[lsc-users] ERROR - Error while adding entry ... // [LDAP: error code 68 - Entry Already Exists]

MAUBON Renaud NEURONES IT renaud.maubon at cea.fr
Wed Oct 15 15:19:58 CEST 2014


Hi

I try to configure LSC to synchronize AD to an existing OpenLDAP.
But I am having some difficulties.
The accounts do not exist are created, but existing accounts are not 
updated.
Also I would like that the existing account on OpenLDAP keep their UID 
number


Thanks for your help.

RenaudM



------------ CONFIGURATION ---------------

<tasks>

     <task>
       <name>SyncADtoLDAPusers</name>
       <bean>org.lsc.beans.SimpleBean</bean>


                 <ldapSourceService>
                         <name>AD-SRC-USERS-LABO</name>
                         <connection reference="src-ad" />
<baseDn>ou=LABO,ou=SERVICE,ou=DIR,ou=Utilisateurs et 
Groupes,ou=REGION,dc=intra,dc=societe,dc=fr</baseDn>

                         <pivotAttributes>
<string>sAMAccountName</string>
                         </pivotAttributes>

                         <fetchedAttributes>
<string>sAMAccountName</string>
<string>userPrincipalName</string>
                               <string>cn</string>
                               <string>givenName</string>
                               <string>sn</string>
<string>displayName</string>
<string>employeeID</string>
<string>primaryGroupID</string>
<string>sAMAccountType</string>
<string>objectGUID</string>
<string>objectSid</string>
<string>description</string>
<string>department</string>
                               <string>mail</string>
<string>company</string>
<string>physicalDeliveryOffice</string>
<string>telephoneNumber</string>
                         </fetchedAttributes>

<!--
<getAllFilter>(&amp;(objectClass=User)(objectCategory=Person))</getAllFilter>


-->
<getAllFilter>(&amp;(objectClass=User)(objectCategory=Person)(|(sAMAccountName=sophiek)))</getAllFilter>
<getOneFilter>(&amp;(objectClass=User)(objectCategory=Person)(sAMAccountName={sAMAccountName}))</getOneFilter> 

                 </ldapSourceService>

                 <ldapDestinationService>
                     <name>LDAP-DST-USERS-LABO</name>
                         <connection reference="dest-openldap" />
<baseDn>ou=LABO,ou=SERVICE,ou=SOCIETE,ou=People,dc=nix,dc=intra,dc=societe,dc=fr</baseDn>

                         <pivotAttributes>
                                 <string>uid</string>
</pivotAttributes>
                         <fetchedAttributes>
                                 <string>dn</string>
<string>sn</string>
                                 <string>uid</string>
<string>givenName</string>
<string>ObjectClass</string>
<string>uidNumber</string>
<string>gidNumber</string>
<string>employeenumber</string>
<string>loginshell</string>
                                 <string>host</string>
                                 <string>mail</string>
<string>description</string>
                                 <string>gecos</string>
                                 <string>o</string>
<string>physicaldeliveryofficename</string>
<string>telephonenumber</string>
<string>homeDirectory</string>
<string>userPassword</string>
<string>departmentnumber</string>
<string>shadowexpire</string>
<string>shadowflag</string>
<string>shadowinactive</string>
<string>shadowlastchange</string>
<string>shadowmin</string>
<string>shadowwarning</string>
                         </fetchedAttributes>
<getAllFilter>(&amp;(uid=*)(objectClass=inetOrgPerson))</getAllFilter>
<getOneFilter>(&amp;(objectClass=inetOrgPerson)(uid={uid}))</getOneFilter>
                 </ldapDestinationService>

                 <propertiesBasedSyncOptions>

                 <!-- choose UID as DN in OpenLDAP -->
                 <mainIdentifier>"cn=" + 
srcBean.getDatasetFirstValueById("givenName").toUpperCase().trim() + " " 
+ srcBean.getDatasetFirstValueById("sn").toUpperCase().trim() + 
",ou=LABO,ou=SERVICE,ou=SOCIETE,ou=People,dc=nix,dc=intra,dc=societe,dc=fr"</mainIdentifier>

                 <defaultDelimiter>;</defaultDelimiter>
                 <defaultPolicy>FORCE</defaultPolicy>

                         <!-- ObjectClass -->
                         <dataset>
                                 <name>objectClass</name>
                                 <policy>FORCE</policy>
                                 <forceValues>
<string>"top"</string>
<string>"inetOrgPerson"</string>
<string>"posixAccount"</string>
<string>"shadowAccount"</string>
<string>"emiAccount"</string>
<string>"ibm-auxAccount"</string>
                                 </forceValues>
                         </dataset>

                         <!-- sAMAccountName == UID -->
                         <dataset>
                                 <name>uid</name>
                                 <policy>FORCE</policy>
                                 <createValues>
<string>srcBean.getDatasetFirstValueById("sAMAccountName").toLowerCase().trim()</string>
                                 </createValues>
                         </dataset>

                         <!-- count up the uidNumber for every user 
created, for this we have a cn with serialNumber attribute for count up 
in the LDAP -->
                         <dataset>
                                 <name>uidNumber</name>
                                 <policy>KEEP</policy>
                                 <createValues>
<string>SequencesFactory.getInstance(ldap.getJndiServices()).getNextValue("cn=uidNumberSequenceUnix,ou=LSC,dc=nix,dc=intra,dc=societe,dc=fr","serialNumber")</string>
                                 </createValues>
                         </dataset>

