Entry
"CN=finance,OU=Group,DC=adds,DC=example,DC=com" will not be written to
the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=pm,OU=Group,DC=adds,DC=example,DC=com": List of attributes
considered for writing in destination: [member, cn, description,
objectClass]
Jun 07 16:20:19 - DEBUG - In object
"CN=pm,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" is in
FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=pm,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" will
not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=pm,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" is in
FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=pm,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" will not
be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=pm,OU=Group,DC=adds,DC=example,DC=com": Attribute "description"
is in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=pm,OU=Group,DC=adds,DC=example,DC=com": Attribute "description"
will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=pm,OU=Group,DC=adds,DC=example,DC=com": Attribute "objectClass"
is in KEEP status
Jun 07 16:20:19 - DEBUG - Entry
"CN=pm,OU=Group,DC=adds,DC=example,DC=com" will not be written to the
destination
Jun 07 16:20:19 - DEBUG - In object
"CN=smbFinanceScanner,OU=Group,DC=adds,DC=example,DC=com": List of
attributes considered for writing in destination: [member, cn,
description, objectClass]
Jun 07 16:20:19 - DEBUG - In object
"CN=smbFinanceScanner,OU=Group,DC=adds,DC=example,DC=com": Attribute
"member" is in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=smbFinanceScanner,OU=Group,DC=adds,DC=example,DC=com": Attribute
"member" will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=smbFinanceScanner,OU=Group,DC=adds,DC=example,DC=com": Attribute
"cn" is in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=smbFinanceScanner,OU=Group,DC=adds,DC=example,DC=com": Attribute
"cn" will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=smbFinanceScanner,OU=Group,DC=adds,DC=example,DC=com": Attribute
"description" is in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=smbFinanceScanner,OU=Group,DC=adds,DC=example,DC=com": Attribute
"description" will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=smbFinanceScanner,OU=Group,DC=adds,DC=example,DC=com": Attribute
"objectClass" is in KEEP status
Jun 07 16:20:19 - DEBUG - Entry
"CN=smbFinanceScanner,OU=Group,DC=adds,DC=example,DC=com" will not be
written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=service,OU=Group,DC=adds,DC=example,DC=com": List of attributes
considered for writing in destination: [member, cn, description,
objectClass]
Jun 07 16:20:19 - DEBUG - In object
"CN=service,OU=Group,DC=adds,DC=example,DC=com": Attribute "member"
is in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=service,OU=Group,DC=adds,DC=example,DC=com": Attribute "member"
will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=service,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" is in
FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=service,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" will
not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=service,OU=Group,DC=adds,DC=example,DC=com": Attribute
"description" is in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=service,OU=Group,DC=adds,DC=example,DC=com": Attribute
"description" will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=service,OU=Group,DC=adds,DC=example,DC=com": Attribute
"objectClass" is in KEEP status
Jun 07 16:20:19 - DEBUG - Entry
"CN=service,OU=Group,DC=adds,DC=example,DC=com" will not be written to
the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=dev,OU=Group,DC=adds,DC=example,DC=com": List of attributes
considered for writing in destination: [member, cn, description,
objectClass]
Jun 07 16:20:19 - DEBUG - In object
"CN=dev,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" is in
FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=dev,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" will
not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=dev,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" is in
FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=dev,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" will not
be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=dev,OU=Group,DC=adds,DC=example,DC=com": Attribute "description"
is in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=dev,OU=Group,DC=adds,DC=example,DC=com": Attribute "description"
will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=dev,OU=Group,DC=adds,DC=example,DC=com": Attribute "objectClass"
is in KEEP status
Jun 07 16:20:19 - DEBUG - Entry
"CN=dev,OU=Group,DC=adds,DC=example,DC=com" will not be written to the
destination
Jun 07 16:20:19 - DEBUG - In object
"CN=smpadmins,OU=Group,DC=adds,DC=example,DC=com": List of attributes
considered for writing in destination: [member, cn, description,
objectClass]
Jun 07 16:20:19 - DEBUG - In object
"CN=smpadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute "member"
is in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=smpadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute "member"
will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=smpadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" is
