Hi,
try this filter for your source
<getAllFilter><![CDATA[(&(objectClass=user)(!(objectClass=computer)))]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=user)(!(objectClass=computer))
(sAMAccountName={sAMAccountName}) )]]></getOneFilter>
<cleanFilter><![CDATA[(&(objectClass=user)(!(objectClass=computer))(sAMAccountName={uid}))]]></cleanFilter>
De: "Thang Duong Bao" <[email protected]>
À: "lsc-users" <[email protected]>
Envoyé: Jeudi 19 Janvier 2017 11:31:52
Objet: [lsc-users] Sync data from Active Directory TO OpenLDAP
Hello,
I use Active Directory in Windows Server 2003, now I would like to sync these
database to an OpenLDAP server setup on Google Cloud [AD -> OpenLDAP], this
server will use to authenticate for user to use company service (Forum, Chat,
Website login ect...) (OpenLDAP like a read-only server with data pull from
AD).
This is my lsc.xml source, when try synchronization , alway report "ERROR -
Synchronization aborted because no source object has been found"
<?xml version="1.0" ?>
<!--
In the following file, comments are describing each node. Elements are
referenced through XPath expression, whereas attributes are prefixed with
'@'
//lsc Root node of the XML configuration file
@xmlns XML Schema validation is not ready yet (Reserved for futur use)
@id optional, added by XML API
@revision mandatory, used by the Web Administration Interface to version
this file
-->
<lsc xmlns=" http://lsc-project.org/XSD/lsc-core-2.1.xsd " revision="0">
<!-- ./connections Connections list node, must contain at least two connections
-->
<connections>
<!--
./connection Connection node, include definition of the required parameters.
Depending on the connection type, properties vary.
Existing class type are : ldapConnection, databaseConnnection
Plugins also provides : nisConnection, jndiExecDstConnection
-->
<ldapConnection>
<name>AD</name>
<!-- ./url mandatory, the JNDI URL -->
<url>ldap:// ldap.domain.xyz/dc=localdomain,dc=xyz </url>
<!-- ./username mandatory, the DN to bind with -->
<username>administrator@ localdomain.xyz </username>
<!-- ./password mandatory, credentials to bind with -->
<password>ad_password</password>
<!-- ./authentication mandatory, must contain either ANONYMOUS, SIMPLE, SASL,
GSSAPI or DIGEST_MD5 -->
<authentication>SIMPLE</authentication>
<!-- ./referral mandatory, must contain either IGNORE, THROUGH, THROW or FOLLOW
-->
<referral>IGNORE</referral>
<!-- ./derefAliases mandatory, must contain either NEVER, SEARCH, FIND, ALWAYS
-->
<derefAliases>NEVER</derefAliases>
<!-- ./version mandatory, must contain either VERSION_2, VERSION_3 -->
<version>VERSION_3</version>
<!-- ./pageSize optional, specify the paged size when searching -->
<pageSize>1000</pageSize>
<!-- ./factory mandatory, points to LDAP Context Factory,
com.sun.jndi.ldap.LdapCtxFactory for a SUN JDK -->
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<!-- ./tlsActivated optional, specify if SSL/TLS is activated to connect to the
LDAP server -->
<tlsActivated>false</tlsActivated>
</ldapConnection>
<ldapConnection>
<name>LDAP</name>
<!-- ./url mandatory, the JNDI URL -->
<url>ldap:// 127.0.0.1/dc=localdomain,dc=xyz </url>
<!-- ./username mandatory, the DN to bind with -->
<username>cn=admin,dc=localdomain,dc=xyz</username>
<!-- ./password mandatory, credentials to bind with -->
<password>ldap_password</password>
<!-- ./authentication mandatory, must contain either ANONYMOUS, SIMPLE, SASL,
GSSAPI or DIGEST_MD5 -->
<authentication>SIMPLE</authentication>
<!-- ./referral mandatory, must contain either IGNORE, THROUGH, THROW or FOLLOW
-->
<referral>IGNORE</referral>
<!-- ./derefAliases mandatory, must contain either NEVER, SEARCH, FIND, ALWAYS
-->
<derefAliases>NEVER</derefAliases>
<!-- ./version mandatory, must contain either VERSION_2, VERSION_3 -->
<version>VERSION_3</version>
<!-- ./pageSize optional, specify the paged size when searching -->
<pageSize>-1</pageSize>
<!-- ./factory mandatory, points to LDAP Context Factory,
com.sun.jndi.ldap.LdapCtxFactory for a SUN JDK -->
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<!-- ./tlsActivated optional, specify if SSL/TLS is activated to connect to the
LDAP server -->
<tlsActivated>false</tlsActivated>
</ldapConnection>
</connections>
<tasks>
<task>
<name>adUser</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>ad-source-service</name>
<connection reference="AD" />
<baseDn>ou=ABC,dc=localdomain,dc=xyz</baseDn>
<pivotAttributes>
<string>sAMAccountName</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>description</string>
<string>givenName</string>
<string>mail</string>
<string>objectclass</string>
<string>pwdLastSet</string>
<string>sAMAccountName</string>
<string>sn</string>
<!-- if request password, need use tls connection -->
<!-- <string>unicodePwd</string> -->
<string>userAccountControl</string>
<string>userPrincipalName</string>
</fetchedAttributes>
<getAllFilter><![CDATA[(&(objectClass=user)(!(objectClass=computer)))]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=user)(!(objectClass=computer))(sAMAccountName={uid}))]]></getOneFilter>
<cleanFilter><![CDATA[(&(objectClass=user)(!(objectClass=computer))(sAMAccountName={uid}))]]></cleanFilter>
