Re: [lsc-users] Synchronize groups, LDAP : error Invalid DN syntax (34)

Mon, 27 Feb 2017 01:26:50 -0800 


Le 24/02/2017 à 12:04, PASCAL CASSAGNES a écrit :

"General discussions and help for Ldap Synchronization Connector \(LSC\) -
Start here!" <[email protected]> le mardi 21 février 2017
à 16:03 +0100 a écrit:

On 20/02/2017 15:35, PASCAL CASSAGNES wrote:

Hello,
When transferring groups from the OpenLDAP directory to an AD directory
via LSC, I have the following error message for two groups and the other
300 are transferred normally without error :
févr. 20 10:46:11 - ERROR - Error while adding entry
cn=B12_public,OU=groups,OU=OpenLDAP,dc=organisation,dc=fr in directory
:javax.naming.InvalidNameException: cn=B12_public,OU=groups,OU=OpenLDAP:
[LDAP: error code 34 - 00000057: LdapErr: DSID-0C090DB1, comment: Error
in attribute conversion operation, data 0, v2580^@]; remaining name
'cn=B12_public,OU=groups,OU=OpenLDAP'
févr. 20 10:46:11 - ERROR - Error while synchronizing ID
cn=B12_public,OU=groups,OU=OpenLDAP,dc=organisation,dc=fr:
java.lang.Exception: Technical problem while applying modifications to
the destination
# Mon Feb 20 10:46:11 CET 2017
dn: cn=B12_public,OU=groups,OU=OpenLDAP,dc=organisation,dc=fr
changetype: add
member: CN=John DOE,OU=people,OU=OpenLDAP,dc=organisation,dc=fr
member: ...
.
.
Have you ever encountered this error or suggestions for leads to
explore?

Sometimes I have group names that are correct on LDAP, but are rejected
by AD. But the error is not "attribute conversion operation" (and the
end of the message is strange "data 0, v2580^@" ??)

Perhaps you should carefully examine the rejected LDIF, trying to locate
the culprit.

Or try to replay the LDIF ? Remove half the CN, etc. to find the "bad" cn.

That's what I did. I replayed the ldif ldapadd online command. I logically
get the same result and the same error.
I also began to review the cn to find the culprit (s). There are more than
1000, it's a bit long and I thought that an explanation to this error
message could prevent me from going through it! Thank you for your reply.


Hi,


I think this error can occur if you set a member value which does not 
match an existing entry. So you must first create all user accounts in 
AD before synchronizing groups.


--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
137 boulevard de Magenta - 75010 PARIS
Blog: http://sflx.ca/coudot

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users





















					Reply via email to