[lsc-users] errors running the example: synchronizing to/from Active Directory

Natan Sanson nsanson at gmail.com
Tue Jan 3 14:54:27 CET 2012


you can use ldapsearch tool provided by ldaputils

However it's odd to have cn=administrator,dc=foo,dc=bar. Maybe ldp.exe
works negotiating, without specifiying the entire security context.

Try to use cn=administrator,cn=users,dc=foo,dc=bar. Normally you find there
the default administrative account in active directory

Alternativerly maybe you 389 port is not listening in the right interface.
Test from your Ubuntu machine if you are able to do a "telnet someIP 389".
If it works then you are facing ldap security context issues...

On Tue, Jan 3, 2012 at 2:45 PM, Che H M <che_1983 at hotmail.com> wrote:

>  Hi Natan,
>
> Thansk for the correction
> Foolish of me not noticing the "(", anyway I have a syncronization error
> now, mainly caused by the connection error.
>
> If I manually connect using ldp.exe (from my windows 7 to my AD server)
> with the same credentials, it works.
> Thus CN=administrator is existing.
>
> I wonder if I must use SSL or not, it was not required when I connect
> manually....
>
>
> dst.java.naming.provider.url = ldap://someIP:389/dc=foo,dc=bar
> dst.java.naming.security.principal = cn=administrator,dc=foo,dc=bar
>
>
> Is there anything in Ubuntu which I can use to test an ldap connection to
> AD?
>
>
> Thanks
>
>
> ------------------------------
> Date: Tue, 3 Jan 2012 14:19:00 +0100
> Subject: Re: [lsc-users] errors running the example: synchronizing to/from
> Active Directory
> From: nsanson at gmail.com
> To: che_1983 at hotmail.com
> CC: lsc-users at lists.lsc-project.org
>
>
> Hi Che, your ldap filter seems wrong
>
> Try (&(objectClass=inetOrgPerson)(uid=userX)) instead of
> (&objectClass=inetOrgPerson)(uid=userX))
>
> And about " Connecting to LDAP server ldap://someIP:389/dc=foo,dc=bar as
> cn=administrator,dc=foo,dc=bar", it seems your credentials are rejected or
> the admin distinguished name does not exist.
>
> Hope it helps
>
>     Natan
>
> On Tue, Jan 3, 2012 at 2:08 PM, Che H M <che_1983 at hotmail.com> wrote:
>
>
>
> Dear,
>
> I am currently testing the LSC stable version 1.2.1.
> and I'm using the Howto, described on the lsc-project.org.
>
> When I perform a dry run I come across several problems.
>
>
> root at ldap:/home/user/lsc# bin/lsc -f etc -c all -s all -n
> Jan 03 13:57:51 - INFO  - Starting sync for ADuser
> Jan 03 13:57:51 - INFO  - Connecting to LDAP server
> ldap://localhost:389/dc=fooz,dc=barz as cn=superUser,dc=fooz,dc=barz
> Jan 03 13:57:51 - ERROR - Error while looking for
> (&objectClass=inetOrgPerson)(uid=userX)) in ou=cc:
> javax.naming.directory.InvalidSearchFilterException: Unbalanced
> parenthesis; remaining name 'ou=cc'
> Jan 03 13:57:51 - ERROR - Error while synchronizing ID {uid=userX}:
> javax.naming.directory.InvalidSearchFilterException: Unbalanced
> parenthesis; remaining name 'ou=cc'
> Jan 03 13:57:51 - ERROR - Error while looking for
> (&objectClass=inetOrgPerson)(uid=userY)) in ou=cc:
> javax.naming.directory.InvalidSearchFilterException: Unbalanced
> parenthesis; remaining name 'ou=cc'
> Jan 03 13:57:51 - ERROR - Error while synchronizing ID {uid=userY}:
> javax.naming.directory.InvalidSearchFilterException: Unbalanced
> parenthesis; remaining name 'ou=cc'
> Jan 03 13:57:51 - ERROR - All entries: 2, to modify entries: 0, modified
> entries: 0, errors: 2
> Jan 03 13:57:51 - INFO  - Starting clean for ADuser
> Jan 03 13:57:51 - INFO  - Connecting to LDAP server
> ldap://someIP:389/dc=foo,dc=bar as cn=administrator,dc=foo,dc=bar
> Jan 03 13:57:51 - ERROR - Error opening the LDAP connection to the
> destination!
> Jan 03 13:57:51 - ERROR - java.lang.RuntimeException:
> javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
> v1db1]
> Last log file line: Jan 03 13:57:51 - ERROR - java.lang.RuntimeException:
> javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
> v1db1]
>
>
> I've noticed that someone else posted such error before and no reply has
> been given...
>
>
> Thanks in advance.
>
> Kind regards
>
> _______________________________________________________________
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>
> lsc-users mailing list
> lsc-users at lists.lsc-project.org
> http://lists.lsc-project.org/listinfo/lsc-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lsc-project.org/pipermail/lsc-users/attachments/20120103/c42f5d96/attachment-0001.htm>


More information about the lsc-users mailing list