Re: [lsc-users] OpenLDAP 2 LDAP synchronization
Hi Gunter,
Sorry for late reply (had a day off ;) ).
My current script looks like that:
dataset
namemember/name
policyFORCE/policy
forceValues
string
![CDATA[js:
var membersOpenLDAP =
srcBean.getAttributeValuesById(memberUid).toArray();
var membersAD = [];
for (var i=0; imembersOpenLDAP.length; i++)
{
var ADDN =
ldap.search(OU=users,OU=imported,OU=XXX, (sAMAccountName= +
membersOpenLDAP[i] + ));
if (ADDN.size() != 1) {
continue;
}
membersAD.push(ADDN.get(0) + ,DC=XXX,DC=XXX);
}
membersAD
]]
/string
/forceValues
/dataset
Of course you need to tune it up a bit...
Cheers!
Marcin Baluta
Systems Administrator
tyntec GmbH
Semerteichstr. 54 - 56 | 44141 Dortmund, Germany
T +49 231 477 90 405 | F +49 231 108 799 2
www.tyntec.com
-Original Message-
From: lsc-users-boun...@lists.lsc-project.org
[mailto:lsc-users-boun...@lists.lsc-project.org] On Behalf Of Gunter
Holzer
Sent: Freitag, 5. Dezember 2014 20:27
To: lsc-users@lists.lsc-project.org
Subject: Re: [lsc-users] OpenLDAP 2 LDAP synchronization
Hello Marcin,
could you please share the modified script you used, to sync the OpenLDAP
group members with AD?
As we are using posixgroups I am facing the same problem with the missing
uniqueMember attribute - there is only memberUid.
Thank you!
Regards,
Gunter Holzer
Rechenzentrum, IuK
Raum H208
Hochschule Ravensburg-Weingarten
Doggenriedstr.
88250 Weingarten
Tel. +49 751 / 501 4607
E-Mail: hol...@hs-weingarten.de
___
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users
___
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users
Re: [lsc-users] OpenLDAP 2 LDAP synchronization
Hello, Clément,
I’ve tried this:
http://lsc-project.org/wiki/documentation/tutorial/synchronizegroups
But when I do the JavaScript Expression will not run. The error message is:
Reason: javax.script.ScriptException: sun.org.mozilla.javascript.EcmaError:
TypeError: Cannot find function size in object ………..
And if I replace the size()-Function by the length()-Function (= the function
that was used in earlier samples) I get:
Reason: javax.script.ScriptException: sun.org.mozilla.javascript.EcmaError:
TypeError: Cannot find function get in object ……
Do you have an idea what could be the reason for this? Must I install an
additional module?
My LSC version is 2.1.1
Thank you!
Regards,
Jutta Biernath
Jutta Biernath
Freie Universität Berlin
Zentraleinrichtung für Datenverarbeitung (ZEDAT)
Identity Customer Management, FUDIS
Fabeckstr. 32
14195 Berlin
Tel. +49 30 838-75090
Fax +49 30 838-475090
Von: lsc-users-boun...@lists.lsc-project.org
[mailto:lsc-users-boun...@lists.lsc-project.org] Im Auftrag von Clément OUDOT
Gesendet: Montag, 24. November 2014 15:16
An: Marcin Baluta
Cc: lsc-userslsc-users
Betreff: Re: [lsc-users] OpenLDAP 2 LDAP synchronization
2014-11-24 13:48 GMT+01:00 Marcin Baluta
bal...@tyntec.commailto:bal...@tyntec.com:
Hello Clement,
I still cannot manage to synchronize group membership. Actually – I’m not sure
what script should I use to achieve this.
