[lsc-users] clean phase fails with "invalid attribute description"

[Nikos Asimos]

Hello developers and list members! I am configuring LSC for openLDAP to AD synchronization and having problems with the clean phase. My idea for the clean phase is simple: the existence (or not) of a specific attribute in the source record determines the existence (or not) of the destination record. Specifically, I have chosen the destinationIndicator attribute (defined in both inetorgperson and user objectClass) to hold the destination DN value (AD side). The synchronization phase goes well. So I have a solution with variable destination DN values that gets synchronized correctly. I have defined a separate task for the clean phase, wanting to provoke destination record deletion only if I delete the destinationIndicator attribute of the corresponding source record. Unfortunately, I have tried different combinations of pivotAttributes and cleanFilter/getAllFilter with uid, sAMAccountName and destinationIndicator attributes, all of them failing with errors like the following: Mar 02 11:00:12 - ERROR - Error while looking for                 (destinationIndicator=cn=ak,ou=Users,ou=TestOU,dc=ad,dc=uth,dc=gr)             in ou=People,dc=uth,dc=gr: javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'ou=People' Mar 02 11:00:12 - ERROR - Error while synchronizing ID {destinationindicator=cn=ak,ou=Users,ou=TestOU,dc=ad,dc=uth,dc=gr}: org.lsc.exception.LscServiceException: javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'ou=People' Mar 02 11:00:12 - ERROR - Unable to delete object CN=ak,OU=Users,OU=TestOU,DC=ad,DC=uth,DC=gr (org.lsc.exception.LscServiceException: javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name 'ou=People') I include the relative configuration part:     <task>       <name>CleanTask</name>       <bean>org.lsc.beans.SimpleBean</bean>       <ldapSourceService>            <name>clean-src-service</name>            <connection reference="OpenLDAP" />            <baseDn>ou=People,dc=uth,dc=gr</baseDn>            <pivotAttributes>                 <string>destinationIndicator</string>            </pivotAttributes>            <fetchedAttributes>                 <string>destinationIndicator</string>                 <string>uid</string>                 <string>objectClass</string>            </fetchedAttributes>            <getAllFilter>                 <![CDATA[(objectClass=inetOrgPerson)]]>            </getAllFilter>            <getOneFilter>                 <![CDATA[(destinationIndicator={destinationIndicator})]]>            </getOneFilter>            <cleanFilter>                 <![CDATA[(destinationIndicator={destinationIndicator})]]>            </cleanFilter>       </ldapSourceService>       <ldapDestinationService>            <name>clean-dst-service</name>            <connection reference="UthActiveDirectory" />            <baseDn>dc=ad,dc=uth,dc=gr</baseDn>            <pivotAttributes>                 <string>destinationIndicator</string>            </pivotAttributes>            <fetchedAttributes>                 <string>destinationIndicator</string>                 <string>sAMAccountName</string>            </fetchedAttributes>            <getAllFilter>                 <![CDATA[(&(objectClass=user)(destinationIndicator=*))]]>            </getAllFilter>            <getOneFilter>                 <![CDATA[(&(objectClass=user)(destinationIndicator={destinationIndicator}))]]>            </getOneFilter>       </ldapDestinationService>       <propertiesBasedSyncOptions>            <mainIdentifier>srcBean.getDatasetFirstValueById("destinationIndicator")</mainIdentifier>            <defaultDelimiter>;</defaultDelimiter>            <defaultPolicy>KEEP</defaultPolicy>            <conditions>                 <create>false</create>                 <update>false</update>                 <delete>true</delete>                 <changeId>false</changeId>            </conditions>            <dataset>                 <name>objectClass</name>                 <policy>KEEP</policy>                 <defaultValues>                      <string>"user"</string>                      <string>"organizationalPerson"</string>                      <string>"person"</string>                      <string>"top"</string>                 </defaultValues>                 <forceValues></forceValues>                 <createValues>                 </createValues>                 <delimiter>,</delimiter>            </dataset>            <dataset>                 <name>destinationIndicator</name>                 <policy>KEEP</policy>                 <defaultValues>                      <string>srcBean.getDatasetFirstValueById("destinationIndicator")</string>                 </defaultValues>            </dataset>            <dataset>                 <name>sAMAccountName</name>                 <policy>KEEP</policy>                 <defaultValues>                      <string>srcBean.getDatasetFirstValueById("uid")</string>                 </defaultValues>            </dataset>       </propertiesBasedSyncOptions>     </task> Thanks in advance for any feedback beacause I ran out of clues! Nikos Asimos -- --------------------------------------------------------------------- University of Thessaly Πανεπιστήμιο Θεσσαλίας Telematics Network Center Κέντρο Δικτύου Τηλεματικής Argonafton - Filellinon str. Αργοναυτών - Φιλελλήνων GR 38221 Volos, Greece 38221 Βόλος Tel: (+30)2421074686 Fax: (+30)2421074400 E-mail: assimos -at- uth.gr ---------------------------------------------------------------------

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
lsc-users@lists.lsc-project.org
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users