Re: [lsc-users] Error getting list of IDs in the source for task

[Clément OUDOT]

Le 11/06/2018 à 15:22, Lior Dotan a écrit :
> Hi All,
>
> I'm trying to sync from AD but getting the error below. With tcpdump I
> saw that AD is returning data so I'm not sure what's the issue. I also
> ran ldapsearch with the same filter and got the right results. I
> started with ObjectClass=* but that didn't work as well.
>
> Jun 11 15:46:14 - INFO  - Starting sync for SyncUserTask
> Jun 11 15:46:14 - ERROR - Error getting list of IDs in the source for
> task SyncUserTask
> Jun 11 15:46:14 - DEBUG - org.lsc.exception.LscServiceException: Error
> while performing search. Results may be
> incomplete.org.apache.directory.api.ldap.model.cursor.CursorLdapReferralException
> org.lsc.exception.LscServiceException: Error while performing search.
> Results may be 
> incomplete.org.apache.directory.api.ldap.model.cursor.CursorLdapReferralException
>         at 
> org.lsc.service.SyncReplSourceService.convertSearchEntries(SyncReplSourceService.java:431)
> ~[lsc-core-2.1.4.jar:na]
>         at 
> org.lsc.service.SyncReplSourceService.getListPivots(SyncReplSourceService.java:197)
> ~[lsc-core-2.1.4.jar:na]
>         at 
> org.lsc.AbstractSynchronize.synchronize2Ldap(AbstractSynchronize.java:303)
> ~[lsc-core-2.1.4.jar:na]
>         at org.lsc.SimpleSynchronize.launchTask(SimpleSynchronize.java:232)
> [lsc-core-2.1.4.jar:na]
>         at org.lsc.SimpleSynchronize.launch(SimpleSynchronize.java:166)
> [lsc-core-2.1.4.jar:na]
>         at org.lsc.Launcher.run(Launcher.java:223) [lsc-core-2.1.4.jar:na]
>         at org.lsc.Launcher.launch(Launcher.java:158) [lsc-core-2.1.4.jar:na]
>         at org.lsc.Launcher.main(Launcher.java:141) [lsc-core-2.1.4.jar:na]
> Caused by: 
> org.apache.directory.api.ldap.model.cursor.CursorLdapReferralException:
> null
>         at 
> org.apache.directory.ldap.client.api.EntryCursorImpl.get(EntryCursorImpl.java:164)
> ~[api-all-1.0.0-M22.jar:1.0.0-M22]
>         at 
> org.apache.directory.ldap.client.api.EntryCursorImpl.get(EntryCursorImpl.java:50)
> ~[api-all-1.0.0-M22.jar:1.0.0-M22]
>         at 
> org.lsc.service.SyncReplSourceService.convertSearchEntries(SyncReplSourceService.java:426)
> ~[lsc-core-2.1.4.jar:na]
>         ... 7 common frames omitted
>
>
> <?xml version="1.0" ?>
> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd";
> xmlns:exec="http://lsc-project.org/XSD/lsc-executable-plugin-1.0.xsd";
>         revision="0">
>
>         <connections>
>                 <ldapConnection>
>                         <name>ldap-src-conn</name>
>                         <url>ldap://ad.test.local:389/dc=test,dc=local</url>
>                         <username>CN=ad sync.,OU=Service
> Accounts,OU=Test,DC=TEST,DC=LOCAL</username>
>                         <password>XXXXXXX</password>
>                         <authentication>SIMPLE</authentication>
>                         <referral>IGNORE</referral>
>                         <derefAliases>NEVER</derefAliases>
>                         <version>VERSION_3</version>
>                         <pageSize>1000</pageSize>
>                         <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
>                         <tlsActivated>false</tlsActivated>
>                 </ldapConnection>
>                 <pluginConnection>
>                         <name>executable</name>
>                         <url>fake</url>
>                         <username>fake</username>
>                         <password>fake</password>
>                 </pluginConnection>
>         </connections>
>         <tasks>
>                 <task>
>                         <name>SyncUserTask</name>
>                         <bean>org.lsc.beans.SimpleBean</bean>
>                         <asyncLdapSourceService>
>                                 <name>SyncUserTask-src</name>
>                                 <connection reference="ldap-src-conn" />
>                                 <baseDn>dc=test,dc=local</baseDn>
>                                 <pivotAttributes>
>                                         <string>mail</string>
>                                 </pivotAttributes>
>                                 <fetchedAttributes>
>                                         <string>description</string>
>                                         <string>objectClass</string>
>                                         <string>givenName</string>
>                                         <string>sn</string>
>                                         <string>cn</string>
>                                         <string>mobile</string>
>                                         <string>mail</string>
>                                 </fetchedAttributes>
>
> <getAllFilter>(&amp;(objectClass=user)(objectCategory=person))</getAllFilter>
>                                 <getOneFilter>(mail={mail})</getOneFilter>
>                                 <cleanFilter>(mail={mail})</cleanFilter>
>                                 <serverType>ActiveDirectory</serverType>
>                         </asyncLdapSourceService>
> .
> .
>

Hello,

AD does not support async LDAP source service, unless the filter is
(objectClass=*), which is quite useless

Configure your connector with a standard ldapSourceService and use cron
to run the job.

-- 
Clément Oudot | Identity Solutions Manager

clement.ou...@worteks.com

Worteks | https://www.worteks.com

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
lsc-users@lists.lsc-project.org
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users