Currently I have this taken from your LSC 1.1 tutorial
(http://lsc-project.org/wiki/documentation/1.1/tutorials/synchronizegroups):
dataset
namemember/name
policyFORCE/policy
forceValues
string![CDATA[var umembers =
srcBean.getAttributeValuesById(uniqueMember).toArray() ;
for (var i=0; iumembers.length; i++ ) {
try {
umembers[i] = ldap.attribute(ldap.list(
OU=Users,OU=imported,OU=test,DC=xxx,DC=xxx,(sAMAccountName=+(srcLdap.attribute(umembers[i],
'uid').get(0)
+ )
)).get(0), 'distinguishedName').get(0)
} catch (e) {
umembers[i]=null
}
}
var members = new Array();
var j=0;
for (var i=0; iumembers.length; i++) {
if (umembers[i]!=null) members[j++]=umembers[i]
}
members;]]
/string
/forceValues
/dataset
Any help kindly appreciated ;)
.. and of course I remember about beer for you ☺
Hi,
I just write a new tutorial that works with LSC 2:
http://lsc-project.org/wiki/documentation/tutorial/synchronizegroups
It should help you to achieve your task.
Clément.
___
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users
Re: [lsc-users] OpenLDAP 2 LDAP synchronization
Hello Clement,
I still cannot manage to synchronize group membership. Actually – I’m not
sure what script should I use to achieve this.
Currently I have this taken from your LSC 1.1 tutorial
(http://lsc-project.org/wiki/documentation/1.1/tutorials/synchronizegroups):
dataset
namemember/name
policyFORCE/policy
forceValues
string![CDATA[var umembers =
srcBean.getAttributeValuesById(uniqueMember).toArray() ;
for (var i=0; iumembers.length; i++ ) {
try {
umembers[i] = ldap.attribute(ldap.list(
OU=Users,OU=imported,OU=test,DC=xxx,DC=xxx,(sAMAccountName=+(srcLdap.attribute(umembers[i],
'uid').get(0)
+ )
)).get(0), 'distinguishedName').get(0)
} catch (e) {
umembers[i]=null
}
}
var members = new Array();
var j=0;
for (var i=0; iumembers.length; i++) {
if (umembers[i]!=null) members[j++]=umembers[i]
}
members;]]
/string
/forceValues
/dataset
Any help kindly appreciated ;)
.. and of course I remember about beer for you J
Marcin Baluta
Systems Administrator
tyntec GmbH
Semerteichstr. 54 - 56 | 44141 Dortmund, Germany
T +49 231 477 90 405 | F +49 231 108 799 2
http://www.tyntec.com/ www.tyntec.com
From: Clément OUDOT [mailto:clem.ou...@gmail.com]
Sent: Montag, 17. November 2014 16:09
To: Marcin Baluta
Cc: lsc-userslsc-users
Subject: Re: OpenLDAP 2 LDAP synchronization
2014-11-17 15:45 GMT+01:00 Marcin Baluta bal...@tyntec.com:
You mean in js?
So it will be like this:
![CDATA[js: var dstMembers = new Array();
var membersSrcDn = srcBean.getDatasetValuesById(member);
for (var i=0; imembersSrcDn.size(); i++) {
var memberSrcDn = membersSrcDn.get(i);
sam = srcLdap.attribute( memberSrcDn,
distinguishedName).get(0);
dstMembers.push(sam)
}
dstMembers;
]]
No, you need to find the DN of the user as it will be in the destination
directory. You can search the destination directory with the sAMAccountName
to get the corresponding dn.
Clément.
___
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users
Re: [lsc-users] OpenLDAP 2 LDAP synchronization
2014-11-24 13:48 GMT+01:00 Marcin Baluta bal...@tyntec.com:
Hello Clement,
I still cannot manage to synchronize group membership. Actually – I’m not
sure what script should I use to achieve this.
