Discussion:
[lsc-users] LDAP: error code 53 - 00002077
Rohler, Brian L
2011-10-29 15:41:05 UTC
Permalink
I’ve made some progress on get LSC (1.2.1) to work between LDAP (linux debian) and AD (2008 R2).

I’m getting the following error now and can’t seem to get past it. It looks to be related to something within AD not allow me to add users. Any help would be greatly appreciated!!!

Brian

#############
Snippet from the lsc.log
#############
Oct 28 22:18:31 - ERROR - Error while adding entry CN=Tom Smith,CN=Users,DC=nees36,DC=local in directory :javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-031907E9, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'CN=Tom Smith,CN=Users'
Oct 28 22:18:31 - ERROR - Error while synchronizing ID CN=Tom Smith,CN=Users,DC=nees36,DC=local: java.lang.Exception: Technical problem while applying modifications to directory
dn: CN=Tom Smith,CN=Users,DC=nees36,DC=local
changetype: add
cn: Tom Smith
sAMAccountName: tsmith
objectClass: organizationalPerson



#############
lsc.properties
#############

#########################################################################################
# Tasks configuration
#########################################################################################
# Java class name for the service to read objects from the source
# List of defined tasks, seperated by commas
lsc.tasks = user

#########################
# User - Tasks
#########################
lsc.tasks.user.type = ldap2ldap
lsc.tasks.user.condition.create = true
lsc.tasks.user.condition.update = true
lsc.tasks.user.condition.delete = false
lsc.tasks.user.condition.modrdn = false

#########################################################################################
# SimpleJndiSrcService parameters (Linux LDAP)
# The parameters in this section only apply to the SimpleJndiSrcService
#########################################################################################
lsc.tasks.user.srcService = org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.user.srcService.filterAll = (&(uid=*) (objectClass=inetOrgPerson))
lsc.tasks.user.srcService.baseDn = ou=Users
lsc.tasks.user.srcService.attrs = cn uid
lsc.tasks.user.srcService.filterId = (&(objectClass=inetOrgPerson)(uid={uid}))
lsc.tasks.user.srcService.pivotAttrs = uid

#########################################################################################
# SimpleJndiDstService parameters (Windows Active Directory)
#########################################################################################
lsc.tasks.user.dstService = org.lsc.jndi.SimpleJndiDstService
lsc.tasks.user.dstService.filterAll = (&(sAMAccountName=*)(objectClass=user))
lsc.tasks.user.dstService.baseDn = cn=Users
lsc.tasks.user.dstService.attrs = cn sAMAccountName objectClass
lsc.tasks.user.dstService.filterId = (&(objectClass=user)(sAMAccountName={uid}))
lsc.tasks.user.dstService.pivotAttrs = uid

#########################################################################################
# Java class name for the LDAP objectClass to compare source and destination objects
# This should be the LDAP objectClass of entries in the destination directory
#########################################################################################
lsc.tasks.user.bean = org.lsc.beans.SimpleBean

#########################################################################################
# Construct a DN for new entries in the destination directory
# This is a JavaScript expression, and can access any utility functions and the srcBean.
# It should be relative to the LDAP context specified in dst.java.naming.provider.url
#########################################################################################
lsc.tasks.user.dn = "CN=" + srcBean.getAttributeValueById("cn") + ",CN=Users,DC=nees36,DC=local"
dn.real_root = DC=nees36,DC=local

