Maybe I have spoken too early.
If I understand the error messages correctly, LSC is trying to sync from
OpenLDAP to AD and cannot find the uid. That is also expected behaviour as I
want the sync from AD to OpenLDAP. The uid which are being looked for do not
exist on OpenLDAP, I want them to be copied there from AD.
I don’t quite understand why it knows which uid to look for although the sync
is the other way round.
The error messages are:
root@LAB-LDAP01:~# /usr/bin/lsc -f /etc/lsc/ad2openldap/ -s all -c all -n
Oct 24 16:05:26 - INFO - Logging configuration successfully loaded from
/etc/lsc/ad2openldap/logback.xml
Oct 24 16:05:26 - INFO - LSC configuration successfully loaded from
/etc/lsc/ad2openldap/
Oct 24 16:05:26 - INFO - Connecting to LDAP server success
Oct 24 16:05:26 - INFO - Connecting to LDAP server success
Oct 24 16:05:26 - INFO - Starting sync for ADtoLDAP-Test
Oct 24 16:05:26 - ERROR - Error while looking for
(&(objectClass=inetorgperson)(uid=mmu)) in ou=OpenLDAP,dc=projectldap,dc=local:
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object];
remaining name 'ou=OpenLDAP'
Oct 24 16:05:26 - ERROR - Error while synchronizing ID {samaccountname=mmu}:
org.lsc.exception.LscServiceException: javax.naming.NameNotFoundException:
[LDAP: error code 32 - No Such Object]; remaining name 'ou=OpenLDAP'
Oct 24 16:05:26 - ERROR - Error while looking for
(&(objectClass=inetorgperson)(uid=cnorris)) in
ou=OpenLDAP,dc=projectldap,dc=local: javax.naming.NameNotFoundException: [LDAP:
error code 32 - No Such Object]; remaining name 'ou=OpenLDAP'
Oct 24 16:05:26 - ERROR - Error while synchronizing ID
{samaccountname=cnorris}: org.lsc.exception.LscServiceException:
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object];
remaining name 'ou=OpenLDAP'
Oct 24 16:05:26 - ERROR - Error while looking for
(&(objectClass=inetorgperson)(uid=fbaggins)) in
ou=OpenLDAP,dc=projectldap,dc=local: javax.naming.NameNotFoundException: [LDAP:
error code 32 - No Such Object]; remaining name 'ou=OpenLDAP'
Oct 24 16:05:26 - ERROR - Error while synchronizing ID
{samaccountname=fbaggins}: org.lsc.exception.LscServiceException:
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object];
remaining name 'ou=OpenLDAP'
Oct 24 16:05:26 - ERROR - Error while looking for
(&(objectClass=inetorgperson)(uid=rzufall)) in
ou=OpenLDAP,dc=projectldap,dc=local: javax.naming.NameNotFoundException: [LDAP:
error code 32 - No Such Object]; remaining name 'ou=OpenLDAP'
Oct 24 16:05:26 - ERROR - Error while synchronizing ID
{samaccountname=rzufall}: org.lsc.exception.LscServiceException:
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object];
remaining name 'ou=OpenLDAP'
Oct 24 16:05:26 - ERROR - Error while looking for
(&(objectClass=inetorgperson)(uid=sgoku)) in
ou=OpenLDAP,dc=projectldap,dc=local: javax.naming.NameNotFoundException: [LDAP:
error code 32 - No Such Object]; remaining name 'ou=OpenLDAP'
Oct 24 16:05:26 - ERROR - Error while synchronizing ID {samaccountname=sgoku}:
org.lsc.exception.LscServiceException: javax.naming.NameNotFoundException:
[LDAP: error code 32 - No Such Object]; remaining name 'ou=OpenLDAP'
Oct 24 16:05:26 - ERROR - All entries: 5, to modify entries: 0, successfully
modified entries: 0, errors: 5
Oct 24 16:05:26 - INFO - Starting clean for ADtoLDAP-Test
Oct 24 16:05:26 - ERROR - javax.naming.NameNotFoundException: [LDAP: error code
32 - No Such Object]; remaining name 'ou=OpenLDAP'
Oct 24 16:05:26 - ERROR - Empty or non existant destination (no IDs found)
Here once more my lsc.xml as I have made changes:
<?xml version="1.0" ?>
<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0">
<connections>
<ldapConnection>
<name>MVC-LAB</name>
<url>ldap://0.0.0.0:389/dc=MVC-LAB,dc=local</url>
<username>cn=administrator,cn=Users,dc=MVC-LAB,dc=local</username>
<password>123password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>1000</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
</ldapConnection>
<ldapConnection>
<name>projectLDAP</name>
<url>ldap://0.0.0.0:389/dc=projectldap,dc=local</url>
<username>cn=admin,dc=projectldap,dc=local</username>
<password>123</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>-1</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
</ldapConnection>
</connections>
<tasks>
<task>
<name>ADtoLDAP-Test</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>AD-src</name>
<connection reference="MVC-LAB" />
<baseDn>ou=OpenLDAP,dc=MVC-LAB,dc=local</baseDn>
<pivotAttributes>
<string>sAMAccountName</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>sn</string>
<string>givenName</string>
<string>description</string>
<string>objectClass</string>
<string>sAMAccountName</string>
<string>telephoneNumber</string>
