[lsc-users] configure sync AD to OpenDJ

Avatar avatar.pm at gmail.com
Mon Sep 26 05:58:03 CEST 2011


First of all it seems all object of this OU come with error. I took 2 person
to check their mail out and it is. And mails are different. Maybe there is
some debug output, is there?

On Mon, Sep 26, 2011 at 2:03 AM, Sébastien Bahloul <
sebastien.bahloul at gmail.com> wrote:

> Can you take a look to see if any "Unable to get object for id=" is
> following a error like the following line ?
>
> Too many entries returned (base: "ou=DIT,dc=msk,dc=rian", filter:
> "(&(objectClass=organizationalPerson)(mail=e.mamajanyan at rian.ru))")
>
> It this is the case, fix the last issue and you would not see any "Unable
> to get object..." error message.
>
> And you need to fix this error because the corresponding entry will not be
> synchronized otherwise.
>
> Regards,
> --
> Sebastien BAHLOUL
> IAM / Security specialist
> Ldap Synchronization Connector : http://lsc-project.org
> Blog : http://sbahloul.wordpress.com/
>
>
>
> 2011/9/24 Avatar <avatar.pm at gmail.com>
>
>> There are a lot of records like this:
>>
>> Sep 24 08:42:41 - ERROR - Unable to get object for id=CN=ААААА_СТАНДАРТНЫЙ
>> ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian
>>
>>
>> On Sat, Sep 24, 2011 at 8:41 AM, Avatar <avatar.pm at gmail.com> wrote:
>>
>>> Yea, but may be can I ignore it?
>>>
>>>
>>> On Sat, Sep 24, 2011 at 12:36 AM, Sébastien Bahloul <
>>> sebastien.bahloul at gmail.com> wrote:
>>>
>>>> Hi Pavel,
>>>>
>>>> The issue for this run is that the LDAP search
>>>> "(&(objectClass=organizationalPerson)(mail=e.mamajanyan at rian.ru))" in "ou=DIT,dc=msk,dc=rian"
>>>> is returning 2 or more entries. The LSC is not able to handle a
>>>> synchronization from one to many. It requires that the filter you provide to
>>>> find the destination object returns a unique entry. So check the filter or
>>>> use other attribute values to make a more precise filter to obtain a
>>>> one-to-one mapping.
>>>>
>>>> In your first try, the LSC was not able to found any entries from the
>>>> source service, that's why I suggest you check your search filter through a
>>>> LDAP browser and you modify either the base or the filter
>>>>  > base: ou=DIT,dc=msk,dc=rian
>>>> > filter: (objectClass=organizationalPerson)
>>>> > requested attributes: mail
>>>> > and fix the corresponding parameter !
>>>>
>>>> Regards.
>>>>
>>>> Le vendredi 23 septembre 2011, Avatar a écrit :
>>>>
>>>> Strange, but it is not synchronize anything.
>>>>> Sorry, but I don't comprehend from your last mail what I have to change
>>>>> in my config.
>>>>>
>>>>>
>>>>> I run:
>>>>> /usr/src/lsc-trunk-SNAPSHOT/bin/lsc -f /usr/src/lsc-trunk-SNAPSHOT/etc
>>>>> -n -s all
>>>>>
>>>>> 10:16:46.270 [main] INFO  o.l.c.XmlConfigurationHelper - Loading
>>>>> plugins ...
>>>>> 10:16:57.030 [main] INFO  o.l.c.XmlConfigurationHelper - Plugins loaded
>>>>> ...
>>>>> 10:16:57.210 [main] INFO  org.lsc.jndi.JndiServices - Connecting to
>>>>> LDAP server ldap://ad0.rian.off:389/dc=msk,dc=rian as
>>>>> cn=SA_LDAP-Reader,ou=Test&ServiceUsers,dc=msk,dc=rian
>>>>> 10:16:57.330 [main] INFO  org.lsc.jndi.JndiServices - Connecting to
>>>>> LDAP server ldap://127.0.0.1/dc=dmz,dc=rian as cn=Directory Manager
>>>>> 10:16:57.334 [main] WARN  o.l.c.o.s.PropertiesBasedSyncOptions - Your
>>>>> main identifier will be used as a DN ("mail=" +
>>>>> srcBean.getAttributeFirstValueById("mail") + ",ou=DIT,dc=msk,dc=rian") in
>>>>> LDAP destination service and does not end with the context dn
