ldap - CLFRN1254E 在针对 OpenLDAP 服务器同步 HCL 连接的 TDI 时出现异常
问题描述
对于测试环境,我想使用 OpenLDAP 设置 HCL Connections 6.5。这应该是一个更轻量级的替代方案,可以比生产中使用的完整 Domino 服务器实现更好的自动化。我创建了具有以下属性的测试用户:
{ sn: Max, cn: Muster, uid: max, displayName: "Max Muster", userPassword: "ldap", mail: "max.muster@example.com" }
都有 objectClasses person shadowAccount inetOrgPerson。执行后collect_dns.sh,以下 DN 出现在collect.dns
uid=max,ou=People,dc=cnx,dc=local
将这些用户与我同步时,./populate_from_dn_file.sh我得到了一条失败的记录。日志文件logs/ibmdi.log显示
2020-05-21 09:41:07,703 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Eagerly caching bean 'PostgreSQL' to allow for resolving potential circular references
2020-05-21 09:41:07,703 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Finished creating instance of bean 'PostgreSQL'
2020-05-21 09:41:07,703 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Creating shared instance of singleton bean 'Sybase'
2020-05-21 09:41:07,704 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Creating instance of bean 'Sybase'
2020-05-21 09:41:07,704 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Eagerly caching bean 'Sybase' to allow for resolving potential circular references
2020-05-21 09:41:07,704 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Finished creating instance of bean 'Sybase'
2020-05-21 09:41:07,704 INFO [org.springframework.jdbc.support.SQLErrorCodesFactory] - SQLErrorCodes loaded: [DB2, Derby, H2, HSQL, Informix, MS-SQL, MySQL, Oracle, PostgreSQL, Sybase]
2020-05-21 09:41:07,704 DEBUG [org.springframework.jdbc.support.SQLErrorCodesFactory] - Looking up default SQLErrorCodes for DataSource [org.springframework.jdbc.datasource.TransactionAwareDataSourceProxy@64a644f9]
2020-05-21 09:41:07,705 DEBUG [org.springframework.jdbc.datasource.DataSourceUtils] - Fetching JDBC Connection from DataSource
2020-05-21 09:41:07,705 DEBUG [org.springframework.jdbc.datasource.DataSourceUtils] - Registering transaction synchronization for JDBC Connection
2020-05-21 09:41:07,706 DEBUG [org.springframework.jdbc.support.SQLErrorCodesFactory] - Database product name cached for DataSource [org.springframework.jdbc.datasource.TransactionAwareDataSourceProxy@64a644f9]: name is 'DB2/LINUXX8664'
2020-05-21 09:41:07,706 DEBUG [org.springframework.jdbc.support.SQLErrorCodesFactory] - SQL error codes for 'DB2/LINUXX8664' found
2020-05-21 09:41:07,706 DEBUG [org.springframework.jdbc.support.SQLErrorCodeSQLExceptionTranslator] - Translating SQLException with SQL state '23502', error code '-407', message [
--- The error occurred while applying a parameter map.
--- Check the Profile.createProfile-InlineParameterMap.
--- Check the statement (update failed).
--- Cause: com.ibm.db2.jcc.c.SqlException: DB2 SQL error: SQLCODE: -407, SQLSTATE: 23502, SQLERRMC: TBSPACEID=5, TABLEID=5, COLNO=7]; SQL was [] for task [SqlMapClient operation]
2020-05-21 09:41:07,707 DEBUG [org.springframework.jdbc.datasource.DataSourceUtils] - Returning JDBC Connection to DataSource
2020-05-21 09:41:07,707 DEBUG [org.springframework.jdbc.datasource.DataSourceTransactionManager] - Initiating transaction rollback
2020-05-21 09:41:07,707 DEBUG [org.springframework.jdbc.datasource.DataSourceTransactionManager] - Rolling back JDBC transaction on Connection [org.apache.commons.dbcp.PoolableConnection@a2d822e9]
2020-05-21 09:41:07,707 DEBUG [org.springframework.jdbc.datasource.DataSourceTransactionManager] - Releasing JDBC Connection [org.apache.commons.dbcp.PoolableConnection@a2d822e9] after transaction
2020-05-21 09:41:07,707 DEBUG [org.springframework.jdbc.datasource.DataSourceUtils] - Returning JDBC Connection to DataSource
2020-05-21 09:41:07,707 ERROR [com.ibm.lconn.profiles.api.tdi.connectors.ProfileConnector] - CLFRN1254E: An error occurred while performing findEntry: max.
