I forgot to add here that the groups are created, but contains no members. On Tue, Jun 7, 2016 at 4:26 PM, Frederic Van Espen <[email protected]> wrote: > Hello Jon, > > Thanks for the tip! after your suggestion I modified the js code a > bit. Our ldap directory already contains the uid of the member in the > memberUid attributes of the group objects. Updated code looks like > this: > <snip> > var membersSrcDn = srcBean.getDatasetValuesById("memberUid"); > var membersDstDn = []; > > for (var i=0; i<membersSrcDn.size(); i++) { > var uid = membersSrcDn.get(i); > var destDn = ldap.search("OU=People", > "(sAMAccountName=" + uid + ")"); > if (destDn.size() == 0 || destDn.size() > 1) { > continue; > } > var destMemberDn = destDn.get(0) + "," + > ldap.getContextDn(); > membersDstDn.push(destMemberDn); > } > membersDstDn > </snip> > > Now I get this output: > Jun 07 16:20:18 - INFO - Starting sync for group > Jun 07 16:20:18 - DEBUG - In object > "CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": List of > attributes considered for writing in destination: [member, cn, > description, objectClass] > Jun 07 16:20:18 - DEBUG - In object > "CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": Attribute > "member" is in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": Attribute > "member" will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": Attribute > "cn" is in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": Attribute > "cn" will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": Attribute > "description" is in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": Attribute > "description" will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": Attribute > "objectClass" is in KEEP status > Jun 07 16:20:19 - DEBUG - Entry > "CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com" will not be > written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=tech,OU=Group,DC=adds,DC=example,DC=com": List of attributes > considered for writing in destination: [member, cn, description, > objectClass] > Jun 07 16:20:19 - DEBUG - In object > "CN=tech,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" is > in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=tech,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" will > not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=tech,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" is in > FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=tech,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" will not > be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=tech,OU=Group,DC=adds,DC=example,DC=com": Attribute "description" > is in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=tech,OU=Group,DC=adds,DC=example,DC=com": Attribute "description" > will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=tech,OU=Group,DC=adds,DC=example,DC=com": Attribute "objectClass" > is in KEEP status > Jun 07 16:20:19 - DEBUG - Entry > "CN=tech,OU=Group,DC=adds,DC=example,DC=com" will not be written to > the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=finance,OU=Group,DC=adds,DC=example,DC=com": List of attributes > considered for writing in destination: [member, cn, description, > objectClass] > Jun 07 16:20:19 - DEBUG - In object > "CN=finance,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" > is in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=finance,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" > will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=finance,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" is in > FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=finance,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" will > not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=finance,OU=Group,DC=adds,DC=example,DC=com": Attribute > "description" is in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=finance,OU=Group,DC=adds,DC=example,DC=com": Attribute > "description" will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=finance,OU=Group,DC=adds,DC=example,DC=com": Attribute > "objectClass" is in KEEP status > Jun 07 16:20:19 - DEBUG - Entry > "CN=finance,OU=Group,DC=adds,DC=example,DC=com" will not be written to > the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=pm,OU=Group,DC=adds,DC=example,DC=com": List of attributes > considered for writing in destination: [member, cn, description, > objectClass] > Jun 07 16:20:19 - DEBUG - In object > "CN=pm,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" is in > FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=pm,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" will > not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=pm,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" is in > FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=pm,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" will not > be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=pm,OU=Group,DC=adds,DC=example,DC=com": Attribute "description" > is in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=pm,OU=Group,DC=adds,DC=example,DC=com": Attribute "description" > will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=pm,OU=Group,DC=adds,DC=example,DC=com": Attribute "objectClass" > is in KEEP status > Jun 07 16:20:19 - DEBUG - Entry > "CN=pm,OU=Group,DC=adds,DC=example,DC=com" will not be written to the > destination > Jun 07 16:20:19 - DEBUG - In object > "CN=smbFinanceScanner,OU=Group,DC=adds,DC=example,DC=com": List of > attributes considered for writing in destination: [member, cn, > description, objectClass] > Jun 07 16:20:19 - DEBUG - In object > "CN=smbFinanceScanner,OU=Group,DC=adds,DC=example,DC=com": Attribute > "member" is in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=smbFinanceScanner,OU=Group,DC=adds,DC=example,DC=com": Attribute > "member" will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=smbFinanceScanner,OU=Group,DC=adds,DC=example,DC=com": Attribute > "cn" is in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=smbFinanceScanner,OU=Group,DC=adds,DC=example,DC=com": Attribute > "cn" will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=smbFinanceScanner,OU=Group,DC=adds,DC=example,DC=com": Attribute > "description" is in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=smbFinanceScanner,OU=Group,DC=adds,DC=example,DC=com": Attribute > "description" will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=smbFinanceScanner,OU=Group,DC=adds,DC=example,DC=com": Attribute > "objectClass" is in KEEP status > Jun 07 16:20:19 - DEBUG - Entry > "CN=smbFinanceScanner,OU=Group,DC=adds,DC=example,DC=com" will not be > written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=service,OU=Group,DC=adds,DC=example,DC=com": List of attributes > considered for writing in destination: [member, cn, description, > objectClass] > Jun 07 16:20:19 - DEBUG - In object > "CN=service,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" > is in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=service,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" > will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=service,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" is in > FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=service,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" will > not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=service,OU=Group,DC=adds,DC=example,DC=com": Attribute > "description" is in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=service,OU=Group,DC=adds,DC=example,DC=com": Attribute > "description" will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=service,OU=Group,DC=adds,DC=example,DC=com": Attribute > "objectClass" is in KEEP status > Jun 07 16:20:19 - DEBUG - Entry > "CN=service,OU=Group,DC=adds,DC=example,DC=com" will not be written to > the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=dev,OU=Group,DC=adds,DC=example,DC=com": List of attributes > considered for writing in destination: [member, cn, description, > objectClass] > Jun 07 16:20:19 - DEBUG - In object > "CN=dev,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" is in > FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=dev,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" will > not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=dev,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" is in > FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=dev,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" will not > be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=dev,OU=Group,DC=adds,DC=example,DC=com": Attribute "description" > is in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=dev,OU=Group,DC=adds,DC=example,DC=com": Attribute "description" > will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=dev,OU=Group,DC=adds,DC=example,DC=com": Attribute "objectClass" > is in KEEP status > Jun 07 16:20:19 - DEBUG - Entry > "CN=dev,OU=Group,DC=adds,DC=example,DC=com" will not be written to the > destination > Jun 07 16:20:19 - DEBUG - In object > "CN=smpadmins,OU=Group,DC=adds,DC=example,DC=com": List of attributes > considered for writing in destination: [member, cn, description, > objectClass] > Jun 07 16:20:19 - DEBUG - In object > "CN=smpadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" > is in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=smpadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" > will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=smpadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" is > in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=smpadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" > will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=smpadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute > "description" is in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=smpadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute > "description" will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=smpadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute > "objectClass" is in KEEP status > Jun 07 16:20:19 - DEBUG - Entry > "CN=smpadmins,OU=Group,DC=adds,DC=example,DC=com" will not be written > to the destination > Jun 07 16:20:19 - ERROR - There is no future associated with operation > message ID 12, perhaps the operation would have been completed > Jun 07 16:20:19 - ERROR - There is no future associated with operation > message ID 12, perhaps the operation would have been completed > Jun 07 16:20:19 - DEBUG - In object > "CN=sales,OU=Group,DC=adds,DC=example,DC=com": List of attributes > considered for writing in destination: [member, cn, description, > objectClass] > Jun 07 16:20:19 - DEBUG - In object > "CN=sales,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" is > in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=sales,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" > will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=sales,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" is in > FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=sales,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" will > not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=sales,OU=Group,DC=adds,DC=example,DC=com": Attribute > "description" is in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=sales,OU=Group,DC=adds,DC=example,DC=com": Attribute > "description" will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=sales,OU=Group,DC=adds,DC=example,DC=com": Attribute > "objectClass" is in KEEP status > Jun 07 16:20:19 - DEBUG - Entry > "CN=sales,OU=Group,DC=adds,DC=example,DC=com" will not be written to > the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=svn,OU=Group,DC=adds,DC=example,DC=com": List of attributes > considered for writing in destination: [member, cn, description, > objectClass] > Jun 07 16:20:19 - DEBUG - In object > "CN=svn,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" is in > FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=svn,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" will > not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=svn,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" is in > FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=svn,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" will not > be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=svn,OU=Group,DC=adds,DC=example,DC=com": Attribute "description" > is in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=svn,OU=Group,DC=adds,DC=example,DC=com": Attribute "description" > will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=svn,OU=Group,DC=adds,DC=example,DC=com": Attribute "objectClass" > is in KEEP status > Jun 07 16:20:19 - DEBUG - Entry > "CN=svn,OU=Group,DC=adds,DC=example,DC=com" will not be written to the > destination > Jun 07 16:20:19 - DEBUG - In object > "CN=webadmins,OU=Group,DC=adds,DC=example,DC=com": List of attributes > considered for writing in destination: [member, cn, description, > objectClass] > Jun 07 16:20:19 - DEBUG - In object > "CN=webadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" > is in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=webadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute "member" > will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=webadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" is > in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=webadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute "cn" > will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=webadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute > "description" is in FORCE status > Jun 07 16:20:19 - DEBUG - In object > "CN=webadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute > "description" will not be written to the destination > Jun 07 16:20:19 - DEBUG - In object > "CN=webadmins,OU=Group,DC=adds,DC=example,DC=com": Attribute > "objectClass" is in KEEP status > > Is there any way I can enable more debugging? Like printing the whole > arrays or something like that? > > Thanks, > > Frederic > > On Tue, Jun 7, 2016 at 4:05 PM, Jon C Kidder <[email protected]> wrote: >> It appears you do not have a dataset for cn. Cn is the rdn of the record >> and you must include at least one cn value that matches the cn value of the >> dn. >> >> -Jon C. Kidder >> American Electric Power >> Middleware Services >> Email: [email protected] >> Phone: 614-716-4970 >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Frederic Van >> Espen >> Sent: Tuesday, June 07, 2016 9:51 AM >> To: [email protected] >> Subject: [lsc-users] group membership sync from openldap to active directory >> >> This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN >> attachments. >> >> ********************************************************************** >> Hi, >> >> I'm making a first attempt to synchronize group membership from our openldap >> server to our active directory server. Groups are created correctly, but >> unfortunately I'm receiving some errors while syncing the group membership. >> Here's the config I'm using right now: >> >> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0"> >> <connections> >> <!-- Connection to Active Directory. --> >> <ldapConnection> >> <name>AD</name> >> <url>ldaps://addc.adds.example.com:636/dc=example,dc=com</url> >> >> <username>cn=Administrator,cn=Users,dc=adds,dc=example,dc=com</username> >> <password>REDACTED</password> >> <authentication>SIMPLE</authentication> >> <pageSize>1000</pageSize> >> </ldapConnection> >> <!-- Connection to OpenLDAP. --> >> <ldapConnection> >> <name>openldap</name> >> <url>ldaps://ldap.intranet.example.com:636/dc=example,dc=com</url> >> <username>cn=admin,dc=example,dc=com</username> >> <password>REDACTED</password> >> <authentication>SIMPLE</authentication> >> <pageSize>1000</pageSize> >> </ldapConnection> >> </connections> >> <!-- Tasks configuration. --> >> <tasks> >> <!-- Task for synchronize users from OpenLDAP to Active Directory. --> >> <task> >> <name>SyncPeople</name> >> <bean>org.lsc.beans.SimpleBean</bean> >> <!