>>>>> (dc=dmz,dc=rian). This is probably an error ! For LSC 1.X users, this is
>>>>> part of the changelog to 2.X.
>>>>> сен 23 10:16:57 - WARN  - Starting sync for People
>>>>> сен 23 10:16:57 - ERROR - Unable to get object for
>>>>> id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian
>>>>> сен 23 10:16:57 - ERROR - Too many entries returned (base:
>>>>> "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail=
>>>>> e.mamajanyan at rian.ru))")
>>>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail=
>>>>> e.mamajanyan at rian.ru}: org.lsc.exception.LscServiceException:
>>>>> javax.naming.SizeLimitExceededException: Too many entries returned (base:
>>>>> "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail=
>>>>> e.mamajanyan at rian.ru))")
>>>>> сен 23 10:16:57 - ERROR - Too many entries returned (base:
>>>>> "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail=
>>>>> e.mamajanyan at rian.ru))")
>>>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail=
>>>>> e.mamajanyan at rian.ru}: org.lsc.exception.LscServiceException:
>>>>> javax.naming.SizeLimitExceededException: Too many entries returned (base:
>>>>> "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail=
>>>>> e.mamajanyan at rian.ru))")
>>>>> сен 23 10:16:57 - ERROR - Unable to get object for
>>>>> id=CN=КРОСС,OU=OSS,OU=DIT,DC=msk,DC=rian
>>>>> сен 23 10:16:57 - ERROR - Unable to get object for
>>>>> id=CN=sa_presscenter,OU=OTOPC,OU=DIT,DC=msk,DC=rian
>>>>> сен 23 10:16:57 - ERROR - All entries: 46, to modify entries: 0,
>>>>> modified entries: 0, errors: 5
>>>>>
>>>>>
>>>>> I understand:
>>>>> Too many entries returned - it's duplicate in mail field
>>>>> Unable to get object for id - there is no mail
>>>>>
>>>>>
>>>>> Here is my full configuration:
>>>>> <?xml version="1.0" ?>
>>>>> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-1.0.xsd" id="1"
>>>>> revision="0">
>>>>>  <connections id="2">
>>>>>    <connection class="ldapConnection" id="3">
>>>>>      <id>ldap-src-conn</id>
>>>>>      <url>ldap://ad0.rian.off:389/dc=msk,dc=rian</url>
>>>>>
>>>>>  <username>cn=SA_LDAP-Reade,ou=Test&amp;ServiceUsers,dc=msk,dc=rian</username>
>>>>>      <password></password>
>>>>>      <authentication>SIMPLE</authentication>
>>>>>      <referral>IGNORE</referral>
>>>>>      <derefAliases>NEVER</derefAliases>
>>>>>      <version>VERSION_3</version>
>>>>>      <pageSize>-1</pageSize>
>>>>>      <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
>>>>>      <tlsActivated>false</tlsActivated>
>>>>>    </connection>
>>>>>    <connection class="ldapConnection" id="4">
>>>>>      <id>ldap-dst-conn</id>
>>>>>      <url>ldap://127.0.0.1/dc=dmz,dc=rian</url>
>>>>>      <username>cn=Directory Manager</username>
>>>>>      <password></password>
>>>>>      <authentication>SIMPLE</authentication>
>>>>>      <referral>IGNORE</referral>
>>>>>      <derefAliases>NEVER</derefAliases>
>>>>>      <version>VERSION_3</version>
>>>>>      <pageSize>-1</pageSize>
>>>>>      <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
>>>>>      <tlsActivated>false</tlsActivated>
>>>>>    </connection>
>>>>>  </connections>
>>>>>  <audits id="5">
>>>>> <audit class="csvAudit">
>>>>> <name>csv</name>
>>>>> <operations>create, delete</operations>
>>>>> <datasets>cn, dn</datasets>
>>>>> <separator>;</separator>
>>>>> <append>true</append>
>>>>> </audit>
>>>>> <audit class="ldifAudit">
>>>>> <name>ldif</name>
>>>>> <append>false</append>
>>>>> </audit>
>>>>>  </audits>
>>>>>  <tasks id="6">
>>>>>    <task id="7">
