Hello all, I'm looking to documentation on asyncLdapSourceService ( eg http://lsc-project.org/wiki/documentation/2.0/configuration/service/sourceasyncldap). It is written that LSC 2.0 is using change notification for an Active Directory (explanation found on http://msdn.microsoft.com/en-us/library/windows/desktop/aa772153%28v=vs.85%29.aspx).
I was trying to run that configuration on LSC 2.0 from an Active directory to an OpenLDAP with a : <getAllFilter><![CDATA[(&(objectClass=organizationalPerson)(objectClass=user)(sAMAccountName=*)(!(objectClass=computer)))]]></getAllFilter> But i have an error like this : ERROR - Error while synchronizing ID null: org.lsc.exception.LscServiceCommunicationException: 000020B9: SvcErr: DSID-0311044B, problem 5003 (WILL_NOT_PERFORM), data 0 I made a tcpdump capture and i see that extension used is 1.2.840.113556.1.4.528 and i have the same behavior with my OpenLDAP ldapsearch command : ldapsearch -x -LL -l 10 -H ldap://<Active Directory>/ -s sub -b'<Search base>' -D"<Bind dn>" -w secret -e '!1.2.840.113556.1.4.528' '(&(objectClass=organizationalPerson)(objectClass=user)(sAMAccountName=*)(!(objectClass=computer)))' I receive an unwilling to perform error code 53 : Server is unwilling to perform (53) Additional information: 000020B9: SvcErr: DSID-0311044B, problem 5003 (WILL_NOT_PERFORM), data 0 And i don't have this error if i use a filter '(objectClass=*)' and i see notification with my ldapsearch command and so on LSC can run correctly with that filter. Is there an information i miss when i read the asyncLdapSourceService documentation ? Or is there any specific configuration on AD to have the correct behavior with the right filter ? Thanks in advance for your responses, Regards, -- Frederic Poisson
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