-- LDAP source service. --> >> <ldapSourceService> >> <name>openldap-source-service</name> >> <connection reference="openldap" /> >> <baseDn>ou=People,dc=example,dc=com</baseDn> >> <pivotAttributes> >> <string>uid</string> >> </pivotAttributes> >> <fetchedAttributes> >> <string>cn</string> >> <string>description</string> >> <string>givenName</string> >> <string>mail</string> >> <string>sn</string> >> <string>uid</string> >> <string>userpassword</string> >> <string>homePhone</string> >> <string>randomstuff</string> >> </fetchedAttributes> >> <getAllFilter><![CDATA[(objectClass=inetOrgPerson)]]></getAllFilter> >> >> <getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(uid={uid}))]]></getOneFilter> >> >> <cleanFilter><![CDATA[(&(objectClass=inetOrgPerson)(uid={sAMAccountName}))]]></cleanFilter> >> </ldapSourceService> >> <!-- LDAP destination service. --> >> <ldapDestinationService> >> <name>ad-dst-service</name> >> <connection reference="AD" /> >> <baseDn>ou=People,dc=adds,dc=example,dc=com</baseDn> >> <pivotAttributes> >> <string>sAMAccountName</string> >> </pivotAttributes> >> <fetchedAttributes> >> <string>objectclass</string> >> <string>cn</string> >> <string>description</string> >> <string>givenName</string> >> <string>mail</string> >> <string>pwdLastSet</string> >> <string>sAMAccountName</string> >> <string>sn</string> >> <string>unicodePwd</string> >> <string>userAccountControl</string> >> <string>userPrincipalName</string> >> <string>homePhone</string> >> </fetchedAttributes> >> <getAllFilter><![CDATA[(objectClass=user)]]></getAllFilter> >> >> <getOneFilter><![CDATA[(&(objectClass=user)(sAMAccountName={uid}))]]></getOneFilter> >> </ldapDestinationService> >> <!-- Synchronization rules. --> >> <propertiesBasedSyncOptions> >> <mainIdentifier>js:"cn=" + >> srcBean.getDatasetFirstValueById("cn") + ",ou=" + getOu(srcBean.DN) + >> ",dc=adds,dc=example,dc=com"</mainIdentifier> >> <defaultDelimiter>;</defaultDelimiter> >> <defaultPolicy>FORCE</defaultPolicy> >> <conditions> >> <create>true</create> >> <update>true</update> >> <delete>true</delete> >> <changeId>true</changeId> >> </conditions> >> <!-- objectClass = user/organizationalPerson/person/top --> >> <dataset> >> <name>objectClass</name> >> <policy>KEEP</policy> >> <createValues> >> <string>"user"</string> >> <string>"organizationalPerson"</string> >> <string>"person"</string> >> <string>"top"</string> >> </createValues> >> <delimiter>,</delimiter> >> </dataset> >> <!-- sAMAccountName = uid --> >> <dataset> >> <name>sAMAccountName</name> >> <policy>KEEP</policy> >> <createValues> >> <string>srcBean.getDatasetFirstValueById("uid")</string> >> </createValues> >> </dataset> >> <!-- userPrincipalName = uid + "@domainName.org" --> >> <dataset> >> <name>userPrincipalName</name> >> <policy>FORCE</policy> >> <forceValues> >> <string>srcBean.getDatasetFirstValueById("uid") + >> "@example.com"</string> >> </forceValues> >> </dataset> >> <!-- Configuring account like normal and non admin. --> >> <dataset> >> <name>userAccountControl</name> >> <policy>KEEP</policy> >> <createValues> >> <string>AD.userAccountControlSet( "0", [ >> AD.UAC_SET_PASSWD_NOTREQD,AD.UAC_SET_NORMAL_ACCOUNT ])</string> >> </createValues> >> </dataset> >> <!-- pwdLastSet = -1; no require to user for changing password on >> next logon. --> >> <dataset> >> <name>pwdLastSet</name> >> <policy>KEEP</policy> >> <createValues> >> <string>"0"</string> >> </createValues> >> </dataset> >> <dataset> >> <name>unicodePwd</name> >> <policy>KEEP</policy> >> <createValues> >> >> <string>AD.getUnicodePwd(srcBean.getDatasetFirstValueById("userpassword"))</string> >> </createValues> >> </dataset> >> </propertiesBasedSyncOptions> >> <scriptInclude> >> <string>../scripts/getOu.js</string> >> </scriptInclude> >> </task> >> <!