Currently I have this taken from your LSC 1.1 tutorial (
http://lsc-project.org/wiki/documentation/1.1/tutorials/synchronizegroups
):
dataset
namemember/name
policyFORCE/policy
forceValues
string![CDATA[var umembers =
srcBean.getAttributeValuesById(uniqueMember).toArray() ;
for (var i=0; iumembers.length; i++ ) {
try {
umembers[i] = ldap.attribute(ldap.list(
OU=Users,OU=imported,OU=test,DC=xxx,DC=xxx,(sAMAccountName=+(srcLdap.attribute(umembers[i],
'uid').get(0)
+ )
)).get(0), 'distinguishedName').get(0)
} catch (e) {
umembers[i]=null
}
}
var members = new Array();
var j=0;
for (var i=0; iumembers.length; i++) {
if (umembers[i]!=null) members[j++]=umembers[i]
}
members;]]
/string
/forceValues
/dataset
Any help kindly appreciated ;)
.. and of course I remember about beer for you J
Hi,
I just write a new tutorial that works with LSC 2:
http://lsc-project.org/wiki/documentation/tutorial/synchronizegroups
It should help you to achieve your task.
Clément.
___
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users
Re: [lsc-users] OpenLDAP 2 LDAP synchronization
Yep, definitely that’s a better approach than having everyone asking for the
same ;)
I’m starting reading and will give you a feedback.
Thank you very much Clement J
Marcin Baluta
Systems Administrator
tyntec GmbH
Semerteichstr. 54 - 56 | 44141 Dortmund, Germany
T +49 231 477 90 405 | F +49 231 108 799 2
http://www.tyntec.com/ www.tyntec.com
From: Clément OUDOT [mailto:clem.ou...@gmail.com]
Sent: Montag, 24. November 2014 15:16
To: Marcin Baluta
Cc: lsc-userslsc-users
Subject: Re: OpenLDAP 2 LDAP synchronization
2014-11-24 13:48 GMT+01:00 Marcin Baluta bal...@tyntec.com:
Hello Clement,
I still cannot manage to synchronize group membership. Actually – I’m not
sure what script should I use to achieve this.
Currently I have this taken from your LSC 1.1 tutorial
(http://lsc-project.org/wiki/documentation/1.1/tutorials/synchronizegroups):
dataset
namemember/name
policyFORCE/policy
forceValues
string![CDATA[var umembers =
srcBean.getAttributeValuesById(uniqueMember).toArray() ;
for (var i=0; iumembers.length; i++ ) {
try {
umembers[i] = ldap.attribute(ldap.list(
OU=Users,OU=imported,OU=test,DC=xxx,DC=xxx,(sAMAccountName=+(srcLdap.attribute(umembers[i],
'uid').get(0)
+ )
)).get(0), 'distinguishedName').get(0)
} catch (e) {
umembers[i]=null
}
}
var members = new Array();
var j=0;
for (var i=0; iumembers.length; i++) {
if (umembers[i]!=null) members[j++]=umembers[i]
}
members;]]
/string
/forceValues
/dataset
Any help kindly appreciated ;)
.. and of course I remember about beer for you J
Hi,
I just write a new tutorial that works with LSC 2:
http://lsc-project.org/wiki/documentation/tutorial/synchronizegroups
It should help you to achieve your task.
Clément.
___
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users
Re: [lsc-users] OpenLDAP 2 LDAP synchronization
Clément OUDOT clem.ou...@gmail.com a écrit :
2014-11-24 13:48 GMT+01:00 Marcin Baluta bal...@tyntec.com:
Hello Clement,
___ ___
___I still cannot manage to synchronize group membership.
Actually – I’m not sure what script should I use to achieve this.___
___Currently I have this taken from your LSC 1.1 tutorial
(http://lsc-project.org/wiki/documentation/1.1/tutorials/synchronizegroups):___
_dataset_
__ namemember/name__
__ policyFORCE/policy__
__ forceValues__
__ string![CDATA[var umembers =
srcBean.getAttributeValuesById(uniqueMember).toArray() ;__
__ for (var i=0; iumembers.length; i++ ) {__
__ try {__
__ umembers[i] =
ldap.attribute(ldap.list(
OU=Users,OU=imported,OU=test,DC=xxx,DC=xxx,(sAMAccountName=+(srcLdap.attribute(umembers[i],