2020-05-21 09:41:07,708 ERROR [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - !com.ibm.lconn.profiles.api.tdi.service.TDIException: CLFRN1254E: An error occurred while performing findEntry: max.!
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - [callSyncDB_mod] CTGDIS274I Skipping entry from [addorUpdateDB], CTGDIS393I Throwing this exception to tell the AssemblyLine to skip the current Entry. If used in an EventHandler, this exception tells the EventHandler to skip the remaining actions..
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - [callSyncDB_mod] CTGDIS075I Trying to exit TaskCallBlock.
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - [callSyncDB_mod] CTGDIS076I Succeeded exiting TaskCallBlock.
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - [callSyncDB_mod] CTGDIS057I Hook after_functioncall not enabled.
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - CTGDIS352I Use null Behavior for outputResult.
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - [callSyncDB_mod] CTGDIS504I *Result of attribute mapping*
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - [callSyncDB_mod] CTGDIS505I The 'conn' object
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - [callSyncDB_mod] CTGDIS003I *** Start dumping Entry
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - Operation: generic
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - Entry attributes:
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - displayName (replace): 'Max Muster'
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - $lookup_status (replace): 'success'
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - userPassword (replace): (\6c\64\61\70)
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - $lookup_operation (replace): 'lookup_user'
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - cn (replace): 'Muster'
2020-05-21 09:41:07,708 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - $_already_lookup_secretary (replace):
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - objectClass (replace): 'person' 'shadowAccount' 'inetOrgPerson'
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - entryUUID (replace): 'e74f6eec-2f22-103a-960a-770a291c4e47'
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - $secretary_uid (replace):
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - uid (replace): 'max'
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - $manager_uid (replace):
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - $_already_lookup_manager (replace):
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - syncExisting (replace):
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - $dn (replace): 'uid=max,ou=People,dc=cnx,dc=local'
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - mail (replace): 'max.muster@example.com'
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - sn (replace): 'Max'
2020-05-21 09:41:07,709 INFO [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - $operation (replace): 'add'
我怎样才能解决这个问题?根据错误信息,我真的不知道问题是什么。
我已经尝试过的
这篇博文也有同样的错误,提示我们需要设置一个字段mode,导致错误被设置为null。为了测试这是否有效,我通过插入将其设置为自定义mode={func_mode}函数map_dbrepos_from_source.properties。此外,我在以下位置添加了这些功能profiles_functions.js:
function func_mode(fieldname) {
return 'internal';
}
这应该将所有用户作为内部用户处理,并避免由于空字段而引起的麻烦。使用调试日志,我可以验证是否应用了这个值:
2020-05-21 09:41:07,587 DEBUG [AssemblyLine.AssemblyLines/populate_from_dns_file.1] - CLFRN0011I: Mapping result: mode = internal.
我尝试的另一件事是对我的 LDAP 中没有的字段进行验证,guid或者isManager通过在以下位置注释它们的验证功能validate_dbrepos_fields.properties:
