Error 49 is invalid login. Additionally "data 52e" indicates that the account was found but an incorrect password was supplied. Validate the credentials you're using in your Samba connection.
JON C KIDDER | MIDDLEWARE ADMINISTRATOR LEAD [email protected] | D:614.716.4970 1 RIVERSIDE PLAZA, COLUMBUS, OH 43215 -----Original Message----- From: lsc-users [mailto:[email protected]] On Behalf Of Julien TEHERY Sent: Wednesday, January 31, 2018 10:02 AM To: [email protected] Subject: [EXTERNAL] [lsc-users] Populating AD from openldap This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments. If suspicious please forward to [email protected] for review. ********************************************************************** Hi there, Going further in trying to populate a samba4-DC server from an openldap server, I'm now facing issues with running sync (still in dry run) I precise that i have been facing issues with TLS and suceeded in importing samba's ca.pem in java keystore so that the sync can work with LSC. Source : Now here is what I get: janv. 31 15:46:45 - INFO - Reflections took 134 ms to scan 1 urls, producing 56 keys and 117 values janv. 31 15:46:45 - INFO - Logging configuration successfully loaded from /etc/lsc/openldap2ad/logback.xml janv. 31 15:46:45 - INFO - LSC configuration successfully loaded from /etc/lsc/openldap2ad/ janv. 31 15:46:45 - INFO - Connecting to LDAP server ldap://SAMBA4SERVER.domain.lan/CN=Users,DC=domain,DC=lan as Administrator with STARTTLS extended operation janv. 31 15:46:46 - INFO - Connecting to LDAP server ldap://MYLDAPSERVER:389/ou=Users,dc=sourcedomain,dc=fr as cn=admin,ou=Users,dc=sourcedomain,dc=fr janv. 31 15:46:46 - INFO - Starting sync for LDAP2AD janv. 31 15:46:46 - ERROR - Error while looking for (&(objectClass=user)(sAMAccountName=somebody)) in CN=Users,DC=domain,DC=lan: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]; remaining name '' janv. 31 15:46:46 - ERROR - Error while synchronizing ID {uid=somebody}: org.lsc.exception.LscServiceException: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]; remaining name '' janv. 31 15:46:46 - ERROR - Error while looking for (&(objectClass=user)(sAMAccountName=someonelse)) in CN=Users,DC=domain,DC=lan: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]; remaining name '' I find it paradoxal because I know 49 error is generally related to ldap connection problems, but the info section semmes to tell that TLS connection to destination is successfully established, as i had troubles to succeed in this step las time. When I had a frank TLS error the task "LDAP2AD" wasn't launched at all. Here is an extract of the connectors I used: <ldapConnection> <name>ldap-source-conn</name> <url>ldap://MYLDAPSERVER:389/ou=Users,dc=domain,dc=fr</url> <username>cn=admin,ou=Users,dc=domain,dc=fr</username> <password>password1</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>1000</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> </ldapConnection> <ldapConnection> <name>ldap-dst-conn</name> <url>ldap://SAMBA4.domain.lan/CN=Users,DC=domain,DC=lan</url> <username>Administrator</username> <password>password2=</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>1000</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>true</tlsActivated> </ldapConnection> </connections> As the error seems to come from destination server (samba4), I also tried several syntaxes as : - Administrator - [email protected] - CN=Administrator,CN=Users,DC=domain,DC=lan Could you explain me what's going wrong and if my impression that TLS problems were behind me is wrong or not? Thanks for your Help ! Julien Le 30/01/2018 à 15:15, Clément OUDOT a écrit : > > > Le 30/01/2018 à 14:44, Julien TEHERY a écrit : >> Problem solved installing openjdk-8-jdk instead of oracle java 1.9. > > Seems we have some issues with java 9, see also: > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_lsc-2D > project_lsc_issues_33&d=DwIGaQ&c=gMbiD-Q9WoaRgoXZKCrSug&r=WacA_KdnzU1p > vF8wEQ4v1A&m=QmVdWKVhdpgfAxUpxyB9zx4E4or1SgztIsRtcNff0C8&s=O93_V13yL7R > sYroB5LNhH6mazougXvxVQJUYj0VUZik&e= > > For the moment it is indeed better to run LSC with java 8. > > > > Clément. > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - > https://urldefense.proofpoint.com/v2/url?u=http-3A__lsc-2Dproject.org&; > d=DwIGaQ&c=gMbiD-Q9WoaRgoXZKCrSug&r=WacA_KdnzU1pvF8wEQ4v1A&m=QmVdWKVhd > pgfAxUpxyB9zx4E4or1SgztIsRtcNff0C8&s=UllD4glznZD9pmccKScxSp-OQExmdt_rO > nzqdOXuAOU&e= > > lsc-users mailing list > [email protected] > https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.lsc-2Dproje > ct.org_cgi-2Dbin_mailman_listinfo_lsc-2Dusers&d=DwIGaQ&c=gMbiD-Q9WoaRg > oXZKCrSug&r=WacA_KdnzU1pvF8wEQ4v1A&m=QmVdWKVhdpgfAxUpxyB9zx4E4or1SgztI > sRtcNff0C8&s=MVgX3zg4eJPvvKqVryIvjpkUx7L3LKmfISQfF4x63Mo&e= _______________________________________________________________ Ldap Synchronization Connector (LSC) - https://urldefense.proofpoint.com/v2/url?u=http-3A__lsc-2Dproject.org&d=DwIGaQ&c=gMbiD-Q9WoaRgoXZKCrSug&r=WacA_KdnzU1pvF8wEQ4v1A&m=QmVdWKVhdpgfAxUpxyB9zx4E4or1SgztIsRtcNff0C8&s=UllD4glznZD9pmccKScxSp-OQExmdt_rOnzqdOXuAOU&e= lsc-users mailing list [email protected] https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.lsc-2Dproject.org_cgi-2Dbin_mailman_listinfo_lsc-2Dusers&d=DwIGaQ&c=gMbiD-Q9WoaRgoXZKCrSug&r=WacA_KdnzU1pvF8wEQ4v1A&m=QmVdWKVhdpgfAxUpxyB9zx4E4or1SgztIsRtcNff0C8&s=MVgX3zg4eJPvvKqVryIvjpkUx7L3LKmfISQfF4x63Mo&e= _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