#########################
# User - Syncoptions
#########################
lsc.syncoptions.user = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.user.objectClass.action = F
lsc.syncoptions.user.objectClass.force_value = "top";"user";"person";"organizationalPerson"
lsc.syncoptions.user.sAMAccountName.create_value = srcBean.getAttributeValueById("uid")
lsc.syncoptions.user.userPrincipalName.force_value = srcBean.getAttributeValueById("uid") + "@nees36.local"
#lsc.syncoptions.user.userAccountControl.create_value = AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT])
lsc.syncoptions.user.userAccountControl.create_value = AD.userAccountControlSet( "0", [AD.UAC_SET_PASSWD_NOTREQD, AD.UAC_SET_NORMAL_ACCOUNT])
lsc.syncoptions.user.pwdLastset.create_value = "0"
lsc.syncoptions.user.unicodePwd.create_value = AD.getUnicodePwd("secret")
lsc.syncoptions.user.default.action = F
lsc.syncoptions.user.default.delimiter = $
Clément OUDOT
2011-10-30 11:12:55 UTC
Permalink
I’ve made some progress on get LSC (1.2.1) to work between LDAP (linux
debian) and AD (2008 R2).
I’m getting the following error now and can’t seem to get past it. It looks
to be related to something within AD not allow me to add users. Any help
would be greatly appreciated!!!
Brian
#############
Snippet from the lsc.log
#############
Oct 28 22:18:31 - ERROR - Error while adding entry CN=Tom
Smith,CN=Users,DC=nees36,DC=local in directory
:javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
00002077: SvcErr: DSID-031907E9, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'CN=Tom Smith,CN=Users'
Oct 28 22:18:31 - ERROR - Error while synchronizing ID CN=Tom
Smith,CN=Users,DC=nees36,DC=local: java.lang.Exception: Technical problem
while applying modifications to directory
dn: CN=Tom Smith,CN=Users,DC=nees36,DC=local
changetype: add
cn: Tom Smith
sAMAccountName: tsmith
objectClass: organizationalPerson
#############
lsc.properties
#############
#########################################################################################
# Tasks configuration
#########################################################################################
# Java class name for the service to read objects from the source
# List of defined tasks, seperated by commas
lsc.tasks = user
#########################
# User - Tasks
#########################
lsc.tasks.user.type = ldap2ldap
lsc.tasks.user.condition.create = true
lsc.tasks.user.condition.update = true
lsc.tasks.user.condition.delete = false
lsc.tasks.user.condition.modrdn = false
#########################################################################################
# SimpleJndiSrcService parameters (Linux LDAP)
# The parameters in this section only apply to the SimpleJndiSrcService
#########################################################################################
lsc.tasks.user.srcService = org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.user.srcService.filterAll = (&(uid=*) (objectClass=inetOrgPerson))
lsc.tasks.user.srcService.baseDn = ou=Users
lsc.tasks.user.srcService.attrs = cn uid
lsc.tasks.user.srcService.filterId =
(&(objectClass=inetOrgPerson)(uid={uid}))
lsc.tasks.user.srcService.pivotAttrs = uid
#########################################################################################
# SimpleJndiDstService parameters (Windows Active Directory)
#########################################################################################
lsc.tasks.user.dstService = org.lsc.jndi.SimpleJndiDstService
lsc.tasks.user.dstService.filterAll =
(&(sAMAccountName=*)(objectClass=user))
lsc.tasks.user.dstService.baseDn = cn=Users
lsc.tasks.user.dstService.attrs = cn sAMAccountName objectClass
lsc.tasks.user.dstService.filterId =
(&(objectClass=user)(sAMAccountName={uid}))
lsc.tasks.user.dstService.pivotAttrs = uid
#########################################################################################
# Java class name for the LDAP objectClass to compare source and destination objects
# This should be the LDAP objectClass of entries in the destination directory
#########################################################################################
lsc.tasks.user.bean = org.lsc.beans.SimpleBean
#########################################################################################
# Construct a DN for new entries in the destination directory
# This is a JavaScript expression, and can access any utility functions and the srcBean.
# It should be relative to the LDAP context specified in
dst.java.naming.provider.url
#########################################################################################
lsc.tasks.user.dn = "CN=" + srcBean.getAttributeValueById("cn") +
",CN=Users,DC=nees36,DC=local"
dn.real_root = DC=nees36,DC=local
#########################
# User - Syncoptions
#########################
lsc.syncoptions.user = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.user.objectClass.action = F
lsc.syncoptions.user.objectClass.force_value =
"top";"user";"person";"organizationalPerson"
lsc.syncoptions.user.sAMAccountName.create_value =
srcBean.getAttributeValueById("uid")
lsc.syncoptions.user.userPrincipalName.force_value =
#lsc.syncoptions.user.userAccountControl.create_value =
AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT])
lsc.syncoptions.user.userAccountControl.create_value =
AD.userAccountControlSet( "0", [AD.UAC_SET_PASSWD_NOTREQD,
AD.UAC_SET_NORMAL_ACCOUNT])
lsc.syncoptions.user.pwdLastset.create_value = "0"
lsc.syncoptions.user.unicodePwd.create_value = AD.getUnicodePwd("secret")
lsc.syncoptions.user.default.action = F
lsc.syncoptions.user.default.delimiter = $
Hi,

it seems the entry you try to create is incomplete. First thing I see,
you set the delimiter to '$' :

lsc.syncoptions.user.default.delimiter = $

But you use ';' for objectClass :

lsc.syncoptions.user.objectClass.force_value =
"top";"user";"person";"organizationalPerson"

Remove the default delimiter option.


Clément.
Rohler, Brian L
2011-10-30 21:29:17 UTC
Permalink
Thanks for the tip but I did get entries going into AD now by making the following change:

Before
lsc.tasks.user.dstService.filterAll = (&(sAMAccountName=*)(&(objectClass=user))

After
lsc.tasks.user.dstService.filterAll = (&(sAMAccountName=*)(&(objectClass=user)(!(objectClass=computer))))


Now I do have a couple other questions.

1 - I'm trying to use the "uid" from my ldap (src) as the CN for the DN but then then the script fails.

uid from ldap = msmith
cn = Marc Smith

For example:
------------
Oct 30 17:15:05 - INFO - # Adding new entry CN=Marc Smith,CN=Users,DC=nees36,DC=local for user
dn: CN=Marc Smith,CN=Users,DC=nees36,DC=local
changetype: add
sn: Smith
cn: Marc smith
givenName: smith
sAMAccountName: smith
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top

Here's what I prefer the entry go in as:
----------------------------------------
Oct 30 17:15:05 - INFO - # Adding new entry CN=msmith,CN=Users,DC=nees36,DC=local for user
dn: CN=msmith,CN=Users,DC=nees36,DC=local
changetype: add
cn: Marc Smith
sAMAccountName: msmith
givenName: Marc
sn: Smith
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top

What does it take to get this format to come out correctly. It also has the "User must change password at next logon" set which I do not want set.

2 - I can't seem to get the userAccountControl value set. It is always 546
512 - normal_account
32 - password_notreqd
2 - accountdiabled
----------------------------
546

This is what I would like for it to be set to.
65536 - dont_expire_password
512 - normal_account
64 - passwd_cant_change
32 - password_notreqd
2 - accountdiabled
-----------------------------
66144

lsc.syncoptions.user.userAccountControl.create_value = AD.userAccountControlSet( "0", "66144")


