[lsc-users] logOperations on logback.xml is not working

ℜ Christian Iuga roumano at gmail.com
Thu Nov 10 17:57:11 CET 2016


Hi Clement,

Thanks for the information

I think i have found a bug with a custom configuration :

I want to create several csv file, one per logOperations ( i have follow
the documentation here :
http://lsc-project.org/wiki/documentation/2.0/configuration/logging )

so i have create 3 appender where i only change the name, file_destination
& the logOperations :


<appender name="*CSV_Create*" class="ch.qos.logback.core.FileAppender">
        <File>/admin/lsc/logs/*create.csv*</File>
        <Append>true</Append>
        <layout class="org.lsc.utils.output.CsvLayout">
                <logOperations>*create*</logOperations>

<attrs>dn;uid;sn;givenName;description;cn;mail;sshPublicKey;userPassword;customer;host;uidNumber;userAccountControl;;SudoHost;SudoOrder;SudoRunAs;SudoRunAsUser;sudoUser</attrs>
                <separator>;</separator>
                <outputHeader>true</outputHeader>
        </layout>
</appender>
<appender name="*CSV_Modify*" class="ch.qos.logback.core.FileAppender">
        <File>/admin/lsc/logs/*mod.csv*</File>
        <Append>true</Append>
        <layout class="org.lsc.utils.output.CsvLayout">
                <logOperations>*update,modrdn*</logOperations>

<attrs>dn;uid;sn;givenName;description;cn;mail;sshPublicKey;userPassword;customer;host;uidNumber;userAccountControl;;SudoHost;SudoOrder;SudoRunAs;SudoRunAsUser;sudoUser</attrs>
                <separator>;</separator>
                <outputHeader>true</outputHeader>
        </layout>
</appender>
<appender name="*CSV_Delete*" class="ch.qos.logback.core.FileAppender">
        <File>/admin/lsc/logs/*delete.csv*</File>
        <Append>true</Append>
        <layout class="org.lsc.utils.output.CsvLayout">
                <logOperations>*delete*</logOperations>

<attrs>dn;uid;sn;givenName;description;cn;mail;sshPublicKey;userPassword;customer;host;uidNumber;userAccountControl;;SudoHost;SudoOrder;SudoRunAs;SudoRunAsUser;sudoUser</attrs>
                <separator>;</separator>
                <outputHeader>true</outputHeader>
        </layout>
</appender>

and use it on the logger service :

        <logger name="org.lsc" level="INFO">
                <appender-ref ref="CSV_Create"/>
                <appender-ref ref="CSV_Modify"/>
                <appender-ref ref="CSV_Delete"/>
                <appender-ref ref="LSC"/>
                <appender-ref ref="LSC_STATUS"/>
        </logger>

When i lunch lsc ( lsc  -f /admin/lsc/etc_test  -t 1 -s People_To_XXXX )

i can see the change on the console log :

nov. 10 17:48:09 - ERROR - Error while modifying entry uid=cia,ou=XXXXX in
directory :javax.naming.NoPermissionException: [LDAP: error code 50 -
Insufficient Access Rights]; remaining name 'uid=cia,ou=XXXXX'
nov. 10 17:48:09 - ERROR - Error while synchronizing ID uid=cia,ou=XXXXX:
java.lang.Exception: Technical problem while applying modifications to the
destination
# Thu Nov 10 17:48:09 CET 2016
dn: uid=cia,ou=XXXXXX
changetype: modify
replace: description
description: Account of IUGA Christian
-

nov. 10 17:48:19 - ERROR - All entries: 164, to modify entries: 1,
successfully modified entries: 0, errors: 1

( It's a "normal" error of synchronisation as i'm on a testing mode with a
ldap readonly user )

But all of my csv log files are append with this modification :

tail -f *.csv

==> create.csv <==
uid=cia,ou=XXXXXX;;;;Account of IUGA Christian;;;;;;;;;;;;;;

==> delete.csv <==
uid=cia,ou=XXXXX;;;;Account of IUGA Christian;;;;;;;;;;;;;;

==> mod.csv <==
uid=cia,ou=XXXXXX;;;;Account of IUGA Christian;;;;;;;;;;;;;;

Normaly, it's should only append the mod.csv, isn't it ?

Regards



2016-11-03 14:11 GMT+01:00 Clément OUDOT <clem.oudot at gmail.com>:
> 2016-11-03 11:47 GMT+01:00 ℜ Christian Iuga <roumano at gmail.com>:
>> Hi,
>>
>> In our infra, we use lsc as a service to synchronize automaticaly (
>> lsc -a all  or lsc -s all )
>>
>> We don't want to run the clean mode automatically to avoid issue.
>>
>> When we run the clean mode with --dryrun (or with --nodelete or withj
>> --no... ) , we can't see what will be the change in the destination :
>>
>> i can only see how many change will be done :
>> lsc -f /admin/lsc/etc  -t 1 --clean Sudoers_To_XXXX  --dryrun
>>
>> nov. 03 10:43:49 - INFO  - Starting clean for Sudoers_To_XXXX
>> nov. 03 10:43:50 - INFO  - All entries: 51, to modify entries: 13,
>> successfully modified entries: 0, errors: 0
>>
>> My workarround (but i dislike the solution) it's to change the
>> username of the ldap destination with a readonly account
>>
>> It show me exactly what i want (but with error ) :
>>
>> nov. 03 11:41:34 - ERROR - Error while deleting entry
>> ou=People_XXXX,dc=XXXX,dc=XXXX,dc=com in directory
>> :javax.naming.NoPermissionException: [LDAP: error code 50 - no write
>> access to parent]; remaining name 'ou=People_XXXX'
>> nov. 03 11:41:34 - ERROR - Error while synchronizing ID
>> ou=People_XXXX,dc=XXXX,dc=XXXX,dc=com: java.lang.Exception: Technical
>> problem while applying modifications to destination service
>> # Thu Nov 03 11:41:34 CET 2016
>> dn: ou=People_XXXX,dc=XXXX,dc=XXXXo,dc=com
>> changetype: delete
>>
>> nov. 03 11:41:34 - ERROR - All entries: 19, to modify entries: 1,
>> successfully modified entries: 0, errors: 1
>>
>> Another solution exist ? or it's a new feature request ?
>
> You need to use DEBUG in logback.xml to see what would be changed in
> dry run mode.
>
>
> Clément.
> _______________________________________________________________
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>
> lsc-users mailing list
> lsc-users at lists.lsc-project.org
> http://lists.lsc-project.org/listinfo/lsc-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lsc-project.org/pipermail/lsc-users/attachments/20161110/25954f3a/attachment.htm>


More information about the lsc-users mailing list