Hi,
I set up the following lsc.xml guided by various examples with good
progress but now I'm having trouble in adding new users to AD. Updating
existing users work correctly.
Error:
Oct 15 18:33:58 - ERROR - Error while adding entry CN=xx
xx,OU=UsersTEST,OU=xxxx,DC=zzzz,DC=local in directory
:javax.naming.directory.SchemaViolationException: [LDAP: error code 65 -
0000207B: UpdErr: DSID-030511CF, problem 6002 (OBJ_CLASS_VIOLATION), data 0
]; remaining name 'CN=xx xx,OU=UsersTEST,OU=xxxx'
Oct 15 18:33:58 - ERROR - Error while synchronizing ID
CN=xxxx,OU=UsersTEST,OU=xxxx,DC=zzzz,DC=local: java.lang.Exception:
Technical problem while applying modifications to the destination
dn: CN=xx xx,OU=UsersTEST,OU=xxxx,DC=zzzz,DC=local
changetype: add
mail: [email protected]
samAccountName: nxxxxx
sn: xx
cn: xx xx
description: XXXXXX ([email protected])
userPassword: C#ang3th1s
givenName: xx
lsc.xml
<?xml version="1.0" ?>
<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; revision="0">
<connections>
<ldapConnection>
<name>ldap-src-conn</name>
<url>ldap://localhost:389/dc=dddd,dc=mmmm</url>
<username>uid=supersys,ou=People,dc=mmmm</username>
<password>qweqwe</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>-1</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
</ldapConnection>
<ldapConnection>
<name>ldap-dst-conn</name>
<url>ldap:/123.123.123.123:389/dc=zzzz,dc=local</url>
<username>CN=binduser,DC=zzzz,DC=local</username>
<password>bindpasswd</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>1000</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
</ldapConnection>
</connections>
<audits>
<csvAudit>
<name>csv</name>
<append>true</append>
<operations>create, delete</operations>
<file>/tmp/audit.csv</file>
<datasets>cn, dn</datasets>
<separator>;</separator>
</csvAudit>
<ldifAudit>
<name>ldif</name>
<append>false</append>
<file>/tmp/audit.ldif</file>
</ldifAudit>
</audits>
<tasks>
<task>
<name>People</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>openldap-source-service</name>
<connection reference="ldap-src-conn" />
<baseDn>ou=People,dc=dddd,dc=mmmm</baseDn>
<pivotAttributes>
<string>uid</string>
</pivotAttributes>
<fetchedAttributes>
<string>description</string>
<string>cn</string>
<string>sn</string>
<string>givenName</string>
<string>userPassword</string>
<!-- <string>objectClass</string> -->
<string>uid</string>
<string>mail</string>
</fetchedAttributes>
<getAllFilter>(objectClass=inetorgperson)</getAllFilter>
<getOneFilter>(&(objectClass=inetorgperson)
(uid={uid}))</getOneFilter>
<cleanFilter>(&(objectClass=inetorgperson)
(uid={samAccountName}))</cleanFilter>
</ldapSourceService>
<ldapDestinationService>
<name>ad-dst-service</name>
<connection reference="ldap-dst-conn" />
<baseDn>ou=UsersTEST,ou=xxxx</baseDn>
<pivotAttributes>
<string>samAccountName</string>
</pivotAttributes>
<fetchedAttributes>
<string>description</string>
<string>cn</string>
<string>sn</string>
<string>givenName</string>
<string>userPassword</string>
<!-- <string>objectClass</string> -->
<string>samAccountName</string>
<string>mail</string>
</fetchedAttributes>
<getAllFilter>(objectClass=user)</getAllFilter>
<getOneFilter>(&(objectClass=user)(samAccountName={uid}))</getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>"CN=" + srcBean.getDatasetFirstValueById("cn") +
",OU=UsersTEST,OU=xxxx,DC=zzzz,DC=local"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<dataset>
<name>description</name>
<policy>FORCE</policy>
<forceValues>
<string>js:srcBean.getDatasetFirstValueById("sn").toUpperCase() +
" (" + srcBean.getDatasetFirstValueById("mail") +
")"</string>
</forceValues>
</dataset>
<dataset>
<name>samAccountName</name>
<policy>KEEP</policy>
<createValues>
<string>js:srcBean.getDatasetFirstValueById("uid")</string>
</createValues>
</dataset>
<!--
<dataset>
<name>objectClass</name>
<policy>KEEP</policy>
<createValues>
<string>"user"</string>
</createValues>
</dataset>
-->
<dataset>
<name>userPassword</name>
<policy>KEEP</policy>
<createValues>
<string>"C#ang3th1s"</string>
</createValues>
</dataset>
</propertiesBasedSyncOptions>
</task>
</tasks>
</lsc>
I haven't implemented any security keys between the servers thinking it
wouldn't be required for this.
The attributes as shown in the output is sufficient info to create an
account manually.
Is there something incorrectly configured of am I missing additional
steps? Thanks in advance.
--
Regards,
*GEORGE DOBSON *
SENIOR SYSTEMS ADMINISTRATOR
*THE ICONIC*| *M*+61 401 561 394 | *E*[email protected] |
*W*www.theiconic.com.au <http://www.theiconic.com.au/>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
