You need two connection entries, for the source and the target,
Met Vriendelijke Groet,
Kind Regards,
Salutations,
Bart Coninckx
Bits 'n Tricks BVBA
Hoge Mierdse Heide 182
2360 Oud-Turnhout
tel. +32 14 480 820
gsm +32 478 88 33 08
[email protected]
http://www.bitsandtricks.com
BTW: BE0817.401.875
Crelan BE46 8601 0806 3436
Voor onze Algemene Voorwaarden, zie:
http://www.bitsandtricks.com/index.php/contact/algemene-voorwaarden
-----Original message-----
From:Brisard, Ghislain <[email protected]>
Sent:Wed 25-01-2017 16:09
Subject:Re: [lsc-users] Synchronization error Openldap/AD GSSAPI
To:[email protected];
The configuration of my xml file is :
<?xml version="1.0" ?>
<!--
In the following file, comments are describing each node. Elements are
referenced through XPath expression, whereas attributes are prefixed
with
'@'
//lsc Root node of the XML configuration file
@xmlns XML Schema validation is not ready yet (Reserved for futur use)
@id optional, added by XML API
@revision mandatory, used by the Web Administration Interface to version
this file
-->
<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0">
<connections>
<!-- annuaire : compte lecture seule (ro) -->
<ldapConnection>
<name>ldap-ro</name>
<url>ldap://annuaire-ieg.domain.fr:389/dc=domain,dc=fr</url>
<username>[email protected]</username>
<password>my_passwd</password>
<authentication>GSSAPI</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>1000</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
</ldapConnection>
And the /etc/krb5.conf contain:
[libdefaults]
default_realm = DOMAIN.FR
ticket_lifetime = 36000
renew_lifetime = 604800
clockskew = 300
default_keytab_name = FILE:/etc/krb5.keytab
...
default_tgs_enctypes = aes128-cts
default_tkt_enctypes = aes128-cts
permitted_enctypes = aes128-cts
...
[realms]
DOMAIN.FR = {
kdc = annuaire-ieg. domain.fr:88
master_kdc = annuaire-ieg. domain.fr:88
admin_server = annuaire-ieg. domain.fr:88
default_domain = domain.fr:88
}
[domain_realm]
.domain.fr = DOMAIN.FR
domain.fr = DOMAIN.FR
_______________________________________________________________________
Ghislain BRISARD
Division Aérospatiale et Défense
Capgemini | Rennes
Tel.: +33 (0)2 99 28 07 70
www.capgemini.com
Rennes Atalante Champs Blancs
7, rue Claude Chappe, CS 67746
35577 Cesson Sévigné cedex - France
People matter, results count.
_______________________________________________________________________
De : [email protected]
[mailto:[email protected]] De la part de Bart Coninckx
Envoyé : mercredi 25 janvier 2017 15:56
À : [email protected]
Objet : Re: [lsc-users] Synchronization error Openldap/AD GSSAPI
I think people on the list can better help you if you add your XML file.
Do not forget to hide your password info though,
Met Vriendelijke Groet,
Kind Regards,
Salutations,
Bart Coninckx
Bits 'n Tricks BVBA
Hoge Mierdse Heide 182
2360 Oud-Turnhout
tel. +32 14 480 820
gsm +32 478 88 33 08
[email protected]
http://www.bitsandtricks.com
BTW: BE0817.401.875
Crelan BE46 8601 0806 3436
Voor onze Algemene Voorwaarden, zie:
http://www.bitsandtricks.com/index.php/contact/algemene-voorwaarden
-----Original message-----
From: Brisard, Ghislain <[email protected]>
Sent: Wed 25-01-2017 15:53
Subject: [lsc-users] Synchronization error Openldap/AD GSSAPI
To: [email protected];
Hello,
I am trying to synchronize an openldap from an AD. I use LSC with GSSAPI.
I configure by following the howto described by Francesco Malvezzi in the list
http://lists.lsc-project.org/pipermail/lsc-users/2013-December/001687.html
When I want to synchronize i have the following message:
janv. 25 15:05:33 - ERROR - Error opening the LDAP connection to the
destination! (java.lang.RuntimeException: Multiple Kerberos connections not
supported (existing value: /etc/lsc/ieg/krb5.ini). Need to set another LSC
instance or unset system property !)
janv. 25 15:05:33 - ERROR - org.lsc.exception.LscConfigurationException:
Configuration exception: java.lang.RuntimeException: Multiple Kerberos
connections not supported (existing value: /etc/lsc/ieg/krb5.ini). Need to set
another LSC instance or unset system property !
_______________________________________________________________________
Ghislain BRISARD
Division Aérospatiale et Défense
Capgemini | Rennes
Tel.: +33 (0)2 99 28 07 70
www.capgemini.com
Rennes Atalante Champs Blancs
7, rue Claude Chappe, CS 67746
35577 Cesson Sévigné cedex - France
People matter, results count.
_______________________________________________________________________
This message contains information that may be privileged or confidential and is
the property of the Capgemini Group. It is intended only for the person to whom
it is addressed. If you are not the intended recipient, you are not authorized
to read, print, retain, copy, disseminate, distribute, or use this message or
any part thereof. If you receive this message in error, please notify the
sender immediately and delete all copies of this message.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