in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=smpadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn"
will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=smpadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute
"description" is in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=smpadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute
"description" will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=smpadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute
"objectClass" is in KEEP status
Jun 07 16:20:19 - DEBUG - Entry
"CN=smpadmins,OU=Group,DC=adds,DC=example,DC=com" will not be written
to the destination
Jun 07 16:20:19 - ERROR - There is no future associated with operation
message ID 12, perhaps the operation would have been completed
Jun 07 16:20:19 - ERROR - There is no future associated with operation
message ID 12, perhaps the operation would have been completed
Jun 07 16:20:19 - DEBUG - In object
"CN=sales,OU=Group,DC=adds,DC=example,DC=com": List of attributes
considered for writing in destination: [member, cn, description,
objectClass]
Jun 07 16:20:19 - DEBUG - In object
"CN=sales,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" is
in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=sales,OU=Group,DC=adds,DC=example,DC=com": Attribute "member"
will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=sales,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" is in
FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=sales,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" will
not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=sales,OU=Group,DC=adds,DC=example,DC=com": Attribute
"description" is in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=sales,OU=Group,DC=adds,DC=example,DC=com": Attribute
"description" will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=sales,OU=Group,DC=adds,DC=example,DC=com": Attribute
"objectClass" is in KEEP status
Jun 07 16:20:19 - DEBUG - Entry
"CN=sales,OU=Group,DC=adds,DC=example,DC=com" will not be written to
the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=svn,OU=Group,DC=adds,DC=example,DC=com": List of attributes
considered for writing in destination: [member, cn, description,
objectClass]
Jun 07 16:20:19 - DEBUG - In object
"CN=svn,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" is in
FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=svn,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" will
not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=svn,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" is in
FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=svn,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" will not
be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=svn,OU=Group,DC=adds,DC=example,DC=com": Attribute "description"
is in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=svn,OU=Group,DC=adds,DC=example,DC=com": Attribute "description"
will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=svn,OU=Group,DC=adds,DC=example,DC=com": Attribute "objectClass"
is in KEEP status
Jun 07 16:20:19 - DEBUG - Entry
"CN=svn,OU=Group,DC=adds,DC=example,DC=com" will not be written to the
destination
Jun 07 16:20:19 - DEBUG - In object
"CN=webadmins,OU=Group,DC=adds,DC=example,DC=com": List of attributes
considered for writing in destination: [member, cn, description,
objectClass]
Jun 07 16:20:19 - DEBUG - In object
"CN=webadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute "member"
is in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=webadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute "member"
will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=webadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" is
in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=webadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn"
will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=webadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute
"description" is in FORCE status
Jun 07 16:20:19 - DEBUG - In object
"CN=webadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute
"description" will not be written to the destination
Jun 07 16:20:19 - DEBUG - In object
"CN=webadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute
"objectClass" is in KEEP status
Is there any way I can enable more debugging? Like printing the whole
arrays or something like that?
Thanks,
Frederic
On Tue, Jun 7, 2016 at 4:05 PM, Jon C Kidder <[email protected]> wrote:
> It appears you do not have a dataset for cn. Cn is the rdn of the record and
> you must include at least one cn value that matches the cn value of the dn.
>
> -Jon C. Kidder
> American Electric Power
> Middleware Services
> Email: [email protected]
> Phone: 614-716-4970
>
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]] On Behalf Of Frederic Van
> Espen
> Sent: Tuesday, June 07, 2016 9:51 AM
> To: [email protected]
> Subject: [lsc-users] group membership sync from openldap to active directory
>
> This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN
> attachments.
>
> **********************************************************************
> Hi,
>
> I'm making a first attempt to synchronize group membership from our openldap
> server to our active directory server. Groups are created correctly, but
> unfortunately I'm receiving some errors while syncing the group membership.