                         <dataset>
                                 <name>gidnumber</name>
                                 <policy>FORCE</policy>
                                 <createValues>
                                     <string>
                                     <![CDATA[js:
                                      var gidNumber ;
                                      var company = 
srcBean.getDatasetFirstValueById("company").toUpperCase().trim();
                                      if ( company == "SOCIETE" ) {
                                             gidNumber = "8888";
                                     } else {
                                             gidNumber = "5555";
                                     }
gidNumber
                                     ]]>
                                     </string>
                                 </createValues>
                         </dataset>

                         <!-- set users home -->
                         <dataset>
                             <name>homeDirectory</name>
                                 <policy>FORCE</policy>
                                 <createValues>
                                     <string>"/home/" + 
srcBean.getDatasetFirstValueById("sAMAccountName").toLowerCase().trim()</string>
                                 </createValues>
                         </dataset>

                         <dataset>
                             <name>givenName</name>
                             <policy>FORCE</policy>
                             <createValues>
<string>srcBean.getDatasetFirstValueById("givenName")</string>
                             </createValues>
                         </dataset>

                         <dataset>
                              <name>sn</name>
                              <policy>FORCE</policy>
                              <createValues>
<string>srcBean.getDatasetFirstValueById("sn")</string>
                             </createValues>
                         </dataset>

                         <dataset>
                                 <name>description</name>
                                 <policy>FORCE</policy>
                                 <createValues>
<string>srcBean.getDatasetFirstValueById("description")</string>
                                 </createValues>
                         </dataset>

                         <dataset>
<name>departmentnumber</name>
                                 <policy>FORCE</policy>
                                 <createValues>
<string>srcBean.getDatasetFirstValueById("department")</string>
                                 </createValues>
                         </dataset>

                         <dataset>
<name>employeenumber</name>
                                 <policy>FORCE</policy>
                                 <createValues>
<string>srcBean.getDatasetFirstValueById("employeeID")</string>
                                 </createValues>
                         </dataset>

                         <dataset>
                                 <name>gecos</name>
                                 <policy>FORCE</policy>
                                 <createValues>
<string>srcBean.getDatasetFirstValueById("displayName")</string>
                                 </createValues>
                         </dataset>

                         <dataset>
                                 <name>loginshell</name>
                                 <policy>FORCE</policy>
                                 <createValues>
<string>"/bin/bash"</string>
                                 </createValues>
                         </dataset>

                         <dataset>
                                 <name>mail</name>
                                 <policy>FORCE</policy>
                                 <createValues>
<string>srcBean.getDatasetFirstValueById("mail")</string>
                                 </createValues>
                         </dataset>

                         <dataset>
                                 <name>o</name>
                                 <policy>FORCE</policy>
                                 <createValues>
<string>srcBean.getDatasetFirstValueById("company")</string>
                                 </createValues>
                         </dataset>

                         <dataset>
<name>telephonenumber</name>
                                 <policy>FORCE</policy>
                                 <createValues>
<string>srcBean.getDatasetFirstValueById("telephoneNumber")</string>
                                 </createValues>
                         </dataset>

                         <dataset>
<name>physicaldeliveryofficename</name>
                                 <policy>FORCE</policy>
                                 <createValues>
<string>srcBean.getDatasetFirstValueById("physicalDeliveryOffice")</string>
                                 </createValues>
                         </dataset>

                         <dataset>
                                 <name>host</name>
                                 <policy>FORCE</policy>
                                 <createValues>
<string>"mezel.intra.societe.fr"</string>
                                 </createValues>
                         </dataset>

                         <dataset>
<name>shadowexpire</name>
                                 <policy>FORCE</policy>
                                 <createValues>
<string>"-1"</string>
                                 </createValues>
                         </dataset>

                         <dataset>
                                 <name>shadowflag</name>
                                 <policy>FORCE</policy>
                                 <createValues>
<string>"10000"</string>
                                 </createValues>
                         </dataset>

                         <dataset>
<name>shadowinactive</name>
                                 <policy>FORCE</policy>
                                 <createValues>
<string>"-1"</string>
                                 </createValues>
                         </dataset>

                         <dataset>
<name>shadowlastchange</name>
                                 <policy>FORCE</policy>
                                 <createValues>
<string>"10000"</string>
                                 </createValues>
                         </dataset>

                         <dataset>
                                 <name>shadowmin</name>
                                 <policy>FORCE</policy>
                                 <createValues>
                                     <string>"0"</string>
                                 </createValues>
                         </dataset>

                         <dataset>
<name>shadowwarning</name>
                                 <policy>FORCE</policy>
                                 <createValues>
                                     <string>"7"</string>
                                 </createValues>
                         </dataset>

                        <!-- create userPassword as SASL auth -->
                     <dataset>
                             <name>userPassword</name>
                             <policy>FORCE</policy>
                             <createValues>
                                 <string>"{SASL}" + 
srcBean.getDatasetFirstValueById("userPrincipalName").toLowerCase().trim()</string>
                             </createValues>
                     </dataset>
                 </propertiesBasedSyncOptions>

     </task>

   </tasks>





------------ ERROR ---------------


oct. 15 14:19:26 - ERROR - Error while adding entry 
********************************************************************************** 
in directory :javax.naming.NameAlreadyBoundException: [LDAP: error code 
68 - Entry Already Exists]; remaining name 'cn=***************************''
oct. 15 14:19:26 - ERROR - Error while synchronizing ID 
********************************************************************************** 
: java.lang.Exception: Technical problem while applying modifications to 
the destination












More information about the lsc-users mailing list