-----Original Message-----
From: Clément OUDOT [mailto:***@gmail.com]
Sent: Sunday, October 30, 2011 7:13 AM
To: Rohler, Brian L
Cc: lsc-***@lists.lsc-project.org
Subject: Re: [lsc-users] LDAP: error code 53 - 00002077
I've made some progress on get LSC (1.2.1) to work between LDAP (linux
debian) and AD (2008 R2).
I'm getting the following error now and can't seem to get past it. It
looks to be related to something within AD not allow me to add users.
Any help would be greatly appreciated!!!
Brian
#############
Snippet from the lsc.log
#############
Oct 28 22:18:31 - ERROR - Error while adding entry CN=Tom
Smith,CN=Users,DC=nees36,DC=local in directory
:javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
00002077: SvcErr: DSID-031907E9, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'CN=Tom Smith,CN=Users'
Oct 28 22:18:31 - ERROR - Error while synchronizing ID CN=Tom
Smith,CN=Users,DC=nees36,DC=local: java.lang.Exception: Technical
problem while applying modifications to directory
dn: CN=Tom Smith,CN=Users,DC=nees36,DC=local
changetype: add
cn: Tom Smith
sAMAccountName: tsmith
objectClass: organizationalPerson
#############
lsc.properties
#############
######################################################################
###################
# Tasks configuration
######################################################################
###################
# Java class name for the service to read objects from the source
# List of defined tasks, seperated by commas
lsc.tasks = user
#########################
# User - Tasks
#########################
lsc.tasks.user.type = ldap2ldap
lsc.tasks.user.condition.create = true
lsc.tasks.user.condition.update = true
lsc.tasks.user.condition.delete = false
lsc.tasks.user.condition.modrdn = false
######################################################################
###################
# SimpleJndiSrcService parameters (Linux LDAP)
# The parameters in this section only apply to the
SimpleJndiSrcService
######################################################################
###################
lsc.tasks.user.srcService = org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.user.srcService.filterAll = (&(uid=*)
(objectClass=inetOrgPerson))
lsc.tasks.user.srcService.baseDn = ou=Users
lsc.tasks.user.srcService.attrs = cn uid
lsc.tasks.user.srcService.filterId =
(&(objectClass=inetOrgPerson)(uid={uid}))
lsc.tasks.user.srcService.pivotAttrs = uid
######################################################################
###################
# SimpleJndiDstService parameters (Windows Active Directory)
######################################################################
###################
lsc.tasks.user.dstService = org.lsc.jndi.SimpleJndiDstService
lsc.tasks.user.dstService.filterAll =
(&(sAMAccountName=*)(objectClass=user))
lsc.tasks.user.dstService.baseDn = cn=Users
lsc.tasks.user.dstService.attrs = cn sAMAccountName objectClass
lsc.tasks.user.dstService.filterId =
(&(objectClass=user)(sAMAccountName={uid}))
lsc.tasks.user.dstService.pivotAttrs = uid
######################################################################
###################
# Java class name for the LDAP objectClass to compare source and destination objects
# This should be the LDAP objectClass of entries in the destination directory
######################################################################
###################
lsc.tasks.user.bean = org.lsc.beans.SimpleBean
######################################################################
###################
# Construct a DN for new entries in the destination directory
# This is a JavaScript expression, and can access any utility
functions and the srcBean.
# It should be relative to the LDAP context specified in
dst.java.naming.provider.url
######################################################################
###################
lsc.tasks.user.dn = "CN=" + srcBean.getAttributeValueById("cn") +
",CN=Users,DC=nees36,DC=local"
dn.real_root = DC=nees36,DC=local
#########################
# User - Syncoptions
#########################
lsc.syncoptions.user =
org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.user.objectClass.action = F
lsc.syncoptions.user.objectClass.force_value =
"top";"user";"person";"organizationalPerson"
lsc.syncoptions.user.sAMAccountName.create_value =
srcBean.getAttributeValueById("uid")
lsc.syncoptions.user.userPrincipalName.force_value =
#lsc.syncoptions.user.userAccountControl.create_value =
AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT])
lsc.syncoptions.user.userAccountControl.create_value =
AD.userAccountControlSet( "0", [AD.UAC_SET_PASSWD_NOTREQD,
AD.UAC_SET_NORMAL_ACCOUNT])
lsc.syncoptions.user.pwdLastset.create_value = "0"
lsc.syncoptions.user.unicodePwd.create_value =
AD.getUnicodePwd("secret")
lsc.syncoptions.user.default.action = F
lsc.syncoptions.user.default.delimiter = $
Hi,

it seems the entry you try to create is incomplete. First thing I see, you set the delimiter to '$' :

lsc.syncoptions.user.default.delimiter = $

But you use ';' for objectClass :

lsc.syncoptions.user.objectClass.force_value = "top";"user";"person";"organizationalPerson"

Remove the default delimiter option.


