Cool one step closer. Looks like the tast is running but still with errors:
lsc -s all -f /etc/lsc/ Mar 19 17:41:07 - INFO - Logging configuration successfully loaded from /etc/lsc/logback.xml Mar 19 17:41:07 - INFO - LSC configuration successfully loaded from /etc/lsc/ Mar 19 17:41:07 - INFO - Connecting to LDAP server ldap://10.10.10.90:389/dc=nlb,dc=org,dc=za/ as cn=admin,dc=nlb,dc=org,dc=za Mar 19 17:41:07 - INFO - Connecting to LDAP server ldap://10.18.1.60:389/dc=nlb,dc=org,dc=za/ as CN=Christiaan Louw,OU=Users,OU=Pretoria,DC=nlb,DC=org,DC=za Mar 19 17:41:08 - WARN - No clean filter has been specified for task=MySyncTask. During the clean phase, LSC wouldn't be able to get the right entries and may delete all destination entries ! Mar 19 17:41:08 - INFO - Starting sync for MySyncTask Mar 19 17:41:08 - ERROR - Empty or non existant source (no IDs found) Here is the actual config file and not a modified one: <?xml version="1.0" ?> <!-- In the following file, comments are describing each node. Elements are referenced through XPath expression, whereas attributes are prefixed with '@' //lsc Root node of the XML configuration file @xmlns XML Schema validation is not ready yet (Reserved for futur use) @id optional, added by XML API @revision mandatory, used by the Web Administration Interface to version this file --> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0"> <!-- ./connections Connections list node, must contain at least two connections --> <connections> <!-- ./connection Connection node, include definition of the required parameters. Depending on the connection type, properties vary. Existing class type are : ldapConnection, databaseConnnection Plugins also provides : nisConnection, jndiExecDstConnection --> <ldapConnection> <name>ldap-src-conn</name> <!-- ./url mandatory, the JNDI URL --> <url>ldap://10.18.1.60:389/dc=nlb,dc=org,dc=za/</url> <!-- ./username mandatory, the DN to bind with --> <username>CN=Christiaan Louw,OU=Users,OU=Pretoria,DC=nlb,DC=org,DC=za</username> <!-- ./password mandatory, credentials to bind with --> <password>Read@2020</password> <!-- ./authentication mandatory, must contain either ANONYMOUS, SIMPLE, SASL, GSSAPI or DIGEST_MD5 --> <authentication>SIMPLE</authentication> <!-- ./referral mandatory, must contain either IGNORE, THROUGH, THROW or FOLLOW --> <referral>IGNORE</referral> <!-- ./derefAliases mandatory, must contain either NEVER, SEARCH, FIND, ALWAYS --> <derefAliases>NEVER</derefAliases> <!-- ./version mandatory, must contain either VERSION_2, VERSION_3 --> <version>VERSION_3</version> <!-- ./pageSize optional, specify the paged size when searching --> <pageSize>-1</pageSize> <!-- ./factory mandatory, points to LDAP Context Factory, com.sun.jndi.ldap.LdapCtxFactory for a SUN JDK --> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <!-- ./tlsActivated optional, specify if SSL/TLS is activated to connect to the LDAP server --> <tlsActivated>false</tlsActivated> </ldapConnection> <ldapConnection> <name>ldap-dst-conn</name> <!-- ./url mandatory, the JNDI URL --> <url>ldap://10.10.10.90:389/dc=nlb,dc=org,dc=za/</url> <!-- ./username mandatory, the DN to bind with --> <username>cn=admin,dc=nlb,dc=org,dc=za</username> <!-- ./password mandatory, credentials to bind with --> <password>Write@2020</password> <!-- ./authentication mandatory, must contain either ANONYMOUS, SIMPLE, SASL, GSSAPI or DIGEST_MD5 --> <authentication>SIMPLE</authentication> <!-- ./referral mandatory, must contain either IGNORE, THROUGH, THROW or FOLLOW --> <referral>IGNORE</referral> <!-- ./derefAliases mandatory, must contain either NEVER, SEARCH, FIND, ALWAYS --> <derefAliases>NEVER</derefAliases> <!-- ./version mandatory, must contain either VERSION_2, VERSION_3 --> <version>VERSION_3</version> <!-- ./pageSize optional, specify the paged size when searching --> <pageSize>-1</pageSize> <!-- ./factory mandatory, points to LDAP Context Factory, com.sun.jndi.ldap.LdapCtxFactory for a SUN JDK --> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <!-- ./tlsActivated optional, specify if SSL/TLS is activated to connect to the LDAP server --> <tlsActivated>false</tlsActivated> </ldapConnection> </connections> <!-- ./audits Audits list node --> <!-- ./tasks Task list node, must contain at least one task --> <tasks> <!-- ./task Task node, this is the main node, in which synchronization is defined --> <task> <!-- ./name mandatory task node this is the main node, in which synchronization is defined --> <name>MySyncTask</name> <!-- ./bean optional bean node, default to org.lsc.beans.SimpleBean, define the pivot object used to store datasets and values --> <bean>org.lsc.beans.SimpleBean</bean> <!-- ./sourceService mandatory node containing definition of the source service settings possible builtin types are : databaseSourceService, ldapSourceService Plugins also provides: syncreplSourceService, nisSourceServic --> <ldapSourceService> <!