</ldapSourceService>
<ldapDestinationService>
<name>openldap-dst-service</name>
<connection reference="LDAP" />
<baseDn>ou=ABC,dc=localdomain,dc=xyz</baseDn>
<pivotAttributes>
<string>uid</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>description</string>
<string>givenName</string>
<string>mail</string>
<string>sn</string>
<string>uid</string>
<!-- if request password, need use tls connection -->
<!-- <string>userPassword</string> -->
</fetchedAttributes>
<getAllFilter><![CDATA[(objectClass=inetOrgPerson)]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(uid={uid}))]]></getOneFilter>
<!--<cleanFilter><![CDATA[(&(objectClass=inetOrgPerson)(uid={sAMAccountName}))]]></cleanFilter>-->
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>"cn=" + srcBean.getDatasetFirstValueById("cn") +
",ou=ABC,dc=localdomain,dc=xyz"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<conditions>
<create>true</create>
<update>true</update>
<delete>true</delete>
<changeId>true</changeId>
</conditions>
<dataset>
<name>uid</name>
<policy>KEEP</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("sAMAccountName")</string>
</createValues>
</dataset>
</propertiesBasedSyncOptions>
</task>
</tasks>
<!-- ./audits Audits list node -->
<audits>
<!--./audit Audit node, here a CSV audit, may also be a LDIF or any contributed
audit type -->
<csvAudit>
<!-- ./name mandatory, audit name -->
<name>csv</name>
<!-- ./append optional, default to false, specify to create a new log file or
to append to the existing one -->
<append>true</append>
<!-- ./operations optional, comma separated list of operations (create, delete,
update or rename) -->
<operations>create, delete</operations>
<!-- ./file mandatory, define the location of the file where the CSV data will
be written -->
<file>/tmp/dump.csv</file>
<!-- ./datasets optional, comma separated list of datasets modification to log
-->
<datasets>cn, dn</datasets>
<!-- ./separator optional, default to ";", specify the values separator -->
<separator>,</separator>
</csvAudit>
</audits>
<!-- ./tasks Task list node, must contain at least one task -->
<!-- ./security This mandatory node contains the security settings used by LSC
-->
<security>
<!-- ./encryption This optional node contains the encryption settings -->
<encryption>
<!-- ./keyfile This optional node contains the keyfile location -->
<keyfile>etc/lsc.key</keyfile>
<!-- ./algorithm This optional node contains the encryption algorithm -->
<algorithm>AES</algorithm>
<!-- ./strength This optional node contains the algorithm key length -->
<strength>128</strength>
</encryption>
</security>
</lsc>
Run command to test: /usr/bin/lsc -f /etc/lsc/ad2openldap -s all -c all -n
This is log:
Jan 19 10:00:30 - INFO - Logging configuration successfully loaded from
/etc/lsc/ad2openldap/logback.xml
Jan 19 10:00:30 - INFO - LSC configuration successfully loaded from
/etc/lsc/ad2openldap/
Jan 19 10:00:30 - INFO - Connecting to LDAP server ldap://
127.0.0.1/dc=localdomain,dc=xyz as cn=admin,dc=localdomain,dc=xyz
Jan 19 10:00:30 - INFO - Connecting to LDAP server ldap://
ldap.domain.xyz/dc=localdomain,dc=xyz as administrator@ localdomain.xyz
Jan 19 10:00:31 - INFO - Starting sync for adUser
Jan 19 10:00:31 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:31 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:31 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:31 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:31 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:32 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:32 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:32 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:32 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:32 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:32 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:32 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:32 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:32 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:32 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:32 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:33 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:33 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:33 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:33 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:33 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:33 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:33 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:33 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:33 - ERROR - Synchronization aborted because no source object has
been found !
Jan 19 10:00:33 - ERROR - All entries: 25, to modify entries: 0, successfully
modified entries: 0, errors: 25
Jan 19 10:00:33 - INFO - Starting clean for adUser
Jan 19 10:00:33 - ERROR - Empty or non existant destination (no IDs found)
Any help would be appreciated
Best regards,
Thang Duong Bao
Mobile: (+84) 918 753 062
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
--
Thierry DONGMO
Université Paris Dauphine PSL
D109 - 0172605255
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