Clément.
Clément OUDOT
2011-10-31 22:41:59 UTC
Permalink
Post by Rohler, Brian L
Before
lsc.tasks.user.dstService.filterAll = (&(sAMAccountName=*)(&(objectClass=user))
After
lsc.tasks.user.dstService.filterAll = (&(sAMAccountName=*)(&(objectClass=user)(!(objectClass=computer))))
Now I do have a couple other questions.
1 - I'm trying to use the "uid" from my ldap (src) as the CN for the DN  but then then the script fails.
uid from ldap = msmith
cn = Marc Smith
------------
Oct 30 17:15:05 - INFO  - # Adding new entry CN=Marc Smith,CN=Users,DC=nees36,DC=local for user
dn: CN=Marc Smith,CN=Users,DC=nees36,DC=local
changetype: add
sn: Smith
cn: Marc smith
givenName: smith
sAMAccountName: smith
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
----------------------------------------
Oct 30 17:15:05 - INFO  - # Adding new entry CN=msmith,CN=Users,DC=nees36,DC=local for user
dn: CN=msmith,CN=Users,DC=nees36,DC=local
changetype: add
cn: Marc Smith
sAMAccountName: msmith
givenName: Marc
sn: Smith
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
What does it take to get this format to come out correctly.
You have to set the dest cn value to the source uid value too (not
only for the DN).
Post by Rohler, Brian L
It also has the "User must change password at next logon" set which I do not want set.
2 - I can't seem to get the userAccountControl value set. It is always 546
     512 - normal_account
      32 - password_notreqd
       2 - accountdiabled
   ----------------------------
     546
   This is what I would like for it to be set to.
   65536 - dont_expire_password
     512 - normal_account
      64 - passwd_cant_change
      32 - password_notreqd
       2 - accountdiabled
   -----------------------------
   66144
lsc.syncoptions.user.userAccountControl.create_value = AD.userAccountControlSet( "0", "66144")
If this does not work, you maybe have to use another account with more
privileges to bind to AD.
Rohler, Brian L
2011-10-31 23:29:53 UTC
Permalink
Post by Clément OUDOT
Post by Rohler, Brian L
Before
lsc.tasks.user.dstService.filterAll = (&(sAMAccountName=*)(&(objectClass=user))
After
lsc.tasks.user.dstService.filterAll = (&(sAMAccountName=*)(&(objectClass=user)(!(objectClass=computer))))
Now I do have a couple other questions.
1 - I'm trying to use the "uid" from my ldap (src) as the CN for the DN but then then the script fails.
uid from ldap = msmith
cn = Marc Smith
------------
Oct 30 17:15:05 - INFO - # Adding new entry CN=Marc Smith,CN=Users,DC=nees36,DC=local for user
dn: CN=Marc Smith,CN=Users,DC=nees36,DC=local
changetype: add
sn: Smith
cn: Marc smith
givenName: smith
sAMAccountName: smith
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
----------------------------------------
Oct 30 17:15:05 - INFO - # Adding new entry CN=msmith,CN=Users,DC=nees36,DC=local for user
dn: CN=msmith,CN=Users,DC=nees36,DC=local
changetype: add
cn: Marc Smith
sAMAccountName: msmith
givenName: Marc
sn: Smith
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
What does it take to get this format to come out correctly.
You have to set the dest cn value to the source uid value too (not
only for the DN).
I'll try that tonight.
Post by Clément OUDOT
Post by Rohler, Brian L
It also has the "User must change password at next logon" set which I do not want set.
2 - I can't seem to get the userAccountControl value set. It is always 546
512 - normal_account
32 - password_notreqd
2 - accountdiabled
----------------------------
546
This is what I would like for it to be set to.
65536 - dont_expire_password
512 - normal_account
64 - passwd_cant_change
32 - password_notreqd
2 - accountdiabled
-----------------------------
66144
lsc.syncoptions.user.userAccountControl.create_value = AD.userAccountControlSet( "0", "66144")
If this does not work, you maybe have to use another account with more
privileges to bind to AD.
I don't have ssl/636 working yet. I'm wondering if that isn't the problem.

I've also been told there might be a registry change so new user
Rohler, Brian L
2011-11-03 03:26:36 UTC
Permalink
Sorry for my instance and my ignorance but it looks like this should be a fairly easy thing to do but I can't get it to work.

I have a CN="Tom Smith" and a uid="tsmith" which comes in from the source (LDAP on linux).

I don't want the CN="Tom Smith" to go into my destination (AD on windows)

I would like to have the CN="tsmith" go into my destination (AD on windows).

How do I do this? What type of conditional code can I use to get this to work?

Thanks,

Brian


-----Original Message-----
From: Clément OUDOT [mailto:***@gmail.com]
Sent: Monday, October 31, 2011 6:42 PM
To: Rohler, Brian L
Cc: lsc-***@lists.lsc-project.org
Subject: Re: [lsc-users] LDAP: error code 53 - 00002077
Post by Rohler, Brian L
Before
lsc.tasks.user.dstService.filterAll =
(&(sAMAccountName=*)(&(objectClass=user))
After
lsc.tasks.user.dstService.filterAll =
(&(sAMAccountName=*)(&(objectClass=user)(!(objectClass=computer))))
Now I do have a couple other questions.
1 - I'm trying to use the "uid" from my ldap (src) as the CN for the DN  but then then the script fails.
uid from ldap = msmith
cn = Marc Smith
------------
Oct 30 17:15:05 - INFO  - # Adding new entry CN=Marc
Smith,CN=Users,DC=nees36,DC=local for user
dn: CN=Marc Smith,CN=Users,DC=nees36,DC=local
changetype: add
sn: Smith
cn: Marc smith
givenName: smith
sAMAccountName: smith
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
----------------------------------------
Oct 30 17:15:05 - INFO  - # Adding new entry
CN=msmith,CN=Users,DC=nees36,DC=local for user
dn: CN=msmith,CN=Users,DC=nees36,DC=local
changetype: add
cn: Marc Smith
sAMAccountName: msmith
givenName: Marc
sn: Smith
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
What does it take to get this format to come out correctly.
You have to set the dest cn value to the source uid value too (not only for the DN).
Post by Rohler, Brian L
It also has the "User must change password at next logon" set which I do not want set.
2 - I can't seem to get the userAccountControl value set. It is always 546
     512 - normal_account
      32 - password_notreqd
       2 - accountdiabled
   ----------------------------
     546
   This is what I would like for it to be set to.
   65536 - dont_expire_password
     512 - normal_account
      64 - passwd_cant_change
      32 - password_notreqd
       2 - accountdiabled
   -----------------------------
   66144
lsc.syncoptions.user.userAccountControl.create_value =
AD.userAccountControlSet( "0", "66144")
If this does not work, you maybe have to use another account with more privileges to bind to AD.
Rohler, Brian L
2011-11-03 03:50:37 UTC
Permalink
I'm actually getting very close to being able to put the dst.uid in place of the src.cn. Why is ldap complaining with error code 34?

