Le 01/06/2018 à 11:47, Julien TEHERY a écrit : > Le 31/05/2018 à 16:53, Clément OUDOT a écrit : >> >> Le 31/05/2018 à 16:07, Julien TEHERY a écrit : >>> >>> mai 31 15:48:04 - ERROR - Error while modifying entry >>> CN=Mygroup,OU=Groups,DC=dstdomain,DC=lan in directory >>> :javax.naming.NameNotFoundException: [LDAP: error code 32 - 00002030: >>> Unable to find GUID for DN uid=user1,cn=users,dc=dstdomain,dc=lan]; >>> remaining name 'CN=Mygroup,OU=Groups' >>> >>> >> This error is related to AD/Samba constraints. It seems you must have a >> guid attribute in user entry before adding it into a group. >> >> >> > Do you mean we must have this attribute on destination directory? > > > From what i can see, a user migrated in ad/samba4 has this attribute > objectGUID:: > > That's the only one related to GUID. > The fact is actually js script returns memberuid and we should have a > complete dn instead. > > > I'm not sure to understand what's going wrong whith that as we don't > have duplicated users, or same DNs with different GUIDs. > > For instance I don't have any solution with this issue. > > For test purpose, i created a new OU called migrationgroups and added > overlay memberof on source LDAP server. > > Then I succeeded in converting posixgroups to groupofnames from > "groups" to "migrationgroups" OU. > But now i don't see if this really helps me or not as the LDAP to AD > procedure is based on groupOfUniqueNames attribute instead of > groupofnames > > I'm considering the possibility to do the same with a shell script to > retrieve users from former LDAP group and add them to samba4 groups, > but it would be a pitty to not use your precious tool > > As you see I 'm a bit confused :)
There is no issue with LSC but a constraint in the destination directory that refuses the modification. Are you sure that the user that is put in group is already created in the directory? If not, the directory could refuse to an unknown entry in the group. -- Clément Oudot | Identity Solutions Manager Worteks | https://www.worteks.com _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
