[lsc-users] errors running the example: synchronizing to/from Active Directory

Sébastien Bahloul sebastien.bahloul at gmail.com
Tue Jan 3 19:12:16 CET 2012


Hi Che,

Can you reexplain it ? It seems that your new filter is also incorrect :

(&(objectClass=user)(sAMAccountName=userX))*,*(uid=userX)

Try (&(objectClass=user)(sAMAccountName=userX)(uid=userX))

Regards,
-- 
Sebastien BAHLOUL
IAM / Security specialist
Ldap Synchronization Connector : http://lsc-project.org
Blog : http://sbahloul.wordpress.com/



2012/1/3 Che H M <che_1983 at hotmail.com>

>  Great,
>
> It took me a while to use the ldapsearch, but it worked.
> Also works if you add the "cn=users"
>
> I just need to compare the src baseDN and dst baseDN... think there might
> be some mistake. Or I'll try the full DN again :)
>
> Jan 03 15:24:53 - ERROR - Error while looking for
> (&(objectClass=user)(sAMAccountName=userX)),(uid=userX) in ou=cc:
> javax.naming.directory.InvalidSearchFilterException: invalid attribute
> description; remaining name 'ou=cc'
> Jan 03 15:24:53 - ERROR - Error while synchronizing ID {uid=userX}:
> javax.naming.directory.InvalidSearchFilterException: invalid attribute
> description; remaining name 'ou=cc'
>
>
> Thanks ! !
>
>
>
> ------------------------------
> Date: Tue, 3 Jan 2012 14:54:27 +0100
>
> Subject: Re: [lsc-users] errors running the example: synchronizing to/from
> Active Directory
> From: nsanson at gmail.com
> To: che_1983 at hotmail.com
> CC: lsc-users at lists.lsc-project.org
>
> you can use ldapsearch tool provided by ldaputils
>
> However it's odd to have cn=administrator,dc=foo,dc=bar. Maybe ldp.exe
> works negotiating, without specifiying the entire security context.
>
> Try to use cn=administrator,cn=users,dc=foo,dc=bar. Normally you find
> there the default administrative account in active directory
>
> Alternativerly maybe you 389 port is not listening in the right interface.
> Test from your Ubuntu machine if you are able to do a "telnet someIP 389".
> If it works then you are facing ldap security context issues...
>
> On Tue, Jan 3, 2012 at 2:45 PM, Che H M <che_1983 at hotmail.com> wrote:
>
>  Hi Natan,
>
> Thansk for the correction
> Foolish of me not noticing the "(", anyway I have a syncronization error
> now, mainly caused by the connection error.
>
> If I manually connect using ldp.exe (from my windows 7 to my AD server)
> with the same credentials, it works.
> Thus CN=administrator is existing.
>
> I wonder if I must use SSL or not, it was not required when I connect
> manually....
>
>
> dst.java.naming.provider.url = ldap://someIP:389/dc=foo,dc=bar
> dst.java.naming.security.principal = cn=administrator,dc=foo,dc=bar
>
>
> Is there anything in Ubuntu which I can use to test an ldap connection to
> AD?
>
>
> Thanks
>
>
> ------------------------------
> Date: Tue, 3 Jan 2012 14:19:00 +0100
> Subject: Re: [lsc-users] errors running the example: synchronizing to/from
> Active Directory
> From: nsanson at gmail.com
> To: che_1983 at hotmail.com
> CC: lsc-users at lists.lsc-project.org
>
>
> Hi Che, your ldap filter seems wrong
>
> Try (&(objectClass=inetOrgPerson)(uid=userX)) instead of
> (&objectClass=inetOrgPerson)(uid=userX))
>
> And about " Connecting to LDAP server ldap://someIP:389/dc=foo,dc=bar as
> cn=administrator,dc=foo,dc=bar", it seems your credentials are rejected or
> the admin distinguished name does not exist.
>
> Hope it helps
>
>     Natan
>
> On Tue, Jan 3, 2012 at 2:08 PM, Che H M <che_1983 at hotmail.com> wrote:
>
>
>
> Dear,
>
> I am currently testing the LSC stable version 1.2.1.
> and I'm using the Howto, described on the lsc-project.org.
>
> When I perform a dry run I come across several problems.
>
>
> root at ldap:/home/user/lsc# bin/lsc -f etc -c all -s all -n
> Jan 03 13:57:51 - INFO  - Starting sync for ADuser
> Jan 03 13:57:51 - INFO  - Connecting to LDAP server
> ldap://localhost:389/dc=fooz,dc=barz as cn=superUser,dc=fooz,dc=barz
> Jan 03 13:57:51 - ERROR - Error while looking for
> (&objectClass=inetOrgPerson)(uid=userX)) in ou=cc:
> javax.naming.directory.InvalidSearchFilterException: Unbalanced
> parenthesis; remaining name 'ou=cc'
> Jan 03 13:57:51 - ERROR - Error while synchronizing ID {uid=userX}:
> javax.naming.directory.InvalidSearchFilterException: Unbalanced
> parenthesis; remaining name 'ou=cc'
> Jan 03 13:57:51 - ERROR - Error while looking for
> (&objectClass=inetOrgPerson)(uid=userY)) in ou=cc:
> javax.naming.directory.InvalidSearchFilterException: Unbalanced
> parenthesis; remaining name 'ou=cc'
> Jan 03 13:57:51 - ERROR - Error while synchronizing ID {uid=userY}:
> javax.naming.directory.InvalidSearchFilterException: Unbalanced
> parenthesis; remaining name 'ou=cc'
> Jan 03 13:57:51 - ERROR - All entries: 2, to modify entries: 0, modified
> entries: 0, errors: 2
> Jan 03 13:57:51 - INFO  - Starting clean for ADuser
> Jan 03 13:57:51 - INFO  - Connecting to LDAP server
> ldap://someIP:389/dc=foo,dc=bar as cn=administrator,dc=foo,dc=bar
> Jan 03 13:57:51 - ERROR - Error opening the LDAP connection to the
> destination!
> Jan 03 13:57:51 - ERROR - java.lang.RuntimeException:
> javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
> v1db1]
> Last log file line: Jan 03 13:57:51 - ERROR - java.lang.RuntimeException:
> javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
> v1db1]
>
>
> I've noticed that someone else posted such error before and no reply has
> been given...
>
>
> Thanks in advance.
>
> Kind regards
>
> _______________________________________________________________
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>
> lsc-users mailing list
> lsc-users at lists.lsc-project.org
> http://lists.lsc-project.org/listinfo/lsc-users
>
>
>
>
> _______________________________________________________________
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>
> lsc-users mailing list
> lsc-users at lists.lsc-project.org
> http://lists.lsc-project.org/listinfo/lsc-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lsc-project.org/pipermail/lsc-users/attachments/20120103/1cda2fd3/attachment.htm>


More information about the lsc-users mailing list