[lsc-users] configure sync AD to OpenDJ

Avatar avatar.pm at gmail.com
Sat Sep 24 08:45:51 CEST 2011


There are a lot of records like this:

Sep 24 08:42:41 - ERROR - Unable to get object for id=CN=ААААА_СТАНДАРТНЫЙ
ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian


On Sat, Sep 24, 2011 at 8:41 AM, Avatar <avatar.pm at gmail.com> wrote:

> Yea, but may be can I ignore it?
>
>
> On Sat, Sep 24, 2011 at 12:36 AM, Sébastien Bahloul <
> sebastien.bahloul at gmail.com> wrote:
>
>> Hi Pavel,
>>
>> The issue for this run is that the LDAP search
>> "(&(objectClass=organizationalPerson)(mail=e.mamajanyan at rian.ru))" in "ou=DIT,dc=msk,dc=rian"
>> is returning 2 or more entries. The LSC is not able to handle a
>> synchronization from one to many. It requires that the filter you provide to
>> find the destination object returns a unique entry. So check the filter or
>> use other attribute values to make a more precise filter to obtain a
>> one-to-one mapping.
>>
>> In your first try, the LSC was not able to found any entries from the
>> source service, that's why I suggest you check your search filter through a
>> LDAP browser and you modify either the base or the filter
>>  > base: ou=DIT,dc=msk,dc=rian
>> > filter: (objectClass=organizationalPerson)
>> > requested attributes: mail
>> > and fix the corresponding parameter !
>>
>> Regards.
>>
>> Le vendredi 23 septembre 2011, Avatar a écrit :
>>
>> Strange, but it is not synchronize anything.
>>> Sorry, but I don't comprehend from your last mail what I have to change
>>> in my config.
>>>
>>>
>>> I run:
>>> /usr/src/lsc-trunk-SNAPSHOT/bin/lsc -f /usr/src/lsc-trunk-SNAPSHOT/etc -n
>>> -s all
>>>
>>> 10:16:46.270 [main] INFO  o.l.c.XmlConfigurationHelper - Loading plugins
>>> ...
>>> 10:16:57.030 [main] INFO  o.l.c.XmlConfigurationHelper - Plugins loaded
>>> ...
>>> 10:16:57.210 [main] INFO  org.lsc.jndi.JndiServices - Connecting to LDAP
>>> server ldap://ad0.rian.off:389/dc=msk,dc=rian as
>>> cn=SA_LDAP-Reader,ou=Test&ServiceUsers,dc=msk,dc=rian
>>> 10:16:57.330 [main] INFO  org.lsc.jndi.JndiServices - Connecting to LDAP
>>> server ldap://127.0.0.1/dc=dmz,dc=rian as cn=Directory Manager
>>> 10:16:57.334 [main] WARN  o.l.c.o.s.PropertiesBasedSyncOptions - Your
>>> main identifier will be used as a DN ("mail=" +
>>> srcBean.getAttributeFirstValueById("mail") + ",ou=DIT,dc=msk,dc=rian") in
>>> LDAP destination service and does not end with the context dn
>>> (dc=dmz,dc=rian). This is probably an error ! For LSC 1.X users, this is
>>> part of the changelog to 2.X.
>>> сен 23 10:16:57 - WARN  - Starting sync for People
>>> сен 23 10:16:57 - ERROR - Unable to get object for
>>> id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian
>>> сен 23 10:16:57 - ERROR - Too many entries returned (base:
>>> "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail=
>>> e.mamajanyan at rian.ru))")
>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail=
>>> e.mamajanyan at rian.ru}: org.lsc.exception.LscServiceException:
>>> javax.naming.SizeLimitExceededException: Too many entries returned (base:
>>> "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail=
>>> e.mamajanyan at rian.ru))")
>>> сен 23 10:16:57 - ERROR - Too many entries returned (base:
>>> "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail=
>>> e.mamajanyan at rian.ru))")
>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail=
>>> e.mamajanyan at rian.ru}: org.lsc.exception.LscServiceException:
>>> javax.naming.SizeLimitExceededException: Too many entries returned (base:
>>> "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail=
>>> e.mamajanyan at rian.ru))")
>>> сен 23 10:16:57 - ERROR - Unable to get object for
>>> id=CN=КРОСС,OU=OSS,OU=DIT,DC=msk,DC=rian
>>> сен 23 10:16:57 - ERROR - Unable to get object for
>>> id=CN=sa_presscenter,OU=OTOPC,OU=DIT,DC=msk,DC=rian
>>> сен 23 10:16:57 - ERROR - All entries: 46, to modify entries: 0, modified
>>> entries: 0, errors: 5
>>>
>>>
>>> I understand:
>>> Too many entries returned - it's duplicate in mail field
>>> Unable to get object for id - there is no mail
>>>
>>>
>>> Here is my full configuration:
>>> <?xml version="1.0" ?>
>>> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-1.0.xsd" id="1"
>>> revision="0">
>>>  <connections id="2">
>>>    <connection class="ldapConnection" id="3">
>>>      <id>ldap-src-conn</id>
>>>      <url>ldap://ad0.rian.off:389/dc=msk,dc=rian</url>
>>>
>>>  <username>cn=SA_LDAP-Reade,ou=Test&amp;ServiceUsers,dc=msk,dc=rian</username>
>>>      <password></password>