-- A ldap source service will have to contain at least a name, a connection reference, a base DN, a filter to list entries, a filter to get a particular entry, a list of pivot attributes and a list of fetched attributes --> <name>ldap-src-service</name> <connection reference="ldap-src-conn" /> <!-- ./baseDn This mandatory node provide the directory base branch that will be used to look for entries (list and get) --> <baseDn>dc=nlb,dc=org,dc=za/</baseDn> <!-- ./pivotAttributes This mandatory node must include string nodes with attributes name that will be used with their values as pivot datasets (used to get the corresponding entry and to identify the counter-part object, here in the source database used during the clean phase to delete the corresponding entry if no corresponding object is found)--> <pivotAttributes> <string>cn</string> </pivotAttributes> <!-- ./fetchedAttributes This mandatory node must include string nodes with attributes name that will fill the full object. In a LDAP destination service, fetched attributes will be written to the target directory, whereas source provided datasets that are not listed their will silently be canceled, i.e. not synchronized with the directory. --> <fetchedAttributes> <string>cn</string> <string>ipPhone</string> <string>mobile</string> <string>telephoneNumber</string> </fetchedAttributes> <!-- ./getAllFilter This mandatory node must include the filter that will be used to list all target objects. In a LDAP destination service this value is used during the clean phase to look for every object that it has a corresponding object in the source database --> <getAllFilter>(&(objectClass=person)(telephoneNumber=*))</getAllFilter> <!-- ./getOneFilter This mandatory node must include the filter that will be used to get a particular entry. In a LDAP destination service this value is used during the synchronization phase to get the object - in conjonction with fetchedAttributes to synchronize them --> <getOneFilter>(&(objectClass=person)(cn={cn})(ipPhone={ipPhone})(mobile={mobile})(telephoneNumber={telephoneNumber}))</getOneFilter> </ldapSourceService> <ldapDestinationService> <!-- A ldap destination service will have to contain at least a name, a connection reference, a base DN, a filter to list entries, a filter to get a particular entry, a list of pivot attributes and a list of fetched attributes --> <name>ldap-dst-service</name> <connection reference="ldap-dst-conn" /> <!-- ./baseDn This mandatory node provide the directory base branch that will be used to look for entries (list and get) --> <baseDn>dc=nlb,dc=org,dc=za/</baseDn> <!-- ./pivotAttributes This mandatory node must include string nodes with attributes name that will be used with their values as pivot datasets (used to get the corresponding entry and to identify the counter-part object, here in the source database used during the clean phase to delete the corresponding entry if no corresponding object is found)--> <pivotAttributes> <string>cn</string> </pivotAttributes> <!-- ./fetchedAttributes This mandatory node must include string nodes with attributes name that will fill the full object. In a LDAP destination service, fetched attributes will be written to the target directory, whereas source provided datasets that are not listed their will silently be canceled, i.e. not synchronized with the directory. --> <fetchedAttributes> <string>objectclass</string> <string>cn</string> <string>ipPhone</string> <string>mobile</string> <string>telephoneNumber</string> </fetchedAttributes> <!-- ./getAllFilter This mandatory node must include the filter that will be used to list all target objects. In a LDAP destination service this value is used during the clean phase to look for every object that it has a corresponding object in the source database --> <getAllFilter>(&(objectClass=person)(telephoneNumber=*))</getAllFilter> <!-- ./getOneFilter This mandatory node must include the filter that will be used to get a particular entry. In a LDAP destination service this value is used during the synchronization phase to get the object - in conjonction with fetchedAttributes to synchronize them --> <getOneFilter>(&(objectClass=person)(cn={cn})(ipPhone={ipPhone})(mobile={mobile})(telephoneNumber={telephoneNumber}))</getOneFilter> </ldapDestinationService> <!-- ./syncOptions This mandatory node describes how to handle the various situations encountered while synchronizing datasets. It must contains a main identifier construction rule and a default policy. It may contains synchronization conditions, a default delimiter and datasets synchronization rules (attribute nodes) --> <propertiesBasedSyncOptions> <!-- ./mainIdentifier This mandatory node must contain a string Javascript expression that will enforce the object main identifier.--> <mainIdentifier>"cn=" + srcBean.getDatasetValueById("cn") + "dc=nlb,dc=org,dc=za"</mainIdentifier> <!