Nov 02 23:45:59 - DEBUG - Synchronizing user for {gidnumber=3000, uid=Tom Smith, uidnumber=4146}
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": List of attributes considered for writing in destination: [sn, AD.userAccountControl, cn, sAMAccountName, gidNumber, uidNumber, objectClass, givenName]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute "sn" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Adding attribute "sn" with values [tsmith]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute "AD.userAccountControl" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute "AD.userAccountControl" will not be written to the destination
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute "cn" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Adding attribute "cn" with values [Tom Smith]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute "sAMAccountName" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Adding attribute "sAMAccountName" with values [tsmith]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute "gidNumber" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Adding attribute "gidNumber" with values [3000]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute "uidNumber" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Adding attribute "uidNumber" with values [4146]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute "objectClass" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Adding attribute "objectClass" with values [organizationalPerson, person, user, top]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute "givenName" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Adding attribute "givenName" with values [Tom Smith]
Nov 02 23:45:59 - ERROR - Error while adding entry CN=tsmith,CN=Users in directory :javax.naming.InvalidNameException: CN=tsmith,CN=Users: [LDAP: error code 34 - 00002081: NameErr: DSID-03050C42, problem 2003 (BAD_ATT_SYNTAX), data 0, best match of:
'CN=tsmith,CN=Users,dc=example,dc=local'
]; remaining name 'CN=tsmith,CN=Users'
Nov 02 23:45:59 - ERROR - Error while synchronizing ID CN=tsmith,CN=Users: java.lang.Exception: Technical problem while applying modifications to directory
Nov 02 23:45:59 - DEBUG - java.lang.Exception: Technical problem while applying modifications to directory
java.lang.Exception: Technical problem while applying modifications to directory
at org.lsc.AbstractSynchronize.synchronize2Ldap(AbstractSynchronize.java:399) [lsc-core-1.2.1.jar:na]
at org.lsc.SimpleSynchronize.launchTask(SimpleSynchronize.java:272) [lsc-core-1.2.1.jar:na]
at org.lsc.SimpleSynchronize.launch(SimpleSynchronize.java:155) [lsc-core-1.2.1.jar:na]
at org.lsc.Launcher.run(Launcher.java:151) [lsc-core-1.2.1.jar:na]
at org.lsc.Launcher.main(Launcher.java:123) [lsc-core-1.2.1.jar:na]
dn: CN=tsmith,CN=Users,DC=example,DC=local
changetype: add
sn: tsmith
cn: Tom Smith
sAMAccountName: tsmith
gidNumber: 3000
uidNumber: 4146
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
givenName: Tom Smith

-----Original Message-----
From: Rohler, Brian L
Sent: Wednesday, November 02, 2011 11:27 PM
To: 'Clément OUDOT'
Cc: lsc-***@lists.lsc-project.org
Subject: RE: [lsc-users] LDAP: error code 53 - 00002077
Importance: High

Sorry for my instance and my ignorance but it looks like this should be a fairly easy thing to do but I can't get it to work.

I have a CN="Tom Smith" and a uid="tsmith" which comes in from the source (LDAP on linux).

I don't want the CN="Tom Smith" to go into my destination (AD on windows)

I would like to have the CN="tsmith" go into my destination (AD on windows).

How do I do this? What type of conditional code can I use to get this to work?

Thanks,

Brian


-----Original Message-----
From: Clément OUDOT [mailto:***@gmail.com]
Sent: Monday, October 31, 2011 6:42 PM
To: Rohler, Brian L
Cc: lsc-***@lists.lsc-project.org
Subject: Re: [lsc-users] LDAP: error code 53 - 00002077
Post by Rohler, Brian L
Before
lsc.tasks.user.dstService.filterAll =
(&(sAMAccountName=*)(&(objectClass=user))
After
lsc.tasks.user.dstService.filterAll =
(&(sAMAccountName=*)(&(objectClass=user)(!(objectClass=computer))))
Now I do have a couple other questions.
1 - I'm trying to use the "uid" from my ldap (src) as the CN for the DN  but then then the script fails.
uid from ldap = msmith
cn = Marc Smith
------------
Oct 30 17:15:05 - INFO  - # Adding new entry CN=Marc
Smith,CN=Users,DC=nees36,DC=local for user
dn: CN=Marc Smith,CN=Users,DC=nees36,DC=local
changetype: add
sn: Smith
cn: Marc smith
givenName: smith
sAMAccountName: smith
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
----------------------------------------
Oct 30 17:15:05 - INFO  - # Adding new entry
CN=msmith,CN=Users,DC=nees36,DC=local for user
dn: CN=msmith,CN=Users,DC=nees36,DC=local
changetype: add
cn: Marc Smith
sAMAccountName: msmith
givenName: Marc
sn: Smith
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
What does it take to get this format to come out correctly.
You have to set the dest cn value to the source uid value too (not only for the DN).
Post by Rohler, Brian L
It also has the "User must change password at next logon" set which I do not want set.
2 - I can't seem to get the userAccountControl value set. It is always 546
     512 - normal_account
      32 - password_notreqd
       2 - accountdiabled
   ----------------------------
     546
   This is what I would like for it to be set to.
   65536 - dont_expire_password
     512 - normal_account
      64 - passwd_cant_change
      32 - password_notreqd
       2 - accountdiabled
   -----------------------------
   66144
lsc.syncoptions.user.userAccountControl.create_value =
AD.userAccountControlSet( "0", "66144")
If this does not work, you maybe have to use another account with more privileges to bind to AD.
Clément OUDOT
2011-11-03 08:47:55 UTC
Permalink
Post by Rohler, Brian L
I'm actually getting very close to being able to put the dst.uid in place of the src.cn. Why is ldap complaining with error code 34?
Nov 02 23:45:59 - DEBUG - Synchronizing user for {gidnumber=3000, uid=Tom Smith, uidnumber=4146}
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  List of attributes considered for writing in destination: [sn, AD.userAccountControl, cn, sAMAccountName, gidNumber, uidNumber, objectClass, givenName]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  Attribute "sn" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  Adding attribute "sn" with values [tsmith]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  Attribute "AD.userAccountControl" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  Attribute "AD.userAccountControl" will not be written to the destination
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  Attribute "cn" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  Adding attribute "cn" with values [Tom Smith]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  Attribute "sAMAccountName" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  Adding attribute "sAMAccountName" with values [tsmith]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  Attribute "gidNumber" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  Adding attribute "gidNumber" with values [3000]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  Attribute "uidNumber" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  Adding attribute "uidNumber" with values [4146]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  Attribute "objectClass" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  Adding attribute "objectClass" with values [organizationalPerson, person, user, top]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  Attribute "givenName" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  Adding attribute "givenName" with values [Tom Smith]
       'CN=tsmith,CN=Users,dc=example,dc=local'
]; remaining name 'CN=tsmith,CN=Users'
Nov 02 23:45:59 - ERROR - Error while synchronizing ID CN=tsmith,CN=Users: java.lang.Exception: Technical problem while applying modifications to directory
Nov 02 23:45:59 - DEBUG - java.lang.Exception: Technical problem while applying modifications to directory
java.lang.Exception: Technical problem while applying modifications to directory
       at org.lsc.AbstractSynchronize.synchronize2Ldap(AbstractSynchronize.java:399) [lsc-core-1.2.1.jar:na]
       at org.lsc.SimpleSynchronize.launchTask(SimpleSynchronize.java:272) [lsc-core-1.2.1.jar:na]
       at org.lsc.SimpleSynchronize.launch(SimpleSynchronize.java:155) [lsc-core-1.2.1.jar:na]
       at org.lsc.Launcher.run(Launcher.java:151) [lsc-core-1.2.1.jar:na]
       at org.lsc.Launcher.main(Launcher.java:123) [lsc-core-1.2.1.jar:na]
dn: CN=tsmith,CN=Users,DC=example,DC=local
changetype: add
sn: tsmith
cn: Tom Smith
sAMAccountName: tsmith
gidNumber: 3000
uidNumber: 4146
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
givenName: Tom Smith
Hi,

