Hi peoples: My English isn't the best i hope you can understand my question. I'm trying to synchronize my OpenLDAP directory service with an AD. When i execute the command lsc -f etc -s all -c all it return the following error:
Jun 10 02:29:43 - ERROR - Error while adding entry cn=lola,ou=Personas in directory :javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A0FBC, problem 5003 (WILL_NOT_PERFORM), data 0 ]; Remaining name: 'cn=lola,ou=Personas' Jun 10 02:29:43 - ERROR - Error while synchronizing ID cn=lola,ou=Personas: java.lang.Exception: Technical problem while applying modifications to directory dn: cn=lola,ou=Personas,dc=dst,dc=local My configuration is as follow: ############################################################################################ dst.java.naming.provider.url = ldaps://active-directoy/dc=dst,dc=local dst.java.naming.security.authentication = simple dst.java.naming.security.principal = cn=Administrator,cn=Users,dc=dst,dc=local dst.java.naming.security.credentials = XXXXXX dst.java.naming.referral = ignore dst.java.naming.ldap.derefAliases = never dst.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory dst.java.naming.ldap.version = 3 ############################################################################################ src.java.naming.provider.url = ldap://openldap/dc=lab,dc=local src.java.naming.security.authentication = simple src.java.naming.security.principal = cn=admin,dc=lab,dc=local src.java.naming.security.credentials = XXXXXX src.java.naming.referral = ignore src.java.naming.ldap.derefAliases = never src.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory src.java.naming.ldap.version = 3 ############################################################################################ lsc.tasks = user ############################################################################################ lsc.tasks.user.srcService = org.lsc.jndi.SimpleJndiSrcService lsc.tasks.user.srcService.baseDn = ou=Personas lsc.tasks.user.srcService.filterAll = (&(uid=*)(objectClass=inetOrgPerson)) lsc.tasks.user.srcService.pivotAttrs = uid lsc.tasks.user.srcService.filterId = (&(objectClass=inetOrgPerson)(uid={uid})) lsc.tasks.user.srcService.attrs = givenName cn sn uid lsc.tasks.user.dstService = org.lsc.jndi.SimpleJndiDstService lsc.tasks.user.dstService.baseDn = ou=Personas lsc.tasks.user.dstService.filterAll = (&(sAMAccountName=*)(objectClass=user)(!(sAMAccountName=Administrator))(!(sAMAccountName=Guest))(!(sAMAccountName=krbtgt))) lsc.tasks.user.dstService.pivotAttrs = uid lsc.tasks.user.dstService.filterId = (&(objectClass=user)(sAMAccountName={uid})) lsc.tasks.user.dstService.attrs = cn sn objectClass sAMAccountName displayName userPrincipalName mail userAccountControl givenName uid pwdLastset unicodePwd lsc.tasks.user.bean = org.lsc.beans.SimpleBean lsc.tasks.user.dn = "cn=" + srcBean.getAttributeValueById("cn") + ",ou=Personas" lsc.syncoptions.user = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions lsc.syncoptions.user.default.action = F lsc.syncoptions.user.objectClass.action = F lsc.syncoptions.user.objectClass.force_value = "top";"user";"person";"organizationalPerson" lsc.syncoptions.user.sAMAccountName.create_value = srcBean.getAttributeValueById("uid") lsc.syncoptions.user.userPrincipalName.force_value = srcBean.getAttributeValueById("uid") + "@dst.local" lsc.syncoptions.user.userAccountControl.create_value = AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT]) lsc.syncoptions.user.pwdLastset.create_value = "0" lsc.syncoptions.user.unicodePwd.create_value = AD.getUnicodePwd("changeit") Some body can tell me whats wrong in lsc.properties. I change the acl in my active directory to permit full control to cn=Administrator,cn=Users,dc=dst,dc=localuser in all the DIT and i have already importedthe certificate from my AD to JRE withkeytool.
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
