Hi there,
Going further in trying to populate a samba4-DC server from an openldap
server, I'm now facing issues with running sync (still in dry run)
I precise that i have been facing issues with TLS and suceeded in
importing samba's ca.pem in java keystore so that the sync can work with
LSC.
Source :
Now here is what I get:
janv. 31 15:46:45 - INFO - Reflections took 134 ms to scan 1 urls,
producing 56 keys and 117 values
janv. 31 15:46:45 - INFO - Logging configuration successfully loaded
from /etc/lsc/openldap2ad/logback.xml
janv. 31 15:46:45 - INFO - LSC configuration successfully loaded from
/etc/lsc/openldap2ad/
janv. 31 15:46:45 - INFO - Connecting to LDAP server
ldap://SAMBA4SERVER.domain.lan/CN=Users,DC=domain,DC=lan as
Administrator with STARTTLS extended operation
janv. 31 15:46:46 - INFO - Connecting to LDAP server
ldap://MYLDAPSERVER:389/ou=Users,dc=sourcedomain,dc=fr as
cn=admin,ou=Users,dc=sourcedomain,dc=fr
janv. 31 15:46:46 - INFO - Starting sync for LDAP2AD
janv. 31 15:46:46 - ERROR - Error while looking for
(&(objectClass=user)(sAMAccountName=somebody)) in
CN=Users,DC=domain,DC=lan: javax.naming.AuthenticationException: [LDAP:
error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db1]; remaining name ''
janv. 31 15:46:46 - ERROR - Error while synchronizing ID {uid=somebody}:
org.lsc.exception.LscServiceException:
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
v1db1]; remaining name ''
janv. 31 15:46:46 - ERROR - Error while looking for
(&(objectClass=user)(sAMAccountName=someonelse)) in
CN=Users,DC=domain,DC=lan: javax.naming.AuthenticationException: [LDAP:
error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db1]; remaining name ''
I find it paradoxal because I know 49 error is generally related to ldap
connection problems, but the info section semmes to tell that TLS
connection to destination is successfully established, as i had troubles
to succeed in this step las time. When I had a frank TLS error the task
"LDAP2AD" wasn't launched at all.
Here is an extract of the connectors I used:
<ldapConnection>
<name>ldap-source-conn</name>
<url>ldap://MYLDAPSERVER:389/ou=Users,dc=domain,dc=fr</url>
<username>cn=admin,ou=Users,dc=domain,dc=fr</username>
<password>password1</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>1000</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
</ldapConnection>
<ldapConnection>
<name>ldap-dst-conn</name>
<url>ldap://SAMBA4.domain.lan/CN=Users,DC=domain,DC=lan</url>
<username>Administrator</username>
<password>password2=</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>1000</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>true</tlsActivated>
</ldapConnection>
</connections>
As the error seems to come from destination server (samba4), I also
tried several syntaxes as :
- Administrator
- administra...@domain.lan
- CN=Administrator,CN=Users,DC=domain,DC=lan
Could you explain me what's going wrong and if my impression that TLS
problems were behind me is wrong or not?
Thanks for your Help !
Julien
Le 30/01/2018 à 15:15, Clément OUDOT a écrit :
Le 30/01/2018 à 14:44, Julien TEHERY a écrit :
Problem solved installing openjdk-8-jdk instead of oracle java 1.9.
Seems we have some issues with java 9, see also:
https://github.com/lsc-project/lsc/issues/33
For the moment it is indeed better to run LSC with java 8.
Clément.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