please check your configuration, because what I see is that the CN
value inside the entry is not the CN value from the DN. You maybe
swapped cn and sn in your configuration.

You must build a correct entry to be able to add it in AD. You can try
to add it manually with ldapadd to do tests.


Clément.
Rohler, Brian L
2011-11-03 15:17:14 UTC
Permalink
I ran into a small problem where one of my users has a uid that is 22 characters in length and I received the [LDAP: error code 80 - 00000523] error. I looked up the error and its:

Active Directory has a limitation of 20 characters for the user account name; for example, uid or cn. If you create a user with more than 20 character

Is there a way around this other than shortening the users uid name?

Thanks,

Brian



-----Original Message-----
From: Clément OUDOT [mailto:***@gmail.com]
Sent: Thursday, November 03, 2011 4:48 AM
To: Rohler, Brian L
Cc: lsc-***@lists.lsc-project.org
Subject: Re: [lsc-users] LDAP: error code 53 - 00002077
Post by Rohler, Brian L
I'm actually getting very close to being able to put the dst.uid in place of the src.cn. Why is ldap complaining with error code 34?
Nov 02 23:45:59 - DEBUG - Synchronizing user for {gidnumber=3000,
uid=Tom Smith, uidnumber=4146} Nov 02 23:45:59 - DEBUG - In entry
"CN=tsmith,CN=Users":  List of attributes considered for writing in
destination: [sn, AD.userAccountControl, cn, sAMAccountName,
gidNumber, uidNumber, objectClass, givenName] Nov 02 23:45:59 - DEBUG
- In entry "CN=tsmith,CN=Users":  Attribute "sn" is in FORCE status
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  Adding
attribute "sn" with values [tsmith] Nov 02 23:45:59 - DEBUG - In entry
"CN=tsmith,CN=Users":  Attribute "AD.userAccountControl" is in FORCE
status Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  
Attribute "AD.userAccountControl" will not be written to the
destination Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  
Attribute "cn" is in FORCE status Nov 02 23:45:59 - DEBUG - In entry
"CN=tsmith,CN=Users":  Adding attribute "cn" with values [Tom Smith]
Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  Attribute
"sAMAccountName" is in FORCE status Nov 02 23:45:59 - DEBUG - In entry
"CN=tsmith,CN=Users":  Adding attribute "sAMAccountName" with values
[tsmith] Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users":  
       'CN=tsmith,CN=Users,dc=example,dc=local'
]; remaining name 'CN=tsmith,CN=Users'
Nov 02 23:45:59 - ERROR - Error while synchronizing ID
CN=tsmith,CN=Users: java.lang.Exception: Technical problem while
applying modifications to directory Nov 02 23:45:59 - DEBUG -
java.lang.Exception: Technical problem while applying modifications to directory
java.lang.Exception: Technical problem while applying modifications to directory
       at
399) [lsc-core-1.2.1.jar:na]
       at
org.lsc.SimpleSynchronize.launchTask(SimpleSynchronize.java:272)
[lsc-core-1.2.1.jar:na]
       at org.lsc.SimpleSynchronize.launch(SimpleSynchronize.java:155)
[lsc-core-1.2.1.jar:na]
       at org.lsc.Launcher.run(Launcher.java:151)
[lsc-core-1.2.1.jar:na]
       at org.lsc.Launcher.main(Launcher.java:123)
[lsc-core-1.2.1.jar:na]
dn: CN=tsmith,CN=Users,DC=example,DC=local
changetype: add
sn: tsmith
cn: Tom Smith
sAMAccountName: tsmith
gidNumber: 3000
uidNumber: 4146
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
givenName: Tom Smith
Hi,

please check your configuration, because what I see is that the CN value inside the entry is not the CN value from the DN. You maybe swapped cn and sn in your configuration.