#distinguishedName=(x != null) && (x.length() > 0) && (x.length() <= 256)
#guid=(x != null) && (x.length() > 0) && (x.length() <= 256)
#isManager=(x == null) || (x == "Y") || (x == "N")
#surname=(x != null) && (x.length() > 0) && (x.length() <= 128)
此外,这些字段的映射被设置为null通过从不存在它们的 LDAP 条目中获取它们来避免错误
grep "=null" map_dbrepos_from_source.properties
alternateLastname=null
blogUrl=null
bldgId=null
calendarUrl=null
countryCode=null
courtesyTitle=null
deptNumber=null
description=null
employeeNumber=null
employeeTypeCode=null
experience=null
faxNumber=null
freeBusyUrl=null
floor=null
groupwareEmail=null
ipTelephoneNumber=null
jobResp=null
loginId=null
logins=null
managerUid=null
mobileNumber=null
nativeFirstName=null
nativeLastName=null
orgId=null
pagerNumber=null
pagerId=null
pagerServiceProvider=null
pagerType=null
officeName=null
preferredFirstName=null
preferredLanguage=null
preferredLastName=null
profileType=null
secretaryUid=null
shift=null
telephoneNumber=null
tenantKey=null
timezone=null
title=null
workLocationCode=null
isManager=nul
过去,我有同样的问题,发现数据库没有正确创建。所以我检查了这个:
su - db2inst1
/opt/IBM/db2/V11.1/bin/db2 list db directory | grep "Database name"
Database name = OPNACT
Database name = METRICS
Database name = SNCOMM
Database name = PNS
Database name = WIKIS
Database name = FORUM
Database name = HOMEPAGE
Database name = DOGEAR
Database name = PEOPLEDB
Database name = MOBILE
Database name = FILES
Database name = XCC
Database name = BLOGS
所有数据库都存在。特别是PEOPLEDB,TDI 放置从 LDAP 获取的用户配置文件。表格似乎也在那里:
db2 => list tables for schema EMPINST@
Table/View Schema Type Creation time
------------------------------- --------------- ----- --------------------------
CHG_EMP_DRAFT EMPINST T 2020-05-20-22.48.28.416187
COUNTRY EMPINST T 2020-05-20-22.48.26.864072
DEPARTMENT EMPINST T 2020-05-20-22.48.26.635113
EMPLOYEE EMPINST T 2020-05-20-22.48.25.249286
EMP_DRAFT EMPINST T 2020-05-20-22.48.28.079615
EMP_ROLE_MAP EMPINST T 2020-05-20-22.48.29.296064
EMP_TYPE EMPINST T 2020-05-20-22.48.26.973100
EMP_UPDATE_TIMESTAMP EMPINST T 2020-05-20-22.48.29.539973
EVENTLOG EMPINST T 2020-05-20-22.48.28.764942
GIVEN_NAME EMPINST T 2020-05-20-22.48.25.723208
ORGANIZATION EMPINST T 2020-05-20-22.48.26.745316
PEOPLE_TAG EMPINST T 2020-05-20-22.48.26.477954
PHOTO EMPINST T 2020-05-20-22.48.27.097088
PHOTOBKUP EMPINST T 2020-05-20-22.48.27.311065
PHOTO_GUID EMPINST T 2020-05-20-22.48.27.519014
PROFILES_SCHEDULER_LMGR EMPINST T 2020-05-20-22.48.30.229810
PROFILES_SCHEDULER_LMPR EMPINST T 2020-05-20-22.48.30.340702
PROFILES_SCHEDULER_TASK EMPINST T 2020-05-20-22.48.29.873149
PROFILES_SCHEDULER_TREG EMPINST T 2020-05-20-22.48.30.108769
PROFILE_EXTENSIONS EMPINST T 2020-05-20-22.48.26.025818
PROFILE_EXT_DRAFT EMPINST T 2020-05-20-22.48.26.258480
PROFILE_LAST_LOGIN EMPINST T 2020-05-20-22.48.29.430376
PROFILE_LOGIN EMPINST T 2020-05-20-22.48.29.051552
PROFILE_PREFS EMPINST T 2020-05-20-22.48.29.183711
PROF_CONNECTIONS EMPINST T 2020-05-20-22.48.28.490983
PROF_CONSTANTS EMPINST T 2020-05-20-22.48.28.644499
PRONUNCIATION EMPINST T 2020-05-20-22.48.27.726899
SNPROF_SCHEMA EMPINST T 2020-05-20-22.48.25.020502
SURNAME EMPINST T 2020-05-20-22.48.25.875498
TENANT EMPINST T 2020-05-20-22.48.25.084242
USER_PLATFORM_EVENTS EMPINST T 2020-05-20-22.48.29.659806
WORKLOC EMPINST T 2020-05-20-22.48.27.953047
这与 SQL 文件中的表数相匹配
$ grep -i "create table" /opt/cnx-install/cnx/wizard/connections.sql/profiles/db2/createDb.sql | wc -l
32
解决方案
你在 5 月份问了这个问题,所以我认为这个答案来得太晚了。供将来参考:“从 [addorUpdateDB] 跳过条目”是一条脚本消息,表示该帐户未通过配置文件条目的最低要求。如果我没记错的话,有 4 个基本字段,没有这些字段就无法创建个人资料条目:
- 电子邮件
- 专有名称
- 向导
- uid
看到你遗漏了一个指导,这个错误是合乎逻辑的。您应该已将您的 guid 映射到您的 entryUUID。