> Here's the config I'm using right now:
>
> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0">
> <connections>
> <!-- Connection to Active Directory. -->
> <ldapConnection>
> <name>AD</name>
> <url>ldaps://addc.adds.example.com:636/dc=example,dc=com</url>
> <username>cn=Administrator,cn=Users,dc=adds,dc=example,dc=com</username>
> <password>REDACTED</password>
> <authentication>SIMPLE</authentication>
> <pageSize>1000</pageSize>
> </ldapConnection>
> <!-- Connection to OpenLDAP. -->
> <ldapConnection>
> <name>openldap</name>
> <url>ldaps://ldap.intranet.example.com:636/dc=example,dc=com</url>
> <username>cn=admin,dc=example,dc=com</username>
> <password>REDACTED</password>
> <authentication>SIMPLE</authentication>
> <pageSize>1000</pageSize>
> </ldapConnection>
> </connections>
> <!-- Tasks configuration. -->
> <tasks>
> <!-- Task for synchronize users from OpenLDAP to Active Directory. -->
> <task>
> <name>SyncPeople</name>
> <bean>org.lsc.beans.SimpleBean</bean>
> <!-- LDAP source service. -->
> <ldapSourceService>
> <name>openldap-source-service</name>
> <connection reference="openldap" />
> <baseDn>ou=People,dc=example,dc=com</baseDn>
> <pivotAttributes>
> <string>uid</string>
> </pivotAttributes>
> <fetchedAttributes>
> <string>cn</string>
> <string>description</string>
> <string>givenName</string>
> <string>mail</string>
> <string>sn</string>
> <string>uid</string>
> <string>userpassword</string>
> <string>homePhone</string>
> <string>randomstuff</string>
> </fetchedAttributes>
> <getAllFilter><![CDATA[(objectClass=inetOrgPerson)]]></getAllFilter>
>
> <getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(uid={uid}))]]></getOneFilter>
>
> <cleanFilter><![CDATA[(&(objectClass=inetOrgPerson)(uid={sAMAccountName}))]]></cleanFilter>
> </ldapSourceService>
> <!-- LDAP destination service. -->
> <ldapDestinationService>
> <name>ad-dst-service</name>
> <connection reference="AD" />
> <baseDn>ou=People,dc=adds,dc=example,dc=com</baseDn>
> <pivotAttributes>
> <string>sAMAccountName</string>
> </pivotAttributes>
> <fetchedAttributes>
> <string>objectclass</string>
> <string>cn</string>
> <string>description</string>
> <string>givenName</string>
> <string>mail</string>
> <string>pwdLastSet</string>
> <string>sAMAccountName</string>
> <string>sn</string>
> <string>unicodePwd</string>
> <string>userAccountControl</string>
> <string>userPrincipalName</string>
> <string>homePhone</string>
> </fetchedAttributes>
> <getAllFilter><![CDATA[(objectClass=user)]]></getAllFilter>
>
> <getOneFilter><![CDATA[(&(objectClass=user)(sAMAccountName={uid}))]]></getOneFilter>
> </ldapDestinationService>
> <!-- Synchronization rules. -->
> <propertiesBasedSyncOptions>
> <mainIdentifier>js:"cn=" +
> srcBean.getDatasetFirstValueById("cn") + ",ou=" + getOu(srcBean.DN) +
> ",dc=adds,dc=example,dc=com"</mainIdentifier>
> <defaultDelimiter>;</defaultDelimiter>
> <defaultPolicy>FORCE</defaultPolicy>
> <conditions>
> <create>true</create>
> <update>true</update>
> <delete>true</delete>
> <changeId>true</changeId>
> </conditions>
> <!-- objectClass = user/organizationalPerson/person/top -->
> <dataset>
> <name>objectClass</name>
> <policy>KEEP</policy>
> <createValues>
> <string>"user"</string>
> <string>"organizationalPerson"</string>
> <string>"person"</string>
> <string>"top"</string>
> </createValues>
> <delimiter>,</delimiter>
> </dataset>