You must build a correct entry to be able to add it in AD. You can try to add it manually with ldapadd to do tests.


Clément.
Clément OUDOT
2011-11-03 15:57:47 UTC
Permalink
Post by Rohler, Brian L
Active Directory has a limitation of 20 characters for the user account name; for example, uid or cn. If you create a user with more than 20 character
Is there a way around this other than shortening the users uid name?
Yes, don't use AD :)

Find another unique information to put as RDN.
Rohler, Brian L
2011-11-03 16:03:22 UTC
Permalink
Can I put code around the entry in the syncopations section taking just the first 20 characters?
Post by Clément OUDOT
Post by Rohler, Brian L
Active Directory has a limitation of 20 characters for the user account name; for example, uid or cn. If you create a user with more than 20 character
Is there a way around this other than shortening the users uid name?
Yes, don't use AD :)
Find another unique informat
Clément OUDOT
2011-11-03 16:35:25 UTC
Permalink
Post by Rohler, Brian L
Can I put code around the entry in the syncopations section taking just the first 20 characters?
Post by Rohler, Brian L
Active Directory has a limitation of 20 characters for the user account name; for example, uid or cn. If you create a user with more than 20 character
Is there a way around this other than shortening the users uid name?
Use the substring method :

srcBean.getAttributeValueById("uid").substring(0,19).
Rohler, Brian L
2011-11-03 23:57:34 UTC
Permalink
I tried the substring but since most of the uids are less than 20 characters it causes an index out of range error. I tried logic but I'm not a java programmer and it's not working. Any thoughts?

# Account for uids that break the AD rule of no more than 20 characters
if (srcBean.getAttributeValueById("uid").length() > 19) { \
lsc.tasks.user.dn = "CN=" + srcBean.getAttributeValueById("uid").substring(0,19) + ",CN=Users"; \
} else { \
lsc.tasks.user.dn = "CN=" + srcBean.getAttributeValueById("uid") + ",CN=Users"; \
} \

-----Original Message-----
From: Clément OUDOT [mailto:***@gmail.com]
Sent: Thursday, November 03, 2011 12:35 PM
To: Rohler, Brian L
Cc: lsc-***@lists.lsc-project.org
Subject: Re: [lsc-users] LDAP: error code 53 - 00002077
Post by Rohler, Brian L
Can I put code around the entry in the syncopations section taking just the first 20 characters?
Post by Rohler, Brian L
Active Directory has a limitation of 20 characters for the user account name; for example, uid or cn. If you create a user with more than 20 character
Is there a way around this other than shortening the users uid name?
Use the substring method :

srcBean.getAttributeValueById("uid").substring(0,19).
Rohler, Brian L
2011-11-04 02:22:10 UTC
Permalink
This code is failing with the below errors. The reason for trying to put this logic in place is due to the 20 character limitation with AD and sAMAccountName attribute. The uid in the error report below has 22 characters and thus fails. I was hoping to put this code in place so if I receive any uids greater than 20 characters I trim it to 20. If the uid is 20 or less it is left alone.

****** CODE ******
#lsc.syncoptions.user.sAMAccountName.create_value = srcBean.getAttributeValueById("uid")  this works but has the 20 character limit
lsc.syncoptions.user.sAMAccountName.create_value = \
if (srcBean.getAttributeValueById("uid").length() > 19) { \
uid_value = srcBean.getAttributeValueById("uid").substring(0,19); \
} else { \
uid_value = srcBean.getAttributeValueById("uid"); \
} \
uid_value


****** ERROR ******

Nov 03 21:17:43 - DEBUG - In entry "cn=miguelricardohernan,cn=Users": Attribute "givenName" will not be written to the destination
Nov 03 21:17:43 - ERROR - Error while adding entry cn=miguelricardohernan,cn=Users in directory :javax.naming.NamingException: [LDAP: error code 80 - 00000523: SysErr: DSID-031A1202, problem 22 (Invalid argument), data 0
^@]; remaining name 'cn=miguelricardohernan,cn=Users'
Nov 03 21:17:43 - ERROR - Error while synchronizing ID cn=miguelricardohernan,cn=Users: java.lang.Exception: Technical problem while applying modifications to directory
Nov 03 21:17:43 - DEBUG - java.lang.Exception: Technical problem while applying modifications to directory
java.lang.Exception: Technical problem while applying modifications to directory
at org.lsc.AbstractSynchronize.synchronize2Ldap(AbstractSynchronize.java:399) [lsc-core-1.2.1.jar:na]
at org.lsc.SimpleSynchronize.launchTask(SimpleSynchronize.java:272) [lsc-core-1.2.1.jar:na]
at org.lsc.SimpleSynchronize.launch(SimpleSynchronize.java:155) [lsc-core-1.2.1.jar:na]
at org.lsc.Launcher.run(Launcher.java:151) [lsc-core-1.2.1.jar:na]
at org.lsc.Launcher.main(Launcher.java:123) [lsc-core-1.2.1.jar:na]

-----Original Message-----
From: Clément OUDOT [mailto:***@gmail.com]
Sent: Thursday, November 03, 2011 12:35 PM
To: Rohler, Brian L
Cc: lsc-***@lists.lsc-project.org
Subject: Re: [lsc-users] LDAP: error code 53 - 00002077
Post by Rohler, Brian L
Can I put code around the entry in the syncopations section taking just the first 20 characters?
Post by Rohler, Brian L
Active Directory has a limitation of 20 characters for the user account name; for example, uid or cn. If you create a user with more than 20 character
Is there a way around this other than shortening the users uid name?
Use the substring method :

srcBean.getAttributeValueById("uid").substri
Clément OUDOT
2011-11-04 08:42:21 UTC
Permalink
Post by Rohler, Brian L
This code is failing with the below errors. The reason for trying to put this logic in place is due to the 20 character limitation with AD and sAMAccountName attribute. The uid in the error report below has 22 characters and thus fails. I was hoping to put this code in place so if I receive any uids greater than 20 characters I trim it to 20. If the uid is 20 or less it is left alone.
Nov 03 21:17:43 - ERROR - Error while adding entry cn=miguelricardohernan,cn=Users in directory :javax.naming.NamingException: [LDAP: error code 80 - 00000523: SysErr: DSID-031A1202, problem 22 (Invalid argument), data 0
I think your DN is not complete. What is your DN build rule?