<string>title</string>
<string>department</string>
<string>displayName</string>
</fetchedAttributes>
<getAllFilter><![CDATA[(objectClass=user)]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=user)(sAMAccountName={sAMAccountName}))]]></getOneFilter>
<cleanFilter><![CDATA[(&(objectClass=user)(sAMAccountName={uid}))]]></cleanFilter>
</ldapSourceService>
<ldapDestinationService>
<name>OpenLDAP-dst</name>
<connection reference="projectLDAP" />
<baseDn>ou=OpenLDAP,dc=projectldap,dc=local</baseDn>
<pivotAttributes>
<string>uid</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>sn</string>
<string>mail</string>
<string>givenName</string>
<string>description</string>
<string>uid</string>
<string>phoneNumber</string>
<string>directoryId</string>
<string>title</string>
<string>department</string>
<string>displayName</string>
</fetchedAttributes>
<getAllFilter><![CDATA[(objectClass=inetorgperson)]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=inetorgperson)(uid={sAMAccountName}))]]></getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>"cn=" + srcBean.getDatasetValueById("sAMAccountName") +
",ou=OpenLDAP,dc=MVC-LAB,dc=local"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<conditions>
<create>true</create>
<update>true</update>
<delete>true</delete>
<changeId>true</changeId>
</conditions>
<dataset>
<name>objectClass</name>
<policy>KEEP</policy>
<createValues>
<string>"user"</string>
<string>"organizationalPerson"</string>
<string>"person"</string>
<string>"top"</string>
</createValues>
</dataset>
<dataset>
<name>uid</name>
<policy>KEEP</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("sAMAccountName")</string>
</createValues>
</dataset>
<dataset>
<name>cn</name>
<policy>KEEP</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("cn")</string>
</createValues>
</dataset>
<dataset>
<name>sn</name>
<policy>KEEP</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("sn")</string>
</createValues>
</dataset>
<dataset>
<name>givenName</name>
<policy>KEEP</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("givenName")</string>
</createValues>
</dataset>
<dataset>
<name>description</name>
<policy>KEEP</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("description")</string>
</createValues>
</dataset>
<dataset>
<name>telephoneNumber</name>
<policy>KEEP</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("phoneNumber")</string>
</createValues>
</dataset>
<dataset>
<name>title</name>
<policy>KEEP</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("title")</string>
</createValues>
</dataset>
<dataset>
<name>department</name>
<policy>KEEP</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("department")</string>
</createValues>
</dataset>
<dataset>
<name>displayName</name>
<policy>KEEP</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("displayName")</string>
</createValues>
</dataset>
<dataset>
<name>mail</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("sAMAccountName") +
"@video.mvc-lab.local"</string>
</createValues>
</dataset>
<dataset>
<name>directoryId</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("sAMAccountName") +
"@video.mvc-lab.local"</string>
</createValues>
</dataset>
</propertiesBasedSyncOptions>
</task>
</tasks>
</lsc>
Kind Regards,
Colin
-----Ursprüngliche Nachricht-----
Von: Thorn, Colin
Gesendet: Dienstag, 24. Oktober 2017 15:23
An: General discussions and help for Ldap Synchronization Connector (LSC) -
Start here! <lsc-users@lists.lsc-project.org>
Betreff: AW: [lsc-users] lsc config
Thanks, I have reached next step.
I have two new errors which I do not understand, maybe you could help once
again:
Oct 24 15:21:29 - ERROR - Error opening the LDAP connection to the destination!
(javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580])
Oct 24 15:21:29 - ERROR - org.lsc.exception.LscConfigurationException:
Configuration exception: javax.naming.AuthenticationException: [LDAP: error
code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext
error, data 52e, v2580]
Kind regards,
Colin Thorn
-----Ursprüngliche Nachricht-----
Von: lsc-users [mailto:lsc-users-boun...@lists.lsc-project.org] Im Auftrag von
Clément OUDOT
Gesendet: Dienstag, 24. Oktober 2017 15:18
An: General discussions and help for Ldap Synchronization Connector (LSC) -
Start here! <lsc-users@lists.lsc-project.org>
Betreff: Re: [lsc-users] lsc config
2017-10-24 14:57 GMT+02:00 Thorn, Colin <cth...@mvc.de>:
> So I redid the file. Once again I can't find the error :(.
> Now I am getting the error that LdapSourceSerivce is faulty: below you can
> find the lsc.xml
Ok, now it's easy, just use ldapSourceService instead of LdapSourceService :)
Clément.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