'uid').get(0)__
__ + )__
__ )).get(0),
'distinguishedName').get(0)__
__ } catch (e) {__
__ umembers[i]=null__
__ }__
__ }__
__ var members = new Array();__
__ var j=0;__
__ for (var i=0; iumembers.length; i++) {__
__ if (umembers[i]!=null)
members[j++]=umembers[i]__
__ }__
__ members;]]__
__ /string__
__ /forceValues__
__ /dataset__
___ ___
__Any help kindly appreciated ;)__
__.. and of course I remember about beer for you J__
___ ___
___Hi,___
___I just write a new tutorial that works with LSC 2:
http://lsc-project.org/wiki/documentation/tutorial/synchronizegroups___
___It should help you to achieve your task.
Clément.___
Hi Clément,
I thought that with AD, the liste of member in a group had to be kept in
sync with the memberOf attribute of the user entry.
When I tested it a while ago, I had an exception when I tried to add a
group to a user by adding it ot its memberOf attribute. Is it different
when you add a user the member attribute of a group instead? Does AD
update the memberOf attribute of the user automatically?
Thanks
Max
___
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users
Re: [lsc-users] OpenLDAP 2 LDAP synchronization
2014-11-24 16:44 GMT+01:00 Maxime Pelletier maxime.pellet...@educsa.org:
Clément OUDOT clem.ou...@gmail.com a écrit :
2014-11-24 13:48 GMT+01:00 Marcin Baluta bal...@tyntec.com:
Hello Clement,
*I still cannot manage to synchronize group membership. Actually – I’m
not sure what script should I use to achieve this.*
*Currently I have this taken from your LSC 1.1 tutorial
(http://lsc-project.org/wiki/documentation/1.1/tutorials/synchronizegroups
http://lsc-project.org/wiki/documentation/1.1/tutorials/synchronizegroups):*
*dataset*
* namemember/name*
* policyFORCE/policy*
* forceValues*
* string![CDATA[var umembers =
srcBean.getAttributeValuesById(uniqueMember).toArray() ;*
*for (var i=0; iumembers.length; i++ ) {*
*try {*
*umembers[i] = ldap.attribute(ldap.list(
OU=Users,OU=imported,OU=test,DC=xxx,DC=xxx,(sAMAccountName=+(srcLdap.attribute(umembers[i],
'uid').get(0)*
*+ )*
*)).get(0), 'distinguishedName').get(0)*
*} catch (e) {*
*umembers[i]=null*
*}*
*}*
*var members = new Array();*
*var j=0;*
*for (var i=0; iumembers.length; i++) {*
*if (umembers[i]!=null) members[j++]=umembers[i]*
*}*
*members;]]*
* /string*
* /forceValues*
* /dataset*
*Any help kindly appreciated ;)*
*.. and of course I remember about beer for you J*
*Hi,*
*I just write a new tutorial that works with LSC 2:
http://lsc-project.org/wiki/documentation/tutorial/synchronizegroups
http://lsc-project.org/wiki/documentation/tutorial/synchronizegroups*
*It should help you to achieve your task. Clément.*
Hi Clément,
I thought that with AD, the liste of member in a group had to be kept in
sync with the memberOf attribute of the user entry.
When I tested it a while ago, I had an exception when I tried to add a
group to a user by adding it ot its memberOf attribute. Is it different
when you add a user the member attribute of a group instead? Does AD
update the memberOf attribute of the user automatically?
Yes, memberOf is an operational attribute, it is managed by the server. You
can't update it directly.
Clément.
___
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users
Re: [lsc-users] OpenLDAP 2 LDAP synchronization
Hi guys,
I think it’s „member“ not „memberOf“ attribute.
But I have other problem. So – in my OpenLDAP structure there’s no
uniqueMember attribute, so the script in documentation page is not working
for me K Users are listed in group with their memberUid.
