[lsc-users] configure sync AD to OpenDJ

Sébastien Bahloul sebastien.bahloul at gmail.com
Mon Sep 26 09:34:37 CEST 2011


Put DEBUG instead of INFO in logback.xml and try again

Regards,

-- 
Sebastien BAHLOUL
IAM / Security specialist
Ldap Synchronization Connector : http://lsc-project.org
Blog : http://sbahloul.wordpress.com/



2011/9/26 Avatar <avatar.pm at gmail.com>

> First of all it seems all object of this OU come with error. I took 2
> person to check their mail out and it is. And mails are different. Maybe
> there is some debug output, is there?
>
>
> On Mon, Sep 26, 2011 at 2:03 AM, Sébastien Bahloul <
> sebastien.bahloul at gmail.com> wrote:
>
>> Can you take a look to see if any "Unable to get object for id=" is
>> following a error like the following line ?
>>
>> Too many entries returned (base: "ou=DIT,dc=msk,dc=rian", filter:
>> "(&(objectClass=organizationalPerson)(mail=e.mamajanyan at rian.ru))")
>>
>> It this is the case, fix the last issue and you would not see any "Unable
>> to get object..." error message.
>>
>> And you need to fix this error because the corresponding entry will not be
>> synchronized otherwise.
>>
>> Regards,
>> --
>> Sebastien BAHLOUL
>> IAM / Security specialist
>> Ldap Synchronization Connector : http://lsc-project.org
>> Blog : http://sbahloul.wordpress.com/
>>
>>
>>
>> 2011/9/24 Avatar <avatar.pm at gmail.com>
>>
>>> There are a lot of records like this:
>>>
>>> Sep 24 08:42:41 - ERROR - Unable to get object for
>>> id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian
>>>
>>>
>>> On Sat, Sep 24, 2011 at 8:41 AM, Avatar <avatar.pm at gmail.com> wrote:
>>>
>>>> Yea, but may be can I ignore it?
>>>>
>>>>
>>>> On Sat, Sep 24, 2011 at 12:36 AM, Sébastien Bahloul <
>>>> sebastien.bahloul at gmail.com> wrote:
>>>>
>>>>> Hi Pavel,
>>>>>
>>>>> The issue for this run is that the LDAP search
>>>>> "(&(objectClass=organizationalPerson)(mail=e.mamajanyan at rian.ru))" in "ou=DIT,dc=msk,dc=rian"
>>>>> is returning 2 or more entries. The LSC is not able to handle a
>>>>> synchronization from one to many. It requires that the filter you provide to
>>>>> find the destination object returns a unique entry. So check the filter or
>>>>> use other attribute values to make a more precise filter to obtain a
>>>>> one-to-one mapping.
>>>>>
>>>>> In your first try, the LSC was not able to found any entries from the
>>>>> source service, that's why I suggest you check your search filter through a
>>>>> LDAP browser and you modify either the base or the filter
>>>>>  > base: ou=DIT,dc=msk,dc=rian
>>>>> > filter: (objectClass=organizationalPerson)
>>>>> > requested attributes: mail
>>>>> > and fix the corresponding parameter !
>>>>>
>>>>> Regards.
>>>>>
>>>>> Le vendredi 23 septembre 2011, Avatar a écrit :
>>>>>
>>>>> Strange, but it is not synchronize anything.
>>>>>> Sorry, but I don't comprehend from your last mail what I have to
>>>>>> change in my config.
>>>>>>
>>>>>>
>>>>>> I run:
>>>>>> /usr/src/lsc-trunk-SNAPSHOT/bin/lsc -f /usr/src/lsc-trunk-SNAPSHOT/etc
>>>>>> -n -s all
>>>>>>
>>>>>> 10:16:46.270 [main] INFO  o.l.c.XmlConfigurationHelper - Loading
>>>>>> plugins ...
>>>>>> 10:16:57.030 [main] INFO  o.l.c.XmlConfigurationHelper - Plugins
>>>>>> loaded ...
>>>>>> 10:16:57.210 [main] INFO  org.lsc.jndi.JndiServices - Connecting to
>>>>>> LDAP server ldap://ad0.rian.off:389/dc=msk,dc=rian as
>>>>>> cn=SA_LDAP-Reader,ou=Test&ServiceUsers,dc=msk,dc=rian
>>>>>> 10:16:57.330 [main] INFO  org.lsc.jndi.JndiServices - Connecting to
>>>>>> LDAP server ldap://127.0.0.1/dc=dmz,dc=rian as cn=Directory Manager
>>>>>> 10:16:57.334 [main] WARN  o.l.c.o.s.PropertiesBasedSyncOptions - Your
>>>>>> main identifier will be used as a DN ("mail=" +
