Hi Clement,
Thank you very much!! That I guess was the missing piece from the puzzle. I’ll have to setup LDAPS now I guess. Thanks again. :) > On 15 May 2017, at 08:50, Clément OUDOT <[email protected]> > wrote: > > > > Le 13/05/2017 à 06:03, Marti Markov a écrit : >> Hey all, >> >> I’m in the process of syncing users from OpenLDAP to AD. I’m having trouble >> creating the user without forcing them to change the password (as I want >> them to only be able to change it in OpenLDAP and sync the new password to >> AD). >> >> I’m trying to set the pwdLastSet to the current timestamp: >> >> <name>pwdLastSet</name> >> <policy>KEEP</policy> >> <createValues> >> <string>AD.unixTimestampToADTime(Math.round((new Date()).getTime() / >> 1000))</string> >> </createValues> >> </dataset> >> >> Unfortunately I’m getting this error: >> >> May 13 05:58:00 - ERROR - Error while adding entry cn=First >> Last,OU=Agents2,OU=Personel,DC=domain,DC=com in directory >> :javax.naming.NamingException: [LDAP: error code 80 - 00000057: SysErr: >> DSID-031A1291, problem 22 (Invalid argument), data 0 >> >> I have also tried with getting the current timestamp and hardcoding it in >> and it results in the same problem >> >> Just a note I haven’t set up the unicodePwd part yet if that makes a >> difference. >> > > Hello Marti, > > if you don't provide the password at user creation, the user will be > automatically disabled in AD. You need to use SSL (LDAPS) to be able to set > unicodePwd attribute. > > You don't need to set pwdLastSet if you create the password and don't want to > reset it at first connection. Note that you also need to set > userAccountControl attribute. > > The following tutorial will give you most of required information: > https://lsc-project.org/documentation/tutorial/openldaptoactivedirectory > <https://lsc-project.org/documentation/tutorial/openldaptoactivedirectory> > > > > -- > Clément OUDOT > Consultant en logiciels libres, Expert infrastructure et sécurité > Savoir-faire Linux > 137 boulevard de Magenta - 75010 PARIS > Blog: http://sflx.ca/coudot <http://sflx.ca/coudot> > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] > https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
