Ok, my problem is with setting the password, which was too weak:
<dataset>
<!-- unicodePwd = "changeit" at creation (requires SSL connection to AD)
-->
<name>unicodePwd</name>
<policy>KEEP</policy>
<createValues>
<string>AD.getUnicodePwd("changeit")</string>
</createValues>
</dataset>
Changed password from "changeit" to another stronger one and it worked!
Can I just keep source LDAP user's password, instead of defining a new one at
the time of syncing users to Active Directory?
Thanks!
-----Original Message-----
From: lsc-users [mailto:[email protected]] On Behalf Of
Bruno Miguel Martins
Sent: 22 de setembro de 2017 15:52
To: General discussions and help for Ldap Synchronization Connector (LSC) -
Start here! <[email protected]>
Subject: Re: [lsc-users] Error checking XML patterns
[This sender failed our fraud detection checks and may not be who they appear
to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing]
Sorry for not mentioning that in last log, but I've already changed that:
[root@lcs security]# /usr/bin/lsc -f /etc/lsc/openldap2ad -s all -c all Sep 22
15:51:19 - INFO - Logging configuration successfully loaded from
/etc/lsc/openldap2ad/logback.xml Sep 22 15:51:19 - INFO - LSC configuration
successfully loaded from /etc/lsc/openldap2ad/ Sep 22 15:51:19 - INFO -
Connecting to LDAP server ldaps://dc01.bmartins.xyz:636/DC=bmartins,DC=xyz as
CN=LSC,CN=Users,DC=bmartins,DC=xyz
Sep 22 15:51:20 - INFO - Connecting to LDAP server
ldap://ipb.bmartinsldap.xyz:389/dc=bmartinsldap,dc=xyz as
cn=Manager,dc=bmartinsldap,dc=xyz Sep 22 15:51:20 - INFO - Starting sync for
adUser
(...)
-----Original Message-----
From: lsc-users [mailto:[email protected]] On Behalf Of
Clément OUDOT
Sent: 22 de setembro de 2017 15:47
To: [email protected]
Subject: Re: [lsc-users] Error checking XML patterns
Le 22/09/2017 à 16:43, Bruno Miguel Martins a écrit :
> Thanks, that's fixed!
>
> What about this one?
>
> Sep 22 15:41:50 - ERROR - Error while adding entry cn=User
> 01,ou=O365,dc=bmartins,dc=xyz in directory
> :javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
> 0000052D: SvcErr: DSID-031A1262, problem 5003 (WILL_NOT_PERFORM), data 0 ];
> remaining name 'cn=User 01,ou=O365'
> Sep 22 15:41:50 - ERROR - Error while synchronizing ID cn=User
> 01,ou=O365,dc=bmartins,dc=xyz: java.lang.Exception: Technical problem
> while applying modifications to the destination # Fri Sep 22 15:41:50
> WEST 2017
> dn: cn=User 01,ou=O365,dc=bmartins,dc=xyz
> changetype: add
> userPrincipalName: [email protected]
> mail: [email protected]
> sn: User 01
> pwdLastSet: 0
> cn: User 01
> sAMAccountName: user01
> userAccountControl: 512
> unicodePwd:: IgBjAGgAYQBuAGcAZQBpAHQAIgA=
> objectclass: user
> objectclass: organizationalPerson
> objectclass: person
> objectclass: top
>
> I'm so close! ;-)
AD refuses to write password if you connect in clear. Use ldaps:// to connect
to AD.
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité Savoir-faire
Linux
137 boulevard de Magenta - 75010 PARIS
Blog: http://sflx.ca/coudot
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