>>>      <authentication>SIMPLE</authentication>
>>>      <referral>IGNORE</referral>
>>>      <derefAliases>NEVER</derefAliases>
>>>      <version>VERSION_3</version>
>>>      <pageSize>-1</pageSize>
>>>      <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
>>>      <tlsActivated>false</tlsActivated>
>>>    </connection>
>>>    <connection class="ldapConnection" id="4">
>>>      <id>ldap-dst-conn</id>
>>>      <url>ldap://127.0.0.1/dc=dmz,dc=rian</url>
>>>      <username>cn=Directory Manager</username>
>>>      <password></password>
>>>      <authentication>SIMPLE</authentication>
>>>      <referral>IGNORE</referral>
>>>      <derefAliases>NEVER</derefAliases>
>>>      <version>VERSION_3</version>
>>>      <pageSize>-1</pageSize>
>>>      <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
>>>      <tlsActivated>false</tlsActivated>
>>>    </connection>
>>>  </connections>
>>>  <audits id="5">
>>> <audit class="csvAudit">
>>> <name>csv</name>
>>> <operations>create, delete</operations>
>>> <datasets>cn, dn</datasets>
>>> <separator>;</separator>
>>> <append>true</append>
>>> </audit>
>>> <audit class="ldifAudit">
>>> <name>ldif</name>
>>> <append>false</append>
>>> </audit>
>>>  </audits>
>>>  <tasks id="6">
>>>    <task id="7">
>>>      <name>People</name>
>>>      <bean>org.lsc.beans.SimpleBean</bean>
>>>      <sourceService class="ldapSourceService" id="11">
>>>        <name>openldap-source-service</name>
>>>        <connection reference="3" />
>>>        <baseDn>ou=DIT,dc=msk,dc=rian</baseDn>
>>>        <pivotAttributes>
>>>          <string>mail</string>
>>>        </pivotAttributes>
>>>        <fetchedAttributes>
>>>          <string>description</string>
>>>          <string>cn</string>
>>>          <string>sn</string>
>>>          <string>userPassword</string>
>>>          <string>objectClass</string>
>>>          <string>uid</string>
>>>          <string>mail</string>
>>>        </fetchedAttributes>
>>>        <getAllFilter>(objectClass=organizationalPerson)</getAllFilter>
>>>
>>>  <getOneFilter>(&amp;(objectClass=organizationalPerson)(mail={mail}))</getOneFilter>
>>>      </sourceService>
>>>      <destinationService class="ldapDestinationService" id="8">
>>>        <name>opends-dst-service</name>
>>>        <connection reference="4" />
>>>        <baseDn>ou=DIT,dc=dmz,dc=rian</baseDn>
>>>        <pivotAttributes id="9">
>>>          <string>mail</string>
>>>        </pivotAttributes>
>>>        <fetchedAttributes id="10">
>>>          <string>description</string>
>>>          <string>cn</string>
>>>          <string>sn</string>
>>>          <string>userPassword</string>
>>>          <string>objectClass</string>
>>>          <string>uid</string>
>>>          <string>mail</string>
>>>        </fetchedAttributes>
>>>        <getAllFilter>(objectClass=inetorgperson)</getAllFilter>
>>>
>>>  <getOneFilter>(&amp;(objectClass=inetorgperson)(mail={mail}))</getOneFilter>
>>>      </destinationService>
>>>      <syncOptions class="propertiesBasedSyncOptions" id="12">
>>>        <conditions id="13"></conditions>
>>>        <mainIdentifier>"mail=" +
>>> srcBean.getAttributeFirstValueById("mail") +
>>> ",ou=DIT,dc=msk,dc=rian"</mainIdentifier>
>>>        <defaultDelimiter>;</defaultDelimiter>
>>>        <defaultPolicy>FORCE</defaultPolicy>
>>>      </syncOptions>
>>>    </task>
>>>  </tasks>
>>> </lsc>
>>>
>>>
>>>
>>> On Thu, Sep 22, 2011 at 6:21 PM, Sébastien Bahloul <
>>> sebastien.bahloul at gmail.com> wrote:
>>> > Oh ! I read the first error message to fast : the error is simply that
>>> the
>>> > first list request on the source directory has not returned any data.
>>> > Try an external search with the following parameter on your source
>>> directory
>>> > :
>>> > base: ou=DIT,dc=msk,dc=rian
>>> > filter: (objectClass=organizationalPerson)
>>> > requested attributes: mail
>>> > and fix the corresponding parameter !
>>> > Regards
>>> >
>>> > --
>>> > Sebastien BAHLOUL
>>> > IAM / Security specialist
>>> > Ldap Synchronization Connector : http://lsc-project.org
>>> > Blog : http://sbahloul.wordpress.com/
>>> >
>>>
>>>
>>> --
>>> Rgrds, Pavel Morozov
>>>
>>>
>>
>> --
>> Sebastien BAHLOUL
>> IAM / Security specialist
>> Ldap Synchronization Connector : http://lsc-project.org
>> Blog : http://sbahloul.wordpress.com/
>>
>>
>
>
> --
> Rgrds, Pavel Morozov
>



-- 
Rgrds, Pavel Morozov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lsc-project.org/pipermail/lsc-users/attachments/20110924/e97b187b/attachment-0001.htm>


More information about the lsc-users mailing list