… what I meanwhile realized is, that during tests I was performing UIDs
from source were saved in “memberUid” attribute in AD, but as “member”
attribute is still empty it’s not solving my problem J
Cheers,
Marcin Baluta
Systems Administrator
tyntec GmbH
Semerteichstr. 54 - 56 | 44141 Dortmund, Germany
T +49 231 477 90 405 | F +49 231 108 799 2
http://www.tyntec.com/ www.tyntec.com
From: lsc-users-boun...@lists.lsc-project.org
[mailto:lsc-users-boun...@lists.lsc-project.org] On Behalf Of Maxime
Pelletier
Sent: Montag, 24. November 2014 16:45
To: lsc-users@lists.lsc-project.org
Subject: Re: [lsc-users] OpenLDAP 2 LDAP synchronization
Clément OUDOT clem.ou...@gmail.com a écrit :
2014-11-24 13:48 GMT+01:00 Marcin Baluta bal...@tyntec.com:
Hello Clement,
I still cannot manage to synchronize group membership. Actually – I’m not
sure what script should I use to achieve this.
Currently I have this taken from your LSC 1.1 tutorial
(http://lsc-project.org/wiki/documentation/1.1/tutorials/synchronizegroups):
dataset
namemember/name
policyFORCE/policy
forceValues
string![CDATA[var umembers =
srcBean.getAttributeValuesById(uniqueMember).toArray() ;
for (var i=0; iumembers.length; i++ ) {
try {
umembers[i] = ldap.attribute(ldap.list(
OU=Users,OU=imported,OU=test,DC=xxx,DC=xxx,(sAMAccountName=+(srcLdap.attribute(umembers[i],
'uid').get(0)
+ )
)).get(0), 'distinguishedName').get(0)
} catch (e) {
umembers[i]=null
}
}
var members = new Array();
var j=0;
for (var i=0; iumembers.length; i++) {
if (umembers[i]!=null) members[j++]=umembers[i]
}
members;]]
/string
/forceValues
/dataset
Any help kindly appreciated ;)
.. and of course I remember about beer for you J
Hi,
I just write a new tutorial that works with LSC 2:
http://lsc-project.org/wiki/documentation/tutorial/synchronizegroups
It should help you to achieve your task.
Clément.
Hi Clément,
I thought that with AD, the liste of member in a group had to be kept in
sync with the memberOf attribute of the user entry.
When I tested it a while ago, I had an exception when I tried to add a group
to a user by adding it ot its memberOf attribute. Is it different when you
add a user the member attribute of a group instead? Does AD update the
memberOf attribute of the user automatically?
Thanks
Max
___
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users
Re: [lsc-users] OpenLDAP 2 LDAP synchronization
2014-11-17 12:50 GMT+01:00 Marcin Baluta bal...@tyntec.com:
Hi Clement,
In shortcut – our goal is to have OpenLDAP and AD (Windows 2k12) fully
synchronized. So far I managed to catch users from OpenLDAP and place them
in desired OU. Now I’m facing a “group syncing” problem and cannot jump
through it.
I’m receiving this error: [LDAP: error code 65 - 207B: UpdErr:
DSID-03051266, problem 6002 (OBJ_CLASS_VIOLATION), data 0] when LSC tries
to create a group in AD. As I can guess - I’m missing some attribute
required by AD… or maybe something different.
