Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Ldap error code 32

I'm trying to synchronize OpenLDAP and Active directory together. To do so I'm using a program called LSC-Project which is specified to do this sort of thing.

I have configured the program the best I can however I can't find a way to shake off the following error:

javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-
031001CD,
problem 2001 (NO_OBJECT), data 0, best match of:
'DC=domname,DC=com'
]; remaining name 
'uid=user1,ou=Users'

May 09 15:19:25 - ERROR - Error while synchronizing ID uid=user1,ou=Users:
java.lang.Exception:
Technical problem while applying modifications to directory
dn: uid=user1,ou=Users,dc=domname,dc=com
changetype: add
userPassword: 3+kU2th/WMo/v553A24a3SBw2kU=
objectClass: uid

This is the configuration file that the program runs on:

############################### 
Destination LDAP directory #
##############################

dst.java.naming.provider.url = ldap://192.168.1.3:389/dc=Windows,dc=com  
dst.java.naming.security.authentication = simple
dst.java.naming.security.principal = cn=Administrator,cn=Users,dc=Windows,dc=com
dst.java.naming.security.credentials = 11111
dst.java.naming.referral = ignore
dst.java.naming.ldap.derefAliases = never
dst.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory
dst.java.naming.ldap.version = 3
dst.java.naming.ldap.pageSize = 1000

#########################
Source LDAP directory 
#########################

src.java.naming.provider.url = ldap://192.168.1.2:389/dc=Linux,dc=com
src.java.naming.security.authentication = simple
src.java.naming.security.principal = uid=root,ou=users,dc=Linux,dc=com
src.java.naming.security.credentials = 11111
src.java.naming.referral = ignore
src.java.naming.ldap.derefAliases = never
src.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory
src.java.naming.ldap.version = 3

#######################
Tasks configuration 
#######################

lsc.tasks = Administrator
lsc.tasks.Administrator.srcService = org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.Administrator.srcService.baseDn = ou=users
lsc.tasks.Administrator.srcService.filterAll = (&(objectClass=person))
lsc.tasks.Administrator.srcService.pivotAttrs = uid 
lsc.tasks.Administrator.srcService.filterId = (&(objectClass=person)(uid={uid}))
lsc.tasks.Administrator.srcService.attrs = description uid userPassword

lsc.tasks.Administrator.dstService = org.lsc.jndi.SimpleJndiDstService
lsc.tasks.Administrator.dstService.baseDn = cn=Users
lsc.tasks.Administrator.dstService.filterAll = (&(cn=*)(objectClass=organizationalPerson))
lsc.tasks.Administrator.dstService.pivotAttrs = cn, top, person, user, organizationalPerson
lsc.tasks.Administrator.dstService.filterId = (&(objectClass=user) (sAMAccountName={cn}))
lsc.tasks.Administrator.dstService.attrs = description cn userPassword objectClass

lsc.tasks.Administrator.bean = org.lsc.beans.SimpleBean
lsc.tasks.Administrator.dn = "uid=" + srcBean.getAttributeValueById("uid") + ",ou=Users"

dn.real_root = dc=Domname,dc=com

############################# 
Syncoptions configuration 
#############################

lsc.syncoptions.Administrator = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.Administrator.default.action = M
lsc.syncoptions.Administrator.objectClass.action = M
lsc.syncoptions.Administrator.objectClass.force_value = srcBean.getAttributeValueById("cn").toUpperCase()
lsc.syncoptions.Administrator.userPassword.default_value = SecurityUtils.hash(SecurityUtils.HASH_SHA1, "defaultPassword")
lsc.syncoptions.Administrator.default.delimiter=;
lsc.syncoptions.Administrator.objectClass.force_value = "top";"user";"person";"organizationalPerson"
lsc.syncoptions.Administrator.userPrincipalName.force_value = srcBean.getAttributeValueById("uid") + "@Domname.com"
lsc.syncoptions.Administrator.userAccountControl.create_value = AD.userAccountControlSet ( "0", [AD.UAC_SET_NORMAL_ACCOUNT])

I'm suspecting that it has something to do with the baseDn of the Task configuration in the part of the source configuration.

The OSs is ubuntu 10.04 and Windows2K3

Someone suggested to me to make a manual sync between them but I have not found any guides to do so. And this program is pretty much the only thing that says that is does this kind of job without costs.

like image 729
Ben_A_135 Avatar asked May 15 '12 19:05

Ben_A_135


People also ask

What is LDAP error code 32 0000208d?

This is correctly reporting that a specific object is missing. This error can occur for several reasons: an Active Directory (or other LDAP directory) Organizational Unit (OU) was imported into the SEPM, and then was deleted out of Active Directory / LDAP.

What is an LDAP error?

The value in the LDAP security authentication field is not valid, or an incorrect password was provided. Confirm that the LDAP security authentication field contains a valid value and that the password is correct.

What does LDAP error code 34 indicate?

LDAP Error Code 34 indicates that the configured User or Group Mapping BaseDN does not follow correct syntax.


1 Answers

The baseDn should be the distinguished name of the base object of the search, for example, ou=users,dc=domname,dc=com.

see also

  • LDAP: Mastering Search Filters
  • LDAP: Search best practices
  • LDAP: Programming practices
like image 83
Terry Gardner Avatar answered Oct 05 '22 09:10

Terry Gardner