> <!-- sAMAccountName = uid -->
> <dataset>
> <name>sAMAccountName</name>
> <policy>KEEP</policy>
> <createValues>
> <string>srcBean.getDatasetFirstValueById("uid")</string>
> </createValues>
> </dataset>
> <!-- userPrincipalName = uid + "@domainName.org" -->
> <dataset>
> <name>userPrincipalName</name>
> <policy>FORCE</policy>
> <forceValues>
> <string>srcBean.getDatasetFirstValueById("uid") +
> "@example.com"</string>
> </forceValues>
> </dataset>
> <!-- Configuring account like normal and non admin. -->
> <dataset>
> <name>userAccountControl</name>
> <policy>KEEP</policy>
> <createValues>
> <string>AD.userAccountControlSet( "0", [
> AD.UAC_SET_PASSWD_NOTREQD,AD.UAC_SET_NORMAL_ACCOUNT ])</string>
> </createValues>
> </dataset>
> <!-- pwdLastSet = -1; no require to user for changing password on
> next logon. -->
> <dataset>
> <name>pwdLastSet</name>
> <policy>KEEP</policy>
> <createValues>
> <string>"0"</string>
> </createValues>
> </dataset>
> <dataset>
> <name>unicodePwd</name>
> <policy>KEEP</policy>
> <createValues>
>
> <string>AD.getUnicodePwd(srcBean.getDatasetFirstValueById("userpassword"))</string>
> </createValues>
> </dataset>
> </propertiesBasedSyncOptions>
> <scriptInclude>
> <string>../scripts/getOu.js</string>
> </scriptInclude>
> </task>
> <!-- Task for synchronize groups from OpenLDAP to Active Directory. -->
>
> <task>
> <name>group</name>
> <bean>org.lsc.beans.SimpleBean</bean>
> <asyncLdapSourceService>
> <name>group-source-service</name>
> <connection reference="openldap" />
> <baseDn>ou=Group,dc=example,dc=com</baseDn>
> <pivotAttributes>
> <string>cn</string>
> </pivotAttributes>
> <fetchedAttributes>
> <string>cn</string>
> <string>description</string>
> <string>memberUid</string>
> </fetchedAttributes>
> <getAllFilter><![CDATA[(objectClass=posixGroup)]]></getAllFilter>
>
> <getOneFilter><![CDATA[(&(objectClass=posixGroup)(cn={cn}))]]></getOneFilter>
>
> <cleanFilter><![CDATA[(&(objectClass=posixGroup)(cn={cn}))]]></cleanFilter>
> <serverType>OpenLDAP</serverType>
> </asyncLdapSourceService>
> <ldapDestinationService>
> <name>group-dst-service</name>
> <connection reference="AD" />
> <baseDn>OU=Group,DC=adds,DC=example,DC=com</baseDn>
> <pivotAttributes>
> <string>cn</string>
> </pivotAttributes>
> <fetchedAttributes>
> <string>cn</string>
> <string>description</string>
> <string>member</string>
> <string>objectClass</string>
> </fetchedAttributes>
> <getAllFilter><![CDATA[(objectClass=group)]]></getAllFilter>
>
> <getOneFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></getOneFilter>
> </ldapDestinationService>
> <propertiesBasedSyncOptions>
> <mainIdentifier>js:"cn=" +
> javax.naming.ldap.Rdn.escapeValue(srcBean.getDatasetFirstValueById("cn"))
> + ",OU=Group,DC=adds,DC=example,DC=com"</mainIdentifier>
> <defaultDelimiter>;</defaultDelimiter>
> <defaultPolicy>FORCE</defaultPolicy>
> <conditions>
> <create>true</create>
> <update>true</update>
> <delete>true</delete>
> <changeId>true</changeId>
> </conditions>
> <dataset>
> <name>objectclass</name>
> <policy>KEEP</policy>
> <createValues>
> <string>"group"</string>
> <string>"top"</string>
> </createValues>
> </dataset>
> <dataset>
> <name>member</name>
> <policy>FORCE</policy>
> <forceValues>
> <string>
> <![CDATA[
> rdjs:
>
> var membersSrcDn = srcBean.getDatasetValuesById("memberUid");
> var membersDstDn = [];
>
> for (var i=0; i<membersSrcDn.size(); i++) {
