Announcement

Collapse
No announcement yet.

Error by first sync

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Error by first sync

    Hello,

    I*ve installed the ldapsync according to the HowTo.
    But at the first sync I get an Error abd I don't know why.
    /opt/oxldapsync/sbin/oxldapsync.pl -c "1" -A administrator -f ldapsync.conf -P xxxxxx -v -s

    The Error is "Error on search : No such object at /opt/oxldapsync/sbin/../lib/OX/LDAPConnector/ldap.pm line 150, <DATA> line 403."

    Can anybody help me? Where should I start to find the error? It seems that theres now request on the LDAP-Server.



    Regards


    Danniel

  • #2
    Ok, the Sync is working now. My fault, I forgot to enter the correct Group-DN.

    But now I can't log in with my Username and my Password. There are no entrys in any log about this process.
    Can anybody help me to debug this?

    Comment


    • #3
      Did you install open-xchange-authentication-ldap instead of open-xchange-authentication-database?
      What show the logs?

      Comment


      • #4
        Yes, open-xchange-authentication-ldap is installed.
        The logs don't schow anything. I did a ll on /var/log/open-xchange, but the size of the Files didn't change.

        Waht Information is taken from the ldapsync out of the directory-tree? Do I have to add new Users in OX or are the Users taken from the LDAP-Tree?

        Regards

        Daniel

        Comment


        • #5
          Ok, the Error is still in the ldapsync, but I don't know why. I tried a lot, but something seems to be wrong.

          Here me ldapsync.conf:
          Code:
          ldapuri                 = ldap://10.3.100.12
          
          # OxSync variable opt directory
          vardirectory            = /var/opt/oxldapsync
          
          # Open Xchange sbin Directory
          oxpath                  = /opt/open-xchange/sbin
          
          # Logfile
          logfile                 = /var/log/oxldapsync.log
          
          # Where to search for users
          userbasedn              = ou=people,dc=test,dc=de
          
          # Where to search for groups
          groupbasedn             = ou=group,dc=test,dc=de
          
          # User dn for Connection to LDAP
          ldapuserdn              = cn=Administrator,dc=test,dc=de
          
          # Password for Connecting to ldap
          ldapuserpassword        = secret
          
          # Mapping file for ldap values > ox parameters
          mappingfile             = /opt/oxldapsync/etc/mapping.openldap.conf
          
          # Type of ldap (class to load)
          ldaptype                = openldap
          
          # shall groups get updated
          updateGroups            = yes
          
          # use modifyTimestamp to speed up synchronization
          usemodifytimestamp      = no
          
          # Custom filter for finding user
          userFilter              = 
          
          #Custom filter for finding groups
          groupFilter             =
          
          #Should mail addresses of an existing user synced with source
          updateAliases           = no
          
          # shall non-existing users in LDAP be deleted in OX
          deleteusers             = yes
          
          # shall non-existing and empty groups in LDAP be deleted in OX
          deletegroups            = yes
          # shall non-existing and empty groups in LDAP be deleted in OX
          deletegroups            = yes
          
          # unique id Attribute
          uidAttribute            = uid
          
          # user ids in OX which should not be deleted
          dontModifyUids          = admin oxadmin
          
          # Attributename of groups for member
          groupMemberAttribute    = memberUid
          
          # Is attribute a distinguished name
          memberAttributeIsDN     = no
          
          # unique name attribute for group
          groupNameAttribute      = cn
          
          # displayname attribute for group
          groupDisplayNameAttribute = cn
          
          # unique number attribute for group
          groupNumberAttribute    = gidNumber
          
          # attribute name where a users primary is stored
          userPrimaryGroupAttribute = uid
          A user in LDap looks as follows:
          Code:
          dn: uid=testuser, ou=people, dc=test,dc=de
          userPassword:: e2NyeXB0fTJUIPy55eklYYnpQRHM=
          loginShell: /usr/uti/bash
          uidNumber: 2015
          gidNumber: 52
          objectClass: account
          objectClass: posixAccount
          objectClass: top
          uid: testuser
          gecos: test testing,office,27
          cn: test testing
          homeDirectory: /home/testuser
          The group-Entry:
          Code:
          dn: cn=users, ou=group, dc=test,dc=de
          gidNumber: 100
          memberUid: testuser
          memberUid: testuser1
          memberUid: testuser2
          memberUid: testuser3
          userPassword:: e2NuuXB0fSE=
          objectClass: posixGroup
          objectClass: top
          cn: users
          What is wrong with my ldapsync.conf?
          I can bind to the ldapserver anonymously for searching it.