>>>>>> srcBean.getAttributeFirstValueById("mail") + ",ou=DIT,dc=msk,dc=rian") in
>>>>>> LDAP destination service and does not end with the context dn
>>>>>> (dc=dmz,dc=rian). This is probably an error ! For LSC 1.X users, this is
>>>>>> part of the changelog to 2.X.
>>>>>> сен 23 10:16:57 - WARN  - Starting sync for People
>>>>>> сен 23 10:16:57 - ERROR - Unable to get object for
>>>>>> id=CN=ААААА_СТАНДАРТНЫЙ ПОЛЬЗОВАТЕЛЬ для ДИТ_ААААА,OU=DIT,DC=msk,DC=rian
>>>>>> сен 23 10:16:57 - ERROR - Too many entries returned (base:
>>>>>> "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail=
>>>>>> e.mamajanyan at rian.ru))")
>>>>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail=
>>>>>> e.mamajanyan at rian.ru}: org.lsc.exception.LscServiceException:
>>>>>> javax.naming.SizeLimitExceededException: Too many entries returned (base:
>>>>>> "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail=
>>>>>> e.mamajanyan at rian.ru))")
>>>>>> сен 23 10:16:57 - ERROR - Too many entries returned (base:
>>>>>> "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail=
>>>>>> e.mamajanyan at rian.ru))")
>>>>>> сен 23 10:16:57 - ERROR - Error while synchronizing ID {mail=
>>>>>> e.mamajanyan at rian.ru}: org.lsc.exception.LscServiceException:
>>>>>> javax.naming.SizeLimitExceededException: Too many entries returned (base:
>>>>>> "ou=DIT,dc=msk,dc=rian", filter: "(&(objectClass=organizationalPerson)(mail=
>>>>>> e.mamajanyan at rian.ru))")
>>>>>> сен 23 10:16:57 - ERROR - Unable to get object for
>>>>>> id=CN=КРОСС,OU=OSS,OU=DIT,DC=msk,DC=rian
>>>>>> сен 23 10:16:57 - ERROR - Unable to get object for
>>>>>> id=CN=sa_presscenter,OU=OTOPC,OU=DIT,DC=msk,DC=rian
>>>>>> сен 23 10:16:57 - ERROR - All entries: 46, to modify entries: 0,
>>>>>> modified entries: 0, errors: 5
>>>>>>
>>>>>>
>>>>>> I understand:
>>>>>> Too many entries returned - it's duplicate in mail field
>>>>>> Unable to get object for id - there is no mail
>>>>>>
>>>>>>
>>>>>> Here is my full configuration:
>>>>>> <?xml version="1.0" ?>
>>>>>> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-1.0.xsd" id="1"
>>>>>> revision="0">
>>>>>>  <connections id="2">
>>>>>>    <connection class="ldapConnection" id="3">
>>>>>>      <id>ldap-src-conn</id>
>>>>>>      <url>ldap://ad0.rian.off:389/dc=msk,dc=rian</url>
>>>>>>
>>>>>>  <username>cn=SA_LDAP-Reade,ou=Test&amp;ServiceUsers,dc=msk,dc=rian</username>
>>>>>>      <password></password>
>>>>>>      <authentication>SIMPLE</authentication>
>>>>>>      <referral>IGNORE</referral>
>>>>>>      <derefAliases>NEVER</derefAliases>
>>>>>>      <version>VERSION_3</version>
>>>>>>      <pageSize>-1</pageSize>
>>>>>>      <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
>>>>>>      <tlsActivated>false</tlsActivated>
>>>>>>    </connection>
>>>>>>    <connection class="ldapConnection" id="4">
>>>>>>      <id>ldap-dst-conn</id>
>>>>>>      <url>ldap://127.0.0.1/dc=dmz,dc=rian</url>
>>>>>>      <username>cn=Directory Manager</username>
>>>>>>      <password></password>
>>>>>>      <authentication>SIMPLE</authentication>
>>>>>>      <referral>IGNORE</referral>
>>>>>>      <derefAliases>NEVER</derefAliases>
>>>>>>      <version>VERSION_3</version>
>>>>>>      <pageSize>-1</pageSize>
>>>>>>      <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
>>>>>>      <tlsActivated>false</tlsActivated>
>>>>>>    </connection>
>>>>>>  </connections>
>>>>>>  <audits id="5">
>>>>>> <audit class="csvAudit">
>>>>>> <name>csv</name>
>>>>>> <operations>create, delete</operations>
>>>>>> <datasets>cn, dn</datasets>
>>>>>> <separator>;</separator>
>>>>>> <append>true</append>
>>>>>> </audit>
>>>>>> <audit class="ldifAudit">
>>>>>> <name>ldif</name>
>>>>>> <append>false</append>
>>>>>> </audit>
>>>>>>  </audits>
>>>>>>  <tasks id="6">