Clément.

Rohler, Brian L
2011-11-02 04:00:38 UTC
Permalink
See my comments below.
Post by Clément OUDOT
Post by Rohler, Brian L
Thanks for the tip but I did get entries going into AD now by making
Before
lsc.tasks.user.dstService.filterAll =
(&(sAMAccountName=*)(&(objectClass=user))
After
lsc.tasks.user.dstService.filterAll =
(&(sAMAccountName=*)(&(objectClass=user)(!(objectClass=computer))))
Now I do have a couple other questions.
1 - I'm trying to use the "uid" from my ldap (src) as the CN for the DN
but then then the script fails.
uid from ldap = msmith
cn = Marc Smith
------------
Oct 30 17:15:05 - INFO - # Adding new entry CN=Marc
Smith,CN=Users,DC=nees36,DC=local for user
dn: CN=Marc Smith,CN=Users,DC=nees36,DC=local
changetype: add
sn: Smith
cn: Marc smith
givenName: smith
sAMAccountName: smith
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
----------------------------------------
Oct 30 17:15:05 - INFO - # Adding new entry
CN=msmith,CN=Users,DC=nees36,DC=local for user
dn: CN=msmith,CN=Users,DC=nees36,DC=local
changetype: add
cn: Marc Smith
sAMAccountName: msmith
givenName: Marc
sn: Smith
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
What does it take to get this format to come out correctly.
You have to set the dest cn value to the source uid value too (not
only for the DN).
As a newbie I've had a struggle understanding the differences between
.filterALL, .filterID, .attrs and .attrpivots. Would you be able to
explain more of where this change needs to occur? I would appreciate any
help you can provide.

###########################################################################
##############
# SimpleJndiSrcService parameters (Linux LDAP)
###########################################################################
##############
lsc.tasks.user.srcService = org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.user.srcService.baseDn = ou=Users
lsc.tasks.user.srcService.filterAll = (&(uid=*)(objectClass=inetOrgPerson))
lsc.tasks.user.srcService.filterId =
(&(objectClass=inetOrgPerson)(uid={uid}))
lsc.tasks.user.srcService.pivotAttrs = uid uidNumber gidNumber
lsc.tasks.user.srcService.attrs = uid sn cn uidNumber gidNumber

###########################################################################
##############
# SimpleJndiDstService parameters (Windows Active Directory)
###########################################################################
##############
lsc.tasks.user.dstService = org.lsc.jndi.SimpleJndiDstService
lsc.tasks.user.dstService.baseDn = cn=Users
lsc.tasks.user.dstService.filterAll =
(&(sAMAccountName=*)(&(objectClass=user)(!(objectClass=computer))))
lsc.tasks.user.dstService.filterId =
(&(objectClass=user)(sAMAccountName={uid}))
lsc.tasks.user.dstService.pivotAttrs = uid sAMAccountName uidNumber
lsc.tasks.user.dstService.attrs = sAMAccountName sn cn givenName uidNumber
gidNumber objectClass AD.userAccountControl

lsc.tasks.user.dn = "CN=" + srcBean.getAttributeValueById("cn") +
",CN=Users"
dn.real_root = DC=nees36,DC=local

#########################
# User - Syncoptions
#########################
lsc.syncoptions.user = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.user.objectClass.action = F
lsc.syncoptions.user.default.action = F
lsc.syncoptions.user.default.delimiter = ;
lsc.syncoptions.user.objectClass.force_value =
"top";"user";"person";"organizationalPerson"
lsc.syncoptions.user.userPrincipalName.create_value =
srcBean.getAttributeValueById("uid") + "@nees36.local"
lsc.syncoptions.user.givenName.create_value =
srcBean.getAttributeValueById("uid")
lsc.syncoptions.user.sAMAccountName.create_value =
srcBean.getAttributeValueById("uid")
lsc.syncoptions.user.sn.create_value = srcBean.getAttributeValueById("uid")
lsc.syncoptions.user.cn.create_value = srcBean.getAttributeValueById("uid")
lsc.syncoptions.user.uidNumber.create_value =
srcBean.getAttributeValueById("uidNumber")
lsc.syncoptions.user.gidNumber.create_value =
srcBean.getAttributeValueById("gidNumber")
# 653536 - DONT_EXPIRE_PASSWORD
# 512 - NORMAL_ACCOUNT
# + 32 - PASSWD_NOTREQD
# ---------------------------------------
# 66080 - AD.userAccountControlSet value
lsc.syncoptions.user.userAccountControl.create_value =
AD.userAccountControlSet( "0", "66080")
Post by Clément OUDOT
Post by Rohler, Brian L
It also has the "User must change password at next logon" set which I
do not want set.
2 - I can't seem to get the userAccountControl value set. It is always
546
512 - normal_account
32 - password_notreqd
2 - accountdiabled
----------------------------
546
This is what I would like for it to be set to.
65536 - dont_expire_password
512 - normal_account
64 - passwd_cant_change
32 - password_notreqd
2 - accountdiabled
-----------------------------
66144
lsc.syncoptions.user.userAccountControl.create_value =
AD.userAccountControlSet( "0", "66144")
If this does not work, you maybe have to use another account with more
privileges to bind to AD.
I'm currently using the administrator with full privileges.
Loading...