-- ./defaultDelimiter This mandatory node must contain a string Javascript expression that will enforce the object main identifier.--> <defaultDelimiter>;</defaultDelimiter> <!-- ./defaultPolicy This mandatory node must contain a string Javascript expression that will enforce the object main identifier.--> <defaultPolicy>FORCE</defaultPolicy> <!-- ./conditions This optional node may contain one or more of the four node : create, update, delete and changeId --> <conditions> <!-- ./create This optional node may contain a boolean Javascript expression that will indicate whenever a new entry must be created or not --> <create>true</create> <!-- ./update This optional node may contain a boolean Javascript expression that will indicate whenever a existing entry must be updated or not --> <update>true</update> <!-- ./delete This optional node may contain a boolean Javascript expression that will indicate whenever a existing entry must be deleted or not --> <delete>true</delete> <!-- ./changeId This optional node may contain a boolean Javascript expression that will indicate whenever an existing object main identifier must be changed or not --> <changeId>false</changeId> </conditions> <!-- ./dataset This multi-valued node may contain a structure that will describe how to synchronize the corresponding dataset --> <dataset> <!-- ./name Mandatory node containing the dataset name --> <name>objectClass</name> <!-- ./policy Mandatory node containing the policy to apply to this dataset. Contains KEEP, FORCE or MERGE value --> <policy>KEEP</policy> <!-- ./defaultValues Optional node containing a list of string values that will be used if noone is provided by datasource --> <defaultValues></defaultValues> <!-- ./forceValues Optional node containing a list of string values that will be used to force destination service dataset values --> <forceValues></forceValues> <!-- ./createValues Optional node containing a list of string values that will be used to force destination service dataset values when creating object --> <createValues> <string>"person"</string> <string>"top"</string> </createValues> <!-- ./delimiter Used when multiples values are provided in a single joined value --> <delimiter>,</delimiter> </dataset> <dataset> <name>cn</name> <policy>KEEP</policy> <createValues> <string>srcBean.getDatasetFirstValueById("cn")</string> </createValues> </dataset> <dataset> <name>mobile</name> <policy>FORCE</policy> <forceValues> <string>srcBean.getDatasetFirstValueById("mobile")</string> </forceValues> </dataset> <dataset> <name>ipPhone</name> <policy>FORCE</policy> <forceValues> <string>srcBean.getDatasetFirstValueById("ipPhone")</string> </forceValues> </dataset> <dataset> <name>telephoneNumber</name> <policy>FORCE</policy> <forceValues> <string>srcBean.getDatasetFirstValueById("telephoneNumber")</string> </forceValues> </dataset> </propertiesBasedSyncOptions> </task> </tasks> <!-- ./security This mandatory node contains the security settings used by LSC --> <security> <!-- ./encryption This optional node contains the encryption settings --> <encryption> <!-- ./keyfile This optional node contains the keyfile location --> <keyfile>etc/lsc.key</keyfile> <!-- ./algorithm This optional node contains the encryption algorithm --> <algorithm>AES</algorithm> <!-- ./strength This optional node contains the algorithm key length --> <strength>128</strength> </encryption> </security> </lsc> Kind Regards, -----Original Message----- From: lsc-users <[email protected]> On Behalf Of Soisik Froger Sent: Tuesday, 19 March 2019 14:06 To: [email protected] Subject: Re: [lsc-users] Sync AD to LDAP On 19/03/2019 12:57, Christiaan Louw wrote: > root@labldap:~# lsc -s /etc/lsc/openldap2ad/lsc.xml > > Mar 19 13:27:16 - INFO - Logging configuration successfully loaded from > /etc/lsc/logback.xml > > Mar 19 13:27:16 - INFO - LSC configuration successfully loaded from /etc/lsc/ > > Mar 19 13:27:16 - INFO - Connecting to LDAP server > ldap://10.10.10.90:389/dc=domain,dc=org,dc=za/ as > cn=admin,dc=domain,dc=org,dc=za > > Mar 19 13:27:16 - INFO - Connecting to LDAP server > ldap://10.18.1.60:389/dc=domain,dc=org,dc=za/ as > CN=Christiaan,OU=Users,OU=Pretoria,DC=domain,DC=org,DC=za > > Mar 19 13:27:16 - WARN - No clean filter has been specified for > task=MySyncTask. During the clean phase, LSC wouldn't be able to get the > right entries and may delete all destination entries ! > > Mar 19 13:27:16 - ERROR - No specified tasks could be launched! Check > spelling and that they exist in the configuration file. > Your options are not correct (see lsc -h) : -s indicates a task within your lsc file. Use "all" to execute all tasks described in your lsc file. -f or --config to point to directory containing your configuration . so it should be : lsc -s all -f /etc/lsc/openldap2ad Regards -- Soisik Froger | Software Architect [email protected]= Worteks | https://www.worteks.com _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