>>>>>>    <task id="7">
>>>>>>      <name>People</name>
>>>>>>      <bean>org.lsc.beans.SimpleBean</bean>
>>>>>>      <sourceService class="ldapSourceService" id="11">
>>>>>>        <name>openldap-source-service</name>
>>>>>>        <connection reference="3" />
>>>>>>        <baseDn>ou=DIT,dc=msk,dc=rian</baseDn>
>>>>>>        <pivotAttributes>
>>>>>>          <string>mail</string>
>>>>>>        </pivotAttributes>
>>>>>>        <fetchedAttributes>
>>>>>>          <string>description</string>
>>>>>>          <string>cn</string>
>>>>>>          <string>sn</string>
>>>>>>          <string>userPassword</string>
>>>>>>          <string>objectClass</string>
>>>>>>          <string>uid</string>
>>>>>>          <string>mail</string>
>>>>>>        </fetchedAttributes>
>>>>>>        <getAllFilter>(objectClass=organizationalPerson)</getAllFilter>
>>>>>>
>>>>>>  <getOneFilter>(&amp;(objectClass=organizationalPerson)(mail={mail}))</getOneFilter>
>>>>>>      </sourceService>
>>>>>>      <destinationService class="ldapDestinationService" id="8">
>>>>>>        <name>opends-dst-service</name>
>>>>>>        <connection reference="4" />
>>>>>>        <baseDn>ou=DIT,dc=dmz,dc=rian</baseDn>
>>>>>>        <pivotAttributes id="9">
>>>>>>          <string>mail</string>
>>>>>>        </pivotAttributes>
>>>>>>        <fetchedAttributes id="10">
>>>>>>          <string>description</string>
>>>>>>          <string>cn</string>
>>>>>>          <string>sn</string>
>>>>>>          <string>userPassword</string>
>>>>>>          <string>objectClass</string>
>>>>>>          <string>uid</string>
>>>>>>          <string>mail</string>
>>>>>>        </fetchedAttributes>
>>>>>>        <getAllFilter>(objectClass=inetorgperson)</getAllFilter>
>>>>>>
>>>>>>  <getOneFilter>(&amp;(objectClass=inetorgperson)(mail={mail}))</getOneFilter>
>>>>>>      </destinationService>
>>>>>>      <syncOptions class="propertiesBasedSyncOptions" id="12">
>>>>>>        <conditions id="13"></conditions>
>>>>>>        <mainIdentifier>"mail=" +
>>>>>> srcBean.getAttributeFirstValueById("mail") +
>>>>>> ",ou=DIT,dc=msk,dc=rian"</mainIdentifier>
>>>>>>        <defaultDelimiter>;</defaultDelimiter>
>>>>>>        <defaultPolicy>FORCE</defaultPolicy>
>>>>>>      </syncOptions>
>>>>>>    </task>
>>>>>>  </tasks>
>>>>>> </lsc>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Thu, Sep 22, 2011 at 6:21 PM, Sébastien Bahloul <
>>>>>> sebastien.bahloul at gmail.com> wrote:
>>>>>> > Oh ! I read the first error message to fast : the error is simply
>>>>>> that the
>>>>>> > first list request on the source directory has not returned any
>>>>>> data.
>>>>>> > Try an external search with the following parameter on your source
>>>>>> directory
>>>>>> > :
>>>>>> > base: ou=DIT,dc=msk,dc=rian
>>>>>> > filter: (objectClass=organizationalPerson)
>>>>>> > requested attributes: mail
>>>>>> > and fix the corresponding parameter !
>>>>>> > Regards
>>>>>> >
>>>>>> > --
>>>>>> > Sebastien BAHLOUL
>>>>>> > IAM / Security specialist
>>>>>> > Ldap Synchronization Connector : http://lsc-project.org
>>>>>> > Blog : http://sbahloul.wordpress.com/
>>>>>> >
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Rgrds, Pavel Morozov
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> Sebastien BAHLOUL
>>>>> IAM / Security specialist
>>>>> Ldap Synchronization Connector : http://lsc-project.org
>>>>> Blog : http://sbahloul.wordpress.com/
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Rgrds, Pavel Morozov
>>>>
>>>
>>>
>>>
>>> --
>>> Rgrds, Pavel Morozov
>>>
>>
>>
>
>
> --
> Rgrds, Pavel Morozov
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lsc-project.org/pipermail/lsc-users/attachments/20110926/3e19e840/attachment-0001.htm>


More information about the lsc-users mailing list