> var memberSrcDn = membersSrcDn.get(i);
> var uid = "";
> try {
> uid = srcLdap.attribute(memberSrcDn, "uid").get(0);
> } catch(e) {
> continue;
> }
> var destDn = ldap.search("ou=People", "(sAMAccountName=" +
> uid + ")");
> if (destDn.size() == 0 || destDn.size() > 1) {
> continue;
> }
> var destMemberDn = destDn.get(0) + "," +
> ldap.getContextDn();
> membersDstDn.push(destMemberDn);
> }
> membersDstDn
> ]]>
> </string>
> </forceValues>
> </dataset>
> </propertiesBasedSyncOptions>
> </task>
> </tasks>
> </lsc>
>
>
> This is the error I'm receiving:
> Jun 07 15:43:40 - ERROR - All entries: 69, to modify entries: 1, successfully
> modified entries: 0, errors: 1 Jun 07 15:43:40 - INFO - Starting clean for
> SyncPeople Jun 07 15:43:40 - DEBUG - Using pagedResults control for 1000
> entries at a time Jun 07 15:43:41 - INFO - All entries: 68, to modify
> entries: 0, successfully modified entries: 0, errors: 0 Jun 07 15:43:41 -
> INFO - Starting sync for group Jun 07 15:43:41 - DEBUG - In object
> "CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": List of
> attributes considered for writing in destination: [member, cn, description,
> objectClass] Jun 07 15:43:41 - DEBUG - In object
> "CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": Attribute
> "member" is in FORCE status Jun 07 15:43:41 - ERROR - Programmatic error
> java.lang.reflect.InvocationTargetException: null at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_67] at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> ~[na:1.7.0_67]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.7.0_67]
> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67] at
> org.lsc.jndi.ScriptableObject.wrap(ScriptableObject.java:92)
> [lsc-core-2.1.3.jar:na]
> at org.lsc.jndi.ScriptableObject.wrapString(ScriptableObject.java:155)
> [lsc-core-2.1.3.jar:na]
> at
> org.lsc.jndi.ScriptableJndiServices.attribute(ScriptableJndiServices.java:211)
> [lsc-core-2.1.3.jar:na]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_67]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> ~[na:1.7.0_67]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.7.0_67]
> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67] at
> sun.org.mozilla.javascript.internal.MemberBox.invoke(MemberBox.java:167)
> [na:1.7.0_67]
> at
> sun.org.mozilla.javascript.internal.NativeJavaMethod.call(NativeJavaMethod.java:245)
> [na:1.7.0_67]
> at
> sun.org.mozilla.javascript.internal.Interpreter.interpretLoop(Interpreter.java:1706)
> [na:1.7.0_67]
> at
> sun.org.mozilla.javascript.internal.Interpreter.interpret(Interpreter.java:849)
> [na:1.7.0_67]
> at
> sun.org.mozilla.javascript.internal.InterpretedFunction.call(InterpretedFunction.java:162)
> [na:1.7.0_67]
> at
> sun.org.mozilla.javascript.internal.ContextFactory.doTopCall(ContextFactory.java:430)
> [na:1.7.0_67]
> at
> com.sun.script.javascript.RhinoScriptEngine$1.superDoTopCall(RhinoScriptEngine.java:116)
> [na:1.7.0_67]
> at
> com.sun.script.javascript.RhinoScriptEngine$1.doTopCall(RhinoScriptEngine.java:109)
> [na:1.7.0_67]
> at
> sun.org.mozilla.javascript.internal.ScriptRuntime.doTopCall(ScriptRuntime.java:3160)
> [na:1.7.0_67]
> at
> sun.org.mozilla.javascript.internal.InterpretedFunction.exec(InterpretedFunction.java:173)
> [na:1.7.0_67]
> at
> sun.org.mozilla.javascript.internal.Context.evaluateReader(Context.java:1169)