Task for group syncing:
task
nameGroups/name
beanorg.lsc.beans.SimpleBean/bean
ldapSourceService
nameLDAPsource-service-groups/name
connection reference=LDAPsource /
baseDnou=groups,dc=xxx,dc=xxx,dc=xxx/baseDn
pivotAttributes
stringcn/string
/pivotAttributes
fetchedAttributes
stringcn/string
stringdescription/string
stringmemberUID/string
stringmember/string
/fetchedAttributes
getAllFilter![CDATA[(objectClass=posixGroup)]]/getAllFilter
getOneFilter![CDATA[((objectClass=posixGroup)(cn={cn}))]]/getOneFilter
cleanFilter![CDATA[((objectClass=posixGroup)(cn={cn}))]]/cleanFilter
/ldapSourceService
ldapDestinationService
nameLDAPdestination-service-groups/name
connection reference=LDAPdestination /
baseDnOU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx/baseDn
pivotAttributes
stringcn/string
/pivotAttributes
fetchedAttributes
stringcn/string
stringsAMAccountName/string
stringdistinguishedName/string
stringdescription/string
stringobjectClass/string
stringmemberUID/string
stringmember/string
/fetchedAttributes
getAllFilter![CDATA[(objectClass=group)]]/getAllFilter
getOneFilter![CDATA[((objectClass=group)(cn={cn}))]]/getOneFilter
/ldapDestinationService
propertiesBasedSyncOptions
mainIdentifierCN= + srcBean.getDatasetFirstValueById(cn) +
, OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx /mainIdentifier
defaultDelimiter;/defaultDelimiter
defaultPolicyFORCE/defaultPolicy
conditions
createtrue/create
updatetrue/update
deletefalse/delete
changeIdtrue/changeId
/conditions
dataset
namecn/name
policyFORCE/policy
createValues
stringsrcBean.getDatasetFirstValueById(cn)/string
/createValues
/dataset
dataset
namedescription/name
policyKEEP/policy
createValues
stringsrcBean.getAttributeValuesById(description)/string
/createValues
/dataset
dataset
namesAMAccountName/name
policyKEEP/policy
createValues
stringsrcBean.getDatasetFirstValueById(cn)/string
/createValues
/dataset
dataset
namedistinguishedName/name
policyKEEP/policy
createValues
stringCN= + srcBean.getDatasetFirstValueById(cn) + ,
OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx /string
/createValues
/dataset
dataset
nameobjectcClass/name
policyFORCE/policy
createValues
stringtop/string
stringgroup/string
/createValues
/dataset
dataset
namemember/name
policyFORCE/policy
forceValues
string
![CDATA[js: var dstMembers =
new Array();
var membersSrcDn =
srcBean.getDatasetValuesById(member);
for (var i=0; imembersSrcDn.size(); i++) {
var memberSrcDn =
membersSrcDn.get(i);
sam = srcLdap.attribute( memberSrcDn,
sAMAccountName).get(0);
dstMembers.push(sam)
}
dstMembers;
]]
/string
/forceValues
/dataset
/propertiesBasedSyncOptions
/task
Also very important info – our sAMAccountName is different than UID in
OpenLDAP. I put these datasets in “users sync task”:
dataset
namesamAccountName/name
policyKEEP/policy
createValues
stringsrcBean.getDatasetFirstValueById('givenName') + . +
srcBean.getDatasetFirstValueById('sn')/string
/createValues
/dataset
dataset
nameuid/name
policyKEEP/policy
forceValues
stringsrcBean.getDatasetFirstValueById(uid)/string
Re: [lsc-users] OpenLDAP 2 LDAP synchronization
2014-11-17 13:39 GMT+01:00 Marcin Baluta bal...@tyntec.com: Hi Clement, Hi Marcin, please answer to the list. Thanks for your reply. So, I commented out dataset with sAMAccountName and still have the same error. Basically it looks like this: Nov 17 13:33:19 - ERROR - Error while adding entry CN=stuff,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx in directory :javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - 207B: UpdErr: DSID-03051266, problem 6002 (OBJ_CLASS_VIOLATION), data 0 ]; remaining name 'CN=stuff,OU=Groups,OU=xxx,OU=xxx Nov 17 13:33:19 - ERROR - Error while synchronizing ID CN=stuff,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx: java.lang.Exception: Technical problem while applying modifications to the destination # Mon Nov 17 13:33:19 CET 2014 dn: CN=stuff,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx changetype: add memberUID: lot of memberUids here cn: stuff description: Stuff objectCategory: CN=stuff,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx and of course this goes for all groups listed in OpenLDAP. I think AD groups work with 'member' attribute containing DN of users. Clément. ___ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list lsc-users@lists.lsc-project.org http://lists.lsc-project.org/listinfo/lsc-users