>>>>>      <name>People</name>
>>>>>      <bean>org.lsc.beans.SimpleBean</bean>
>>>>>      <sourceService class="ldapSourceService" id="11">
>>>>>        <name>openldap-source-service</name>
>>>>>        <connection reference="3" />
>>>>>        <baseDn>ou=DIT,dc=msk,dc=rian</baseDn>
>>>>>        <pivotAttributes>
>>>>>          <string>mail</string>
>>>>>        </pivotAttributes>
>>>>>        <fetchedAttributes>
>>>>>          <string>description</string>
>>>>>          <string>cn</string>
>>>>>          <string>sn</string>
>>>>>          <string>userPassword</string>
>>>>>          <string>objectClass</string>
>>>>>          <string>uid</string>
>>>>>          <string>mail</string>
>>>>>        </fetchedAttributes>
>>>>>        <getAllFilter>(objectClass=organizationalPerson)</getAllFilter>
>>>>>
>>>>>  <getOneFilter>(&amp;(objectClass=organizationalPerson)(mail={mail}))</getOneFilter>
>>>>>      </sourceService>
>>>>>      <destinationService class="ldapDestinationService" id="8">
>>>>>        <name>opends-dst-service</name>
>>>>>        <connection reference="4" />
>>>>>        <baseDn>ou=DIT,dc=dmz,dc=rian</baseDn>
>>>>>        <pivotAttributes id="9">
>>>>>          <string>mail</string>
>>>>>        </pivotAttributes>
>>>>>        <fetchedAttributes id="10">
>>>>>          <string>description</string>
>>>>>          <string>cn</string>
>>>>>          <string>sn</string>
>>>>>          <string>userPassword</string>
>>>>>          <string>objectClass</string>
>>>>>          <string>uid</string>
>>>>>          <string>mail</string>
>>>>>        </fetchedAttributes>
>>>>>        <getAllFilter>(objectClass=inetorgperson)</getAllFilter>
>>>>>
>>>>>  <getOneFilter>(&amp;(objectClass=inetorgperson)(mail={mail}))</getOneFilter>
>>>>>      </destinationService>
>>>>>      <syncOptions class="propertiesBasedSyncOptions" id="12">
>>>>>        <conditions id="13"></conditions>
>>>>>        <mainIdentifier>"mail=" +
>>>>> srcBean.getAttributeFirstValueById("mail") +
>>>>> ",ou=DIT,dc=msk,dc=rian"</mainIdentifier>
>>>>>        <defaultDelimiter>;</defaultDelimiter>
>>>>>        <defaultPolicy>FORCE</defaultPolicy>
>>>>>      </syncOptions>
>>>>>    </task>
>>>>>  </tasks>
>>>>> </lsc>
>>>>>
>>>>>
>>>>>
>>>>> On Thu, Sep 22, 2011 at 6:21 PM, Sébastien Bahloul <
>>>>> sebastien.bahloul at gmail.com> wrote:
>>>>> > Oh ! I read the first error message to fast : the error is simply
>>>>> that the
>>>>> > first list request on the source directory has not returned any data.
>>>>> > Try an external search with the following parameter on your source
>>>>> directory
>>>>> > :
>>>>> > base: ou=DIT,dc=msk,dc=rian
>>>>> > filter: (objectClass=organizationalPerson)
>>>>> > requested attributes: mail
>>>>> > and fix the corresponding parameter !
>>>>> > Regards
>>>>> >
>>>>> > --
>>>>> > Sebastien BAHLOUL
>>>>> > IAM / Security specialist
>>>>> > Ldap Synchronization Connector : http://lsc-project.org
>>>>> > Blog : http://sbahloul.wordpress.com/
>>>>> >
>>>>>
>>>>>
>>>>> --
>>>>> Rgrds, Pavel Morozov
>>>>>
>>>>>
>>>>
>>>> --
>>>> Sebastien BAHLOUL
>>>> IAM / Security specialist
>>>> Ldap Synchronization Connector : http://lsc-project.org
>>>> Blog : http://sbahloul.wordpress.com/
>>>>
>>>>
>>>
>>>
>>> --
>>> Rgrds, Pavel Morozov
>>>
>>
>>
>>
>> --
>> Rgrds, Pavel Morozov
>>
>
>


-- 
Rgrds, Pavel Morozov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lsc-project.org/pipermail/lsc-users/attachments/20110926/d744337b/attachment-0001.htm>


More information about the lsc-users mailing list