> [na:1.7.0_67]
> at
> com.sun.script.javascript.RhinoScriptEngine.eval(RhinoScriptEngine.java:214)
> [na:1.7.0_67]
> at
> com.sun.script.javascript.RhinoScriptEngine.eval(RhinoScriptEngine.java:240)
> [na:1.7.0_67]
> at javax.script.AbstractScriptEngine.eval(AbstractScriptEngine.java:233)
> [na:1.7.0_67]
> at org.lsc.utils.JScriptEvaluator.instanceEval(JScriptEvaluator.java:222)
> [lsc-core-2.1.3.jar:na]
> at org.lsc.utils.JScriptEvaluator.evalToStringList(JScriptEvaluator.java:119)
> [lsc-core-2.1.3.jar:na]
> at
> org.lsc.utils.ScriptingEvaluator.evalToStringList(ScriptingEvaluator.java:136)
> [lsc-core-2.1.3.jar:na]
> at org.lsc.beans.BeanComparator.getValuesToSet(BeanComparator.java:602)
> [lsc-core-2.1.3.jar:na]
> at org.lsc.beans.BeanComparator.getUpdatedObject(BeanComparator.java:284)
> [lsc-core-2.1.3.jar:na]
> at
> org.lsc.beans.BeanComparator.calculateModifications(BeanComparator.java:176)
> [lsc-core-2.1.3.jar:na]
> at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:773)
> [lsc-core-2.1.3.jar:na]
> at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:707)
> [lsc-core-2.1.3.jar:na]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> [na:1.7.0_67]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> [na:1.7.0_67]
> at java.lang.Thread.run(Thread.java:745) [na:1.7.0_67] Caused by:
> java.lang.RuntimeException:
> org.apache.directory.api.ldap.model.exception.LdapInvalidDnException:
> ERR_04202 A value is missing on some RDN at
> org.lsc.jndi.JndiServices.rewriteBase(JndiServices.java:659)
> ~[lsc-core-2.1.3.jar:na]
> at org.lsc.jndi.JndiServices.doReadEntry(JndiServices.java:691)
> ~[lsc-core-2.1.3.jar:na]
> at org.lsc.jndi.JndiServices.readEntry(JndiServices.java:666)
> ~[lsc-core-2.1.3.jar:na]
> at org.lsc.jndi.ScriptableJndiServices._attr(ScriptableJndiServices.java:218)
> [lsc-core-2.1.3.jar:na]
> ... 36 common frames omitted
> Caused by:
> org.apache.directory.api.ldap.model.exception.LdapInvalidDnException:
> ERR_04202 A value is missing on some RDN at
> org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:279)
> ~[api-all-1.0.0-M22.jar:1.0.0-M22]
> at org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:211)
> ~[api-all-1.0.0-M22.jar:1.0.0-M22]
> at org.lsc.jndi.JndiServices.rewriteBase(JndiServices.java:647)
> ~[lsc-core-2.1.3.jar:na]
> ... 39 common frames omitted
> Jun 07 15:43:41 - ERROR - Programmatic error
> java.lang.reflect.InvocationTargetException: null at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_67] at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> ~[na:1.7.0_67]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.7.0_67]
> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67] at
> org.lsc.jndi.ScriptableObject.wrap(ScriptableObject.java:92)
> [lsc-core-2.1.3.jar:na]
> at org.lsc.jndi.ScriptableObject.wrapString(ScriptableObject.java:155)
> [lsc-core-2.1.3.jar:na]
> at
> org.lsc.jndi.ScriptableJndiServices.attribute(ScriptableJndiServices.java:211)
> [lsc-core-2.1.3.jar:na]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_67]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> ~[na:1.7.0_67]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.7.0_67]
> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67] at
> sun.org.mozilla.javascript.internal.MemberBox.invoke(MemberBox.java:167)
> [na:1.7.0_67]
> at
> sun.org.mozilla.javascript.internal.NativeJavaMethod.call(NativeJavaMethod.java:245)
