Ok, with your wonderful help I am finally through all the syntax
errors..... Now its time to actually get it to sync something.
When I run it, I get:
Aug 15 16:25:45 - ERROR - Error while looking for
(&(objectClass=posixAccount)(uid=USERNAME)) in
ou=People,dc=asdf,dc=matrix: javax.naming.CommunicationException: Broken
pipe [Root exception is java.net.SocketException: Broken pipe];
remaining name 'ou=asdf,dc=iconic'
What does that errore mean?
Thanks
On 15/08/12 14:59, dunkan wrote:
With this parser order matters, reorder your elements to match the
order in the doc and it should work out ok.
On Tue, Aug 14, 2012 at 9:38 PM, Jurgen Weber
<[email protected] <mailto:[email protected]>>
wrote:
ok, thanks... I am now stuck at:
Aug 15 13:44:15 - ERROR -
org.lsc.exception.LscConfigurationException:
javax.xml.bind.UnmarshalException
- with linked exception:
[org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid
content was found starting with element 'pivotAttributes'. One of
'{"http://lsc-project.org/XSD/lsc-core-2.0.xsd";
<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:cleanFilter,
"http://lsc-project.org/XSD/lsc-core-2.0.xsd";
<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:filterAsync,
"http://lsc-project.org/XSD/lsc-core-2.0.xsd";
<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:dateFormat,
"http://lsc-project.org/XSD/lsc-core-2.0.xsd";
<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:interval}' is
expected.]
org.lsc.exception.LscConfigurationException:
javax.xml.bind.UnmarshalException
- with linked exception:
[org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid
content was found starting with element 'pivotAttributes'. One of
'{"http://lsc-project.org/XSD/lsc-core-2.0.xsd";
<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:cleanFilter,
"http://lsc-project.org/XSD/lsc-core-2.0.xsd";
<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:filterAsync,
"http://lsc-project.org/XSD/lsc-core-2.0.xsd";
<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:dateFormat,
"http://lsc-project.org/XSD/lsc-core-2.0.xsd";
<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:interval}' is expected.]
with the config file:
<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd";
<http://lsc-project.org/XSD/lsc-core-2.0.xsd> revision="0">
<connections>
<ldapConnection>
<name>AD</name>
<url>ldap://ad.nav.matrix:389/dc=asdfasdf,dc=local</url>
<username>CN=Administrator,CN=Users,DC=asdfasdf,DC=local</username>
<password>asdf</password>
<authentication>SIMPLE</authentication>
<pageSize>1000</pageSize>
</ldapConnection>
<ldapConnection>
<name>openldap</name>
<url>ldap://asdf.asdf.asdf:389/dc=matrix</url>
<username>cn=asdf,dc=matrix</username>
<password>asdf</password>
<authentication>SIMPLE</authentication>
</ldapConnection>
</connections>
<tasks>
<task>
<name>adUser</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>openldap-src-service</name>
<connection reference="openldap" />
<baseDn>ou=People</baseDn>
<getAllFilter>(objectClass=posixAccount)</getAllFilter>
<getOneFilter>(&(objectClass=posixAccount)(uid={uid}))</getOneFilter>
<cleanFilter>(&(objectClass=posixAccount)(uid=*))</cleanFilter>
<filterAsync>modifytimestamp>={0}</filterAsync>
<dateFormat>yyyyMMddHHmmss</dateFormat>
<interval>5</interval>
<pivotAttributes><string>uid</string></pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>ns</string>
<string>objectclass</string>
<string>uid</string>
<string>mail</string>
<string>userPassword</string>
<string>sambaNTPassword</string>
</fetchedAttributes>
</ldapSourceService>
<ldapDestinationService>
<name>ad-dst-service</name>
<connection reference="AD" />
<baseDn>CN=Users</baseDn>
<getAllFilter>(&(sAMAccountName=*)(objectClass=user))</getAllFilter>
<getOneFilter>(&(objectClass=user)(sAMAccountName={uid}))</getOneFilter>
<pivotAttributes><string>sAMAccountName</string></pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>ns</string>
<string>objectclass</string>
<string>uid</string>
<string>mail</string>
<string>userPassword</string>
<string>sambaNTPassword</string>
</fetchedAttributes>
</ldapDestinationService>
</task>
</tasks>
<audits>
<audit>
<csv>
<filename>/tmp/audit.csv</filename>
<append>true</append>
<operations>create, delete</operations>
<attrs>cn;dn;uid</attrs>
<separator>,</separator>
<outputHeader>true</outputHeader>
</csv>
</audit>
<audit>
<ldif>
<filename>/tmp/audit.csv</filename>
<append>true</append>
<operations>create, delete</operations>
<logOnlyLdif>true</LogOnlyLdif>
</ldif>
</audit>
</audits>
<security>
<encryption>
<keyfile>$LSC_HOME/etc/lsc.key</keyfile>
<algorithm>AES</algorithm>
<strength>128</strength>
</encryption>
</security>
</lsc>
any ideas?