-- Task for synchronize groups from OpenLDAP to Active Directory. --> >> >> <task> >> <name>group</name> >> <bean>org.lsc.beans.SimpleBean</bean> >> <asyncLdapSourceService> >> <name>group-source-service</name> >> <connection reference="openldap" /> >> <baseDn>ou=Group,dc=example,dc=com</baseDn> >> <pivotAttributes> >> <string>cn</string> >> </pivotAttributes> >> <fetchedAttributes> >> <string>cn</string> >> <string>description</string> >> <string>memberUid</string> >> </fetchedAttributes> >> <getAllFilter><![CDATA[(objectClass=posixGroup)]]></getAllFilter> >> >> <getOneFilter><![CDATA[(&(objectClass=posixGroup)(cn={cn}))]]></getOneFilter> >> >> <cleanFilter><![CDATA[(&(objectClass=posixGroup)(cn={cn}))]]></cleanFilter> >> <serverType>OpenLDAP</serverType> >> </asyncLdapSourceService> >> <ldapDestinationService> >> <name>group-dst-service</name> >> <connection reference="AD" /> >> <baseDn>OU=Group,DC=adds,DC=example,DC=com</baseDn> >> <pivotAttributes> >> <string>cn</string> >> </pivotAttributes> >> <fetchedAttributes> >> <string>cn</string> >> <string>description</string> >> <string>member</string> >> <string>objectClass</string> >> </fetchedAttributes> >> <getAllFilter><![CDATA[(objectClass=group)]]></getAllFilter> >> >> <getOneFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></getOneFilter> >> </ldapDestinationService> >> <propertiesBasedSyncOptions> >> <mainIdentifier>js:"cn=" + >> javax.naming.ldap.Rdn.escapeValue(srcBean.getDatasetFirstValueById("cn")) >> + ",OU=Group,DC=adds,DC=example,DC=com"</mainIdentifier> >> <defaultDelimiter>;</defaultDelimiter> >> <defaultPolicy>FORCE</defaultPolicy> >> <conditions> >> <create>true</create> >> <update>true</update> >> <delete>true</delete> >> <changeId>true</changeId> >> </conditions> >> <dataset> >> <name>objectclass</name> >> <policy>KEEP</policy> >> <createValues> >> <string>"group"</string> >> <string>"top"</string> >> </createValues> >> </dataset> >> <dataset> >> <name>member</name> >> <policy>FORCE</policy> >> <forceValues> >> <string> >> <![CDATA[ >> rdjs: >> >> var membersSrcDn = srcBean.getDatasetValuesById("memberUid"); >> var membersDstDn = []; >> >> for (var i=0; i<membersSrcDn.size(); i++) { >> var memberSrcDn = membersSrcDn.get(i); >> var uid = ""; >> try { >> uid = srcLdap.attribute(memberSrcDn, "uid").get(0); >> } catch(e) { >> continue; >> } >> var destDn = ldap.search("ou=People", "(sAMAccountName=" + >> uid + ")"); >> if (destDn.size() == 0 || destDn.size() > 1) { >> continue; >> } >> var destMemberDn = destDn.get(0) + "," + >> ldap.getContextDn(); >> membersDstDn.push(destMemberDn); >> } >> membersDstDn >> ]]> >> </string> >> </forceValues> >> </dataset> >> </propertiesBasedSyncOptions> >> </task> >> </tasks> >> </lsc> >> >> >> This is the error I'm receiving: >> Jun 07 15:43:40 - ERROR - All entries: 69, to modify entries: 1, >> successfully modified entries: 0, errors: 1 Jun 07 15:43:40 - INFO - >> Starting clean for SyncPeople Jun 07 15:43:40 - DEBUG - Using pagedResults >> control for 1000 entries at a time Jun 07 15:43:41 - INFO - All entries: >> 68, to modify entries: 0, successfully modified entries: 0, errors: 0 Jun 07 >> 15:43:41 - INFO - Starting sync for group Jun 07 15:43:41 - DEBUG - In >> object >> "CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": List of >> attributes considered for writing in destination: [member, cn, description, >> objectClass] Jun 07 15:43:41 - DEBUG - In object >> "CN=vpn-smp-production,OU=Group,DC=adds,DC=example,DC=com": Attribute >> "member" is in FORCE status Jun 07 15:43:41 - ERROR - Programmatic error >> java.lang.reflect.InvocationTargetException: null at >> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_67] >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >> ~[na:1.7.0_67] >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> ~[na:1.7.0_67] >> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67] at >> org.lsc.jndi.ScriptableObject.wrap(ScriptableObject.java:92) >> [lsc-core-2.1.3.jar:na] >> at org.lsc.jndi.ScriptableObject.wrapString(ScriptableObject.java:155) >> [lsc-core-2.1.3.jar:na] >> at >> org.lsc.jndi.ScriptableJndiServices.attribute(ScriptableJndiServices.java:211) >> [lsc-core-2.1.3.jar:na] >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> ~[na:1.7.0_67] at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >> ~[na:1.7.0_67] >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> ~[na:1.7.0_67] >> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67] at >> sun.org.mozilla.javascript.internal.MemberBox.invoke(MemberBox.java:167) >> [na:1.7.0_67] >> at >> sun.org.mozilla.javascript.internal.NativeJavaMethod.call(NativeJavaMethod.java:245) >> [na:1.7.0_67] >> at >> sun.org.mozilla.javascript.internal.Interpreter.interpretLoop(Interpreter.java:1706) >> [na:1.7.0_67] >> at >> sun.org.mozilla.javascript.internal.Interpreter.interpret(Interpreter.java:849) >> [na:1.7.0_67] >> at >> sun.org.mozilla.javascript.internal.InterpretedFunction.call(InterpretedFunction.java:162) >> [na:1.7.0_67] >> at >> sun.org.mozilla.javascript.internal.ContextFactory.doTopCall(ContextFactory.java:430) >> [na:1.7.0_67] >> at >> com.sun.script.javascript.RhinoScriptEngine$1.superDoTopCall(RhinoScriptEngine.java:116) >> [na:1.7.0_67] >> at >> com.sun.script.javascript.RhinoScriptEngine$1.doTopCall(RhinoScriptEngine.java:109) >> [na:1.7.0_67] >> at >> sun.org.mozilla.javascript.internal.ScriptRuntime.doTopCall(ScriptRuntime.java:3160) >> [na:1.7.0_67] >> at >> sun.org.mozilla.javascript.internal.InterpretedFunction.exec(InterpretedFunction.java:173) >> [na:1.7.0_67] >> at >> sun.org.mozilla.javascript.internal.Context.evaluateReader(Context.java:1169) >> [na:1.7.0_67] >> at >> com.sun.script.javascript.RhinoScriptEngine.eval(RhinoScriptEngine.java:214) >> [na:1.7.0_67] >> at >> com.sun.script.javascript.RhinoScriptEngine.eval(RhinoScriptEngine.java:240) >> [na:1.7.0_67] >> at javax.script.AbstractScriptEngine.eval(AbstractScriptEngine.java:233) >> [na:1.7.0_67] >> at org.lsc.utils.JScriptEvaluator.instanceEval(JScriptEvaluator.java:222) >> [lsc-core-2.1.3.jar:na] >> at org.lsc.utils.JScriptEvaluator.evalToStringList(JScriptEvaluator.java:119) >> [lsc-core-2.1.3.jar:na] >> at >> org.lsc.utils.ScriptingEvaluator.evalToStringList(ScriptingEvaluator.java:136) >> [lsc-core-2.1.3.jar:na] >> at org.lsc.beans.BeanComparator.getValuesToSet(BeanComparator.java:602) >> [lsc-core-2.1.3.jar:na] >> at org.lsc.beans.BeanComparator.getUpdatedObject(BeanComparator.java:284) >> [lsc-core-2.1.3.jar:na] >> at >> org.lsc.beans.BeanComparator.calculateModifications(BeanComparator.java:176) >> [lsc-core-2.1.3.jar:na] >> at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:773) >> [lsc-core-2.1.3.jar:na] >> at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:707) >> [lsc-core-2.1.3.jar:na] >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >> [na:1.7.0_67] >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >> [na:1.7.0_67] >> at java.lang.Thread.run(Thread.java:745) [na:1.7.0_67] Caused by: >> java.lang.RuntimeException: >> org.apache.directory.api.ldap.model.exception.LdapInvalidDnException: >> ERR_04202 A value is missing on some RDN at >> org.lsc.jndi.JndiServices.rewriteBase(JndiServices.java:659) >> ~[lsc-core-2.1.3.jar:na] >> at org.lsc.jndi.JndiServices.doReadEntry(JndiServices.java:691) >> ~[lsc-core-2.1.3.jar:na] >> at org.lsc.jndi.JndiServices.readEntry(JndiServices.java:666) >> ~[lsc-core-2.1.3.jar:na] >> at org.lsc.jndi.ScriptableJndiServices._attr(ScriptableJndiServices.java:218) >> [lsc-core-2.1.3.jar:na] >> ... 36 common frames omitted >> Caused by: >> org.apache.directory.api.ldap.model.exception.LdapInvalidDnException: >> ERR_04202 A value is missing on some RDN at >> org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:279) >> ~[api-all-1.0.0-M22.jar:1.0.0-M22] >> at org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:211) >> ~[api-all-1.0.0-M22.jar:1.0.0-M22] >> at org.lsc.jndi.JndiServices.rewriteBase(JndiServices.java:647) >> ~[lsc-core-2.1.3.jar:na] >> ... 