Re: [lsc-users] OpenLDAP 2 LDAP synchronization
Hi Clement, I guess that the error I’m receiving has nothing to do with group membership. It just cannot create the group and I have no idea why. So the log without members being picked: Nov 17 14:45:31 - ERROR - Error while adding entry CN=admins,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx in directory :javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - 207B: UpdErr: DSID-03051266, problem 6002 (OBJ_CLASS_VIOLATION), data 0 ]; remaining name 'CN=admins,OU=Groups,OU=imported,OU=test’ Nov 17 14:45:31 - ERROR - Error while synchronizing ID CN=admins,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx: java.lang.Exception: Technical problem while applying modifications to the destination # Mon Nov 17 14:45:31 CET 2014 dn: CN=admins,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx changetype: add cn: admins description: System-Administration objectCategory: CN=admins,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx Cheers, Marcin Baluta Systems Administrator tyntec GmbH Semerteichstr. 54 - 56 | 44141 Dortmund, Germany T +49 231 477 90 405 | F +49 231 108 799 2 http://www.tyntec.com/ www.tyntec.com From: Clément OUDOT [mailto:clem.ou...@gmail.com] Sent: Montag, 17. November 2014 14:39 To: Marcin Baluta; lsc-userslsc-users Subject: Re: OpenLDAP 2 LDAP synchronization 2014-11-17 13:39 GMT+01:00 Marcin Baluta bal...@tyntec.com: Hi Clement, Hi Marcin, please answer to the list. Thanks for your reply. So, I commented out dataset with sAMAccountName and still have the same error. Basically it looks like this: Nov 17 13:33:19 - ERROR - Error while adding entry CN=stuff,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx in directory :javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - 207B: UpdErr: DSID-03051266, problem 6002 (OBJ_CLASS_VIOLATION), data 0 ]; remaining name 'CN=stuff,OU=Groups,OU=xxx,OU=xxx Nov 17 13:33:19 - ERROR - Error while synchronizing ID CN=stuff,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx: java.lang.Exception: Technical problem while applying modifications to the destination # Mon Nov 17 13:33:19 CET 2014 dn: CN=stuff,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx changetype: add memberUID: lot of memberUids here cn: stuff description: Stuff objectCategory: CN=stuff,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx and of course this goes for all groups listed in OpenLDAP. I think AD groups work with 'member' attribute containing DN of users. Clément. ___ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list lsc-users@lists.lsc-project.org http://lists.lsc-project.org/listinfo/lsc-users
Re: [lsc-users] OpenLDAP 2 LDAP synchronization
2014-11-17 14:50 GMT+01:00 Marcin Baluta bal...@tyntec.com: Hi Clement, I guess that the error I’m receiving has nothing to do with group membership. It just cannot create the group and I have no idea why. So the log without members being picked: Nov 17 14:45:31 - ERROR - Error while adding entry CN=admins,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx in directory :javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - 207B: UpdErr: DSID-03051266, problem 6002 (OBJ_CLASS_VIOLATION), data 0 ]; remaining name 'CN=admins,OU=Groups,OU=imported,OU=test’ Nov 17 14:45:31 - ERROR - Error while synchronizing ID CN=admins,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx: java.lang.Exception: Technical problem while applying modifications to the destination # Mon Nov 17 14:45:31 CET 2014 dn: CN=admins,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx changetype: add cn: admins description: System-Administration objectCategory: CN=admins,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx It is because you have no objectClass in your entry. Seems you have a typo in your lsc.xml: nameobjectcClass/name objectcClass - objectClass Clément. ___ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list lsc-users@lists.lsc-project.org http://lists.lsc-project.org/listinfo/lsc-users
Re: [lsc-users] OpenLDAP 2 LDAP synchronization