Thanks
On 15/08/12 13:09, dunkan wrote:
Yea I think most of the tutorials are outdated, look at
http://lsc-project.org/wiki/documentation/2.0/configuration/service/sourceldap
to
see the syntax.
Here is an example that I was using, some of it is optional.
<tasks>
<task>
<name>adUser</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>ad-src-service</name>
<connection reference="AD" />
<baseDn>cn=Users,dc=itlab,dc=example,dc=com</baseDn>
<pivotAttributes><string>sAMAccountName</string></pivotAttributes>
<fetchedAttributes>
<string>title</string>
<string>cn</string>
<string>uid</string>
<string>uidNumber</string>
<string>gidNumber</string>
<string>sAMAccountName</string>
<string>loginShell</string>
<string>homeDirectory</string>
<string>unixuserpassword</string>
</fetchedAttributes>
<getAllFilter>(& (objectClass=user)
(sAMAccountName=*) (uidNumber=*))</getAllFilter>
<getOneFilter>(& (objectClass=user)
(uidNumber=*)(sAMAccountName={sAMAccountName}) )</getOneFilter>
<cleanFilter>(& (objectClass=user) (sAMAccountName=*)
(uidNumber=*))</cleanFilter>
</ldapSourceService>
-Joel
On Tue, Aug 14, 2012 at 7:57 PM, Jurgen Weber
<[email protected]
<mailto:[email protected]>> wrote:
Yeah, thanks. That has gotten me further. ;) So simple.
Now I have a
Aug 15 12:40:08 - ERROR -
org.lsc.exception.LscConfigurationException:
javax.xml.bind.UnmarshalException
- with linked exception:
[org.xml.sax.SAXParseException: cvc-complex-type.2.4.a:
Invalid content was found starting with element 'source'. One
of '{"http://lsc-project.org/XSD/lsc-core-2.0.xsd";
<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:bean}' is
expected.]
org.lsc.exception.LscConfigurationException:
javax.xml.bind.UnmarshalException
- with linked exception:
[org.xml.sax.SAXParseException: cvc-complex-type.2.4.a:
Invalid content was found starting with element 'source'. One
of '{"http://lsc-project.org/XSD/lsc-core-2.0.xsd";
<http://lsc-project.org/XSD/lsc-core-2.0.xsd>:bean}' is
expected.]
at
org.lsc.configuration.JaxbXmlConfigurationHelper.getConfiguration(JaxbXmlConfigurationHelper.java:172)
~[lsc-core-2.0.jar:na]
the problem seems to be this bit:
<task>
<name>adUser</name>
<source class="ldapSrcService">
<name>ad-src-service</name>
<baseDn>cn=Users</baseDn>
I pulled this from:
http://lsc-project.org/wiki/documentation/2.0/tutorials/openldaptoactivedirectory
So it looks like the tutorial is no longer valid? Is this
from 1.? or something and 2.0 has different syntax?
Jurgen
On 15/08/12 12:49, dunkan wrote:
Hi Jurgen,
Add the xmlns to your lsc element, something like this:
<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd";
id="1" revision="0">
-Joel
On Tue, Aug 14, 2012 at 5:04 PM, Jurgen Weber
<[email protected]
<mailto:[email protected]>> wrote:
Hi
I am trying to sync from openldap to AD and I can not
get the xml to work.... All I get is the following
exception:
[org.xml.sax.SAXParseException: cvc-elt.1: Cannot find
the declaration of element 'lsc'.]
and yes, I have the element defined. Using version 2.0.