          Regards

          Daniel

          Comment


          • #6
            Originally posted by Daniel26 View Post

            A user in LDap looks as follows:
            Code:
            dn: uid=testuser, ou=people, dc=test,dc=de
            userPassword:: e2NyeXB0fTJUIPy55eklYYnpQRHM=
            loginShell: /usr/uti/bash
            uidNumber: 2015
            gidNumber: 52
            objectClass: account
            objectClass: posixAccount
            objectClass: top
            uid: testuser
            gecos: test testing,office,27
            cn: test testing
            homeDirectory: /home/testuser
            There we have the problem. ldapsync uses an implicit filter to find user objects. It searches for all entries which have at least objectClass=inetOrgPerson. When you can't add the class to the entries you can give an alternative user filter by modifying the userFilter option in the ldapsync.conf. Then the script should find some users and try to add them to OX.

            Regards
            Norbert

            Comment


            • #7
              Ok, Try to change it. What is the Syntax about this entry?

              Regards

              Daniel

              Comment


              • #8
                The Syntax is like LDAP-filter. So you can write "(objectClass=posixAccount)" (with brackets but without quotation marks).

                Norbert

                Comment


                • #9
                  Ok, Filter is set, but now I get
                  Could not get current userlist! Username and Password correct?

                  Does the ldapsync an simple-Bind?

                  It will be great to get ldapsync more verbose than the "-v"-Switch.

                  Regards
                  Daniel

                  Comment


                  • #10
                    There has to be a problem with calling /opt/open-xchange/sbin/listuser.
                    The Synctool calls /opt/open-xchange/sbin/listuser -c "1" -A administrator -P xxxxxx --csv .
                    It should work manually.

                    Norbert

                    Comment


                    • #11
                      Ok, now my ldap is right, I try to sync. But the ldapsync has a problem with the Mail-Adress. The mail-adress ist stored in the ldap, In the mapping-File i simply put "mail" (without the Quotes), put it seems that the sync has a Problem with the "." in the mail. The output while syncing:
                      Use of uninitialized value in concatenation (.) or string at /opt/oxldapsync/sbin/../lib/OX/User/Decorator.pm line 101.

                      Another question: Can I use the passwort from ldap in ox with ldapsync?

                      Regards

                      Daniel

                      Comment


                      • #12
                        Originally posted by Daniel26 View Post
                        Ok, now my ldap is right, I try to sync. But the ldapsync has a problem with the Mail-Adress. The mail-adress ist stored in the ldap, In the mapping-File i simply put "mail" (without the Quotes), put it seems that the sync has a Problem with the "." in the mail. The output while syncing:
                        Use of uninitialized value in concatenation (.) or string at /opt/oxldapsync/sbin/../lib/OX/User/Decorator.pm line 101.
                        Where did you put mail in the mapping file? If you don't have aliases, you should leave aliases empty and only write mail to the line beginning with email.

                        Originally posted by Daniel26 View Post
                        Another question: Can I use the passwort from ldap in ox with ldapsync?
                        What do you mean with using password from ldap? You have to use the ldap authentication plugin, because normally you have hashed passwords in the ldap, so you can't get the plain passwords from ldap to put them in ox.

                        regards
                        Norbert

                        Comment


                        • #13
                          Where did you put mail in the mapping file? If you don't have aliases, you should leave aliases empty and only write mail to the line beginning with email.
                          The entry is email = mail

                          What do you mean with using password from ldap? You have to use the ldap authentication plugin, because normally you have hashed passwords in the ldap, so you can't get the plain passwords from ldap to put them in ox.
                          I ask this question cause the is an entry in the mapping file with
                          password = "secret", so at the useradd in ox the password is set to "secret".
                          So, which password is valid? The passwort in the ldap or the password given with the mapping-file?


                          Regards

                          Daniel
                          Last edited by Daniel26; 12-09-2008, 03:35 PM.

                          Comment


                          • #14
                            Originally posted by Daniel26 View Post
                            The entry is email = mail
                            And aliases is empty? Could you please post the line after "Use of uninitialized value in...". It should be a ox command with all parameters. (-v -s)

                            Originally posted by Daniel26 View Post
                            I ask this question cause the is an entry in the mapping file with
                            password = "secret", so at the useradd in ox the password is set to "secret".
                            So, which password is valid= The passwort in the ldap or the password given with the mapping-file?
                            For creating a user in OX you to have give them a password. This password is stored in the database and only used when you install the authentication-database package.

                            Norbert

                            Comment


                            • #15
                              Ok, now it seems to work. Don't know why, I've only put a value for alias in the mappingfile, the ldapsync gives an error. Then I deleted the value for alias and it works.

                              Thanks for the help.

                              The next Problem is the ldapauth.properties, but about this I've opened another thread in the ox-Forum.

                              Regards

                              Daniel

                              Comment

                              Working...
                              X