Holly crap, I owe you a beer Clement J So, after “fixing” typo groups have been created… … but no members in there. The java code I use is taken from depth of the Internet. I have no idea whether it’s working or not. Cheers, Marcin Baluta Systems Administrator tyntec GmbH Semerteichstr. 54 - 56 | 44141 Dortmund, Germany T +49 231 477 90 405 | F +49 231 108 799 2 http://www.tyntec.com/ www.tyntec.com From: Clément OUDOT [mailto:clem.ou...@gmail.com] Sent: Montag, 17. November 2014 15:00 To: Marcin Baluta Cc: lsc-userslsc-users Subject: Re: OpenLDAP 2 LDAP synchronization 2014-11-17 14:50 GMT+01:00 Marcin Baluta bal...@tyntec.com: Hi Clement, I guess that the error I’m receiving has nothing to do with group membership. It just cannot create the group and I have no idea why. So the log without members being picked: Nov 17 14:45:31 - ERROR - Error while adding entry CN=admins,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx in directory :javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - 207B: UpdErr: DSID-03051266, problem 6002 (OBJ_CLASS_VIOLATION), data 0 ]; remaining name 'CN=admins,OU=Groups,OU=imported,OU=test’ Nov 17 14:45:31 - ERROR - Error while synchronizing ID CN=admins,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx: java.lang.Exception: Technical problem while applying modifications to the destination # Mon Nov 17 14:45:31 CET 2014 dn: CN=admins,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx changetype: add cn: admins description: System-Administration objectCategory: CN=admins,OU=Groups,OU=imported,OU=test,DC=xxx,DC=xxx It is because you have no objectClass in your entry. Seems you have a typo in your lsc.xml: nameobjectcClass/name objectcClass - objectClass Clément. ___ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list lsc-users@lists.lsc-project.org http://lists.lsc-project.org/listinfo/lsc-users
Re: [lsc-users] OpenLDAP 2 LDAP synchronization
2014-11-17 15:20 GMT+01:00 Marcin Baluta bal...@tyntec.com: Holly crap, I owe you a beer Clement J Great ;) So, after “fixing” typo groups have been created… … but no members in there. The java code I use is taken from depth of the Internet. I have no idea whether it’s working or not. I think you need to push the DN of the users in the member attribute, not their sAMAccountName. Clément. ___ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list lsc-users@lists.lsc-project.org http://lists.lsc-project.org/listinfo/lsc-users
Re: [lsc-users] OpenLDAP 2 LDAP synchronization
You mean in js?
So it will be like this:
![CDATA[js: var dstMembers = new Array();
var membersSrcDn = srcBean.getDatasetValuesById(member);
for (var i=0; imembersSrcDn.size(); i++) {
var memberSrcDn = membersSrcDn.get(i);
sam = srcLdap.attribute( memberSrcDn,
distinguishedName).get(0);
dstMembers.push(sam)
}
dstMembers;
]]
Marcin Baluta
Systems Administrator
tyntec GmbH
Semerteichstr. 54 - 56 | 44141 Dortmund, Germany
T +49 231 477 90 405 | F +49 231 108 799 2
http://www.tyntec.com/ www.tyntec.com
From: Clément OUDOT [mailto:clem.ou...@gmail.com]
Sent: Montag, 17. November 2014 15:31
To: Marcin Baluta
Cc: lsc-userslsc-users
Subject: Re: OpenLDAP 2 LDAP synchronization
2014-11-17 15:20 GMT+01:00 Marcin Baluta bal...@tyntec.com:
Holly crap, I owe you a beer Clement J
Great ;)
So, after “fixing” typo groups have been created…
… but no members in there. The java code I use is taken from depth of the
Internet. I have no idea whether it’s working or not.
I think you need to push the DN of the users in the member attribute, not
their sAMAccountName.
Clément.
___
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users
Re: [lsc-users] OpenLDAP 2 LDAP synchronization
2014-11-17 15:45 GMT+01:00 Marcin Baluta bal...@tyntec.com:
You mean in js?
So it will be like this:
![CDATA[js: var dstMembers = new Array();
var membersSrcDn = srcBean.getDatasetValuesById(member);
for (var i=0; imembersSrcDn.size(); i++) {
var memberSrcDn = membersSrcDn.get(i);
sam = srcLdap.attribute( memberSrcDn,
distinguishedName).get(0);
dstMembers.push(sam)
}
dstMembers;
]]
No, you need to find the DN of the user as it will be in the destination
directory. You can search the destination directory with the sAMAccountName
to get the corresponding dn.
Clément.
___
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users