Config file:
<lsc>
<connections>
<ldapConnection>
<id>AD</id>
<authentication>simple</authentication>
<url>ldap://asdfasdf:389/dc=asdf,dc=local</url>
<username>CN=Administrator,CN=Users,DC=asdf,DC=local</username>
<password>asdf</password>
<pageSize>1000</pageSize>
</ldapConnection>
<ldapConnection>
<id>openldap</id>
<authentication>SIMPLE</authentication>
<url>ldap://asdf:389/dc=matrix</url>
<username>cn=admin,dc=matrix</username>
<password>asdf</password>
</ldapConnection>
</connections>
<tasks>
<task>
<name>adUser</name>
<source class="ldapSrcService">
<name>ad-src-service</name>
<baseDn>cn=Users</baseDn>
<getAllFilter>(&(sAMAccountName=*)(objectClass=user))</getAllFilter>
<getOneFilter>(&(objectClass=inetOrgPerson)(uid={uid}))</getOneFilter>
<pivotAttributes><string>sAMAccountName</string></pivotAttributes>
</source>
<destination class="ldapDstService">
<name>openldap-dst-service</name>
<baseDn>ou=People</baseDn>
<getAllFilter>(&(uid=*)(objectClass=posixAccount))</getAllFilter>
<getOneFilter>(&(objectClass=user)(sAMAccountName={uid}))</getOneFilter>
<pivotAttributes><string>uid</string></pivotAttributes>
</destination>
<propertiesBasedSyncOptions>
<mainIdentifier>"cn=" +
srcBean.getDatasetFirstValueById("cn") +
",ou=users"</mainIdentifier>
<defaultPolicy>FORCE</defaultPolicy>
<defaultDelimiter>;</defaultDelimiter>
<dataset>
<name>objectClass</name>
<policy>FORCE</policy>
<forceValues>
<string>"top";"user";"person";"organizationalPerson"</string>
</forceValues>
</dataset>
<dataset>
<name>sAMAccountName</name>
<policy>KEEP</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("uid")</string>
</createValues>
</dataset>
<dataset>
<!-- userPrincipalName = uid + "@lsc-project.org
<http://lsc-project.org>" -->
<name>userPrincipalName</name>
<policy>FORCE</policy>
<forceValues>
<string>srcBean.getDatasetFirstValueById("uid") +
"@asdf.local"</string>
</forceValues>
</dataset>
<dataset>
<name>userAccountControl</name>
<policy>KEEP</policy>
<createValues>
<string>AD.userAccountControlSet( "0",
[AD.UAC_SET_NORMAL_ACCOUNT])</string>
</createValues>
</dataset>
<dataset>
<!-- pwdLastSet = 0 to force user to change
password on next connection -->
<name>pwdLastSet</name>
<policy>KEEP</policy>
<createValues>
<string>"1"</string>
</createValues>
</dataset>
<dataset>
<!-- unicodePwd = "changeit" at creation (requires
SSL connection to AD) -->
<name>unicodePwd</name>
<policy>KEEP</policy>
<createValues>
<string>AD.getUnicodePwd("changeit")</string>
</createValues>
</dataset>
</>
</task>
</tasks>
</lsc>
So what is wrong with this?
Thanks
--
Jurgen Weber
Systems Engineer
IT Infrastructure Team Leader
THE ICONIC | E [email protected]
<mailto:[email protected]> |
www.theiconic.com.au <http://www.theiconic.com.au>
_______________________________________________________________
Ldap Synchronization Connector (LSC) -
http://lsc-project.org
lsc-users mailing list
[email protected]
<mailto:[email protected]>
http://lists.lsc-project.org/listinfo/lsc-users
--
Jurgen Weber
Systems Engineer
IT Infrastructure Team Leader
THE ICONIC | [email protected]
<mailto:[email protected]> |www.theiconic.com.au
<http://www.theiconic.com.au>
--
Jurgen Weber
Systems Engineer
IT Infrastructure Team Leader
THE ICONIC | [email protected]
<mailto:[email protected]> |www.theiconic.com.au
<http://www.theiconic.com.au>
--
Jurgen Weber
Systems Engineer
IT Infrastructure Team Leader
THE ICONIC | E [email protected] | www.theiconic.com.au
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