> [na:1.7.0_67]
> at
> sun.org.mozilla.javascript.internal.Interpreter.interpretLoop(Interpreter.java:1706)
> [na:1.7.0_67]
> at
> sun.org.mozilla.javascript.internal.Interpreter.interpret(Interpreter.java:849)
> [na:1.7.0_67]
> at
> sun.org.mozilla.javascript.internal.InterpretedFunction.call(InterpretedFunction.java:162)
> [na:1.7.0_67]
> at
> sun.org.mozilla.javascript.internal.ContextFactory.doTopCall(ContextFactory.java:430)
> [na:1.7.0_67]
> at
> com.sun.script.javascript.RhinoScriptEngine$1.superDoTopCall(RhinoScriptEngine.java:116)
> [na:1.7.0_67]
> at
> com.sun.script.javascript.RhinoScriptEngine$1.doTopCall(RhinoScriptEngine.java:109)
> [na:1.7.0_67]
> at
> sun.org.mozilla.javascript.internal.ScriptRuntime.doTopCall(ScriptRuntime.java:3160)
> [na:1.7.0_67]
> at
> sun.org.mozilla.javascript.internal.InterpretedFunction.exec(InterpretedFunction.java:173)
> [na:1.7.0_67]
> at
> sun.org.mozilla.javascript.internal.Context.evaluateReader(Context.java:1169)
> [na:1.7.0_67]
> at
> com.sun.script.javascript.RhinoScriptEngine.eval(RhinoScriptEngine.java:214)
> [na:1.7.0_67]
> at
> com.sun.script.javascript.RhinoScriptEngine.eval(RhinoScriptEngine.java:240)
> [na:1.7.0_67]
> at javax.script.AbstractScriptEngine.eval(AbstractScriptEngine.java:233)
> [na:1.7.0_67]
> at org.lsc.utils.JScriptEvaluator.instanceEval(JScriptEvaluator.java:222)
> [lsc-core-2.1.3.jar:na]
> at org.lsc.utils.JScriptEvaluator.evalToStringList(JScriptEvaluator.java:119)
> [lsc-core-2.1.3.jar:na]
> at
> org.lsc.utils.ScriptingEvaluator.evalToStringList(ScriptingEvaluator.java:136)
> [lsc-core-2.1.3.jar:na]
> at org.lsc.beans.BeanComparator.getValuesToSet(BeanComparator.java:602)
> [lsc-core-2.1.3.jar:na]
> at org.lsc.beans.BeanComparator.getUpdatedObject(BeanComparator.java:284)
> [lsc-core-2.1.3.jar:na]
> at
> org.lsc.beans.BeanComparator.calculateModifications(BeanComparator.java:176)
> [lsc-core-2.1.3.jar:na]
> at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:773)
> [lsc-core-2.1.3.jar:na]
> at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:707)
> [lsc-core-2.1.3.jar:na]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> [na:1.7.0_67]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> [na:1.7.0_67]
> at java.lang.Thread.run(Thread.java:745) [na:1.7.0_67] Caused by:
> java.lang.RuntimeException:
> org.apache.directory.api.ldap.model.exception.LdapInvalidDnException:
> ERR_04202 A value is missing on some RDN at
> org.lsc.jndi.JndiServices.rewriteBase(JndiServices.java:659)
> ~[lsc-core-2.1.3.jar:na]
> at org.lsc.jndi.JndiServices.doReadEntry(JndiServices.java:691)
> ~[lsc-core-2.1.3.jar:na]
> at org.lsc.jndi.JndiServices.readEntry(JndiServices.java:666)
> ~[lsc-core-2.1.3.jar:na]
> at org.lsc.jndi.ScriptableJndiServices._attr(ScriptableJndiServices.java:218)
> [lsc-core-2.1.3.jar:na]
> ... 36 common frames omitted
>
> I assume the error is in the javascript code, but I'm at a loss on finding
> out where exactly, or how to do the debugging. Can anyone point me in the
> right direction?
>
> Any help would be greatly appreciated!
>
> Cheers,
>
> Frederic
> _______________________________________________________________
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>
> lsc-users mailing list
> [email protected]
> http://lists.lsc-project.org/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