39 common frames omitted >> Jun 07 15:43:41 - ERROR - Programmatic error >> java.lang.reflect.InvocationTargetException: null at >> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_67] >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >> ~[na:1.7.0_67] >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> ~[na:1.7.0_67] >> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67] at >> org.lsc.jndi.ScriptableObject.wrap(ScriptableObject.java:92) >> [lsc-core-2.1.3.jar:na] >> at org.lsc.jndi.ScriptableObject.wrapString(ScriptableObject.java:155) >> [lsc-core-2.1.3.jar:na] >> at >> org.lsc.jndi.ScriptableJndiServices.attribute(ScriptableJndiServices.java:211) >> [lsc-core-2.1.3.jar:na] >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> ~[na:1.7.0_67] at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >> ~[na:1.7.0_67] >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> ~[na:1.7.0_67] >> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67] at >> sun.org.mozilla.javascript.internal.MemberBox.invoke(MemberBox.java:167) >> [na:1.7.0_67] >> at >> sun.org.mozilla.javascript.internal.NativeJavaMethod.call(NativeJavaMethod.java:245) >> [na:1.7.0_67] >> at >> sun.org.mozilla.javascript.internal.Interpreter.interpretLoop(Interpreter.java:1706) >> [na:1.7.0_67] >> at >> sun.org.mozilla.javascript.internal.Interpreter.interpret(Interpreter.java:849) >> [na:1.7.0_67] >> at >> sun.org.mozilla.javascript.internal.InterpretedFunction.call(InterpretedFunction.java:162) >> [na:1.7.0_67] >> at >> sun.org.mozilla.javascript.internal.ContextFactory.doTopCall(ContextFactory.java:430) >> [na:1.7.0_67] >> at >> com.sun.script.javascript.RhinoScriptEngine$1.superDoTopCall(RhinoScriptEngine.java:116) >> [na:1.7.0_67] >> at >> com.sun.script.javascript.RhinoScriptEngine$1.doTopCall(RhinoScriptEngine.java:109) >> [na:1.7.0_67] >> at >> sun.org.mozilla.javascript.internal.ScriptRuntime.doTopCall(ScriptRuntime.java:3160) >> [na:1.7.0_67] >> at >> sun.org.mozilla.javascript.internal.InterpretedFunction.exec(InterpretedFunction.java:173) >> [na:1.7.0_67] >> at >> sun.org.mozilla.javascript.internal.Context.evaluateReader(Context.java:1169) >> [na:1.7.0_67] >> at >> com.sun.script.javascript.RhinoScriptEngine.eval(RhinoScriptEngine.java:214) >> [na:1.7.0_67] >> at >> com.sun.script.javascript.RhinoScriptEngine.eval(RhinoScriptEngine.java:240) >> [na:1.7.0_67] >> at javax.script.AbstractScriptEngine.eval(AbstractScriptEngine.java:233) >> [na:1.7.0_67] >> at org.lsc.utils.JScriptEvaluator.instanceEval(JScriptEvaluator.java:222) >> [lsc-core-2.1.3.jar:na] >> at org.lsc.utils.JScriptEvaluator.evalToStringList(JScriptEvaluator.java:119) >> [lsc-core-2.1.3.jar:na] >> at >> org.lsc.utils.ScriptingEvaluator.evalToStringList(ScriptingEvaluator.java:136) >> [lsc-core-2.1.3.jar:na] >> at org.lsc.beans.BeanComparator.getValuesToSet(BeanComparator.java:602) >> [lsc-core-2.1.3.jar:na] >> at org.lsc.beans.BeanComparator.getUpdatedObject(BeanComparator.java:284) >> [lsc-core-2.1.3.jar:na] >> at >> org.lsc.beans.BeanComparator.calculateModifications(BeanComparator.java:176) >> [lsc-core-2.1.3.jar:na] >> at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:773) >> [lsc-core-2.1.3.jar:na] >> at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:707) >> [lsc-core-2.1.3.jar:na] >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >> [na:1.7.0_67] >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >> [na:1.7.0_67] >> at java.lang.Thread.run(Thread.java:745) [na:1.7.0_67] Caused by: >> java.lang.RuntimeException: >> org.apache.directory.api.ldap.model.exception.LdapInvalidDnException: >> ERR_04202 A value is missing on some RDN at >> org.lsc.jndi.JndiServices.rewriteBase(JndiServices.java:659) >> ~[lsc-core-2.1.3.jar:na] >> at org.lsc.jndi.JndiServices.doReadEntry(JndiServices.java:691) >> ~[lsc-core-2.1.3.jar:na] >> at org.lsc.jndi.JndiServices.readEntry(JndiServices.java:666) >> ~[lsc-core-2.1.3.jar:na] >> at org.lsc.jndi.ScriptableJndiServices._attr(ScriptableJndiServices.java:218) >> [lsc-core-2.1.3.jar:na] >> ... 36 common frames omitted >> >> I assume the error is in the javascript code, but I'm at a loss on finding >> out where exactly, or how to do the debugging. Can anyone point me in the >> right direction? >> >> Any help would be greatly appreciated! >> >> Cheers, >> >> Frederic >> _______________________________________________________________ >> Ldap Synchronization Connector (LSC) - http://lsc-project.org >> >> lsc-users mailing list >> [email protected] >> http://lists.lsc-project.org/listinfo/lsc-users _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
