Ldap error code 32

active-directory ldap synchronization openldap
93,573

Solution 1

The main reason for NameNotFoundException is that the object which you're searching doesn't exist or the container in which you are searching is not correct.

Solution 2

The baseDn should be the distinguished name of the base object of the search, for example, ou=users,dc=domname,dc=com.

see also

Solution 3

In case of Spring-ldap, we used to get this error when we specify the baseDn in the context file(LdapContextSource bean) and also in createUser code to build userDn.we need not specify the dc again in the buildUserDn()

protected Name buildUserDn(String userName) {
   DistinguishedName dn = new DistinguishedName();

   //only cn is required as the base dn is already specified in context file

   dn.add("cn", userName); 

   return dn;
}

Solution 4

In Active Directory: Users catalog is container class, not OrganizationalUnit, so you should use: cn=users,dc=domname,dc=com

Share:
93,573
Ben_A_135
Author by

Ben_A_135

Updated on January 29, 2020

Comments

  • Ben_A_135
    Ben_A_135 over 4 years

    I'm trying to synchronize OpenLDAP and Active directory together. To do so I'm using a program called LSC-Project which is specified to do this sort of thing.

    I have configured the program the best I can however I can't find a way to shake off the following error:

    javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-
031001CD,
problem 2001 (NO_OBJECT), data 0, best match of:
'DC=domname,DC=com'
]; remaining name 
'uid=user1,ou=Users'

May 09 15:19:25 - ERROR - Error while synchronizing ID uid=user1,ou=Users:
java.lang.Exception:
Technical problem while applying modifications to directory
dn: uid=user1,ou=Users,dc=domname,dc=com
changetype: add
userPassword: 3+kU2th/WMo/v553A24a3SBw2kU=
objectClass: uid

    This is the configuration file that the program runs on:

    ############################### 
Destination LDAP directory #
##############################

dst.java.naming.provider.url = ldap://192.168.1.3:389/dc=Windows,dc=com  
dst.java.naming.security.authentication = simple
dst.java.naming.security.principal = cn=Administrator,cn=Users,dc=Windows,dc=com
dst.java.naming.security.credentials = 11111
dst.java.naming.referral = ignore
dst.java.naming.ldap.derefAliases = never
dst.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory
dst.java.naming.ldap.version = 3
dst.java.naming.ldap.pageSize = 1000

#########################
Source LDAP directory 
#########################

src.java.naming.provider.url = ldap://192.168.1.2:389/dc=Linux,dc=com
src.java.naming.security.authentication = simple
src.java.naming.security.principal = uid=root,ou=users,dc=Linux,dc=com
src.java.naming.security.credentials = 11111
src.java.naming.referral = ignore
src.java.naming.ldap.derefAliases = never
src.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory
src.java.naming.ldap.version = 3

#######################
Tasks configuration 
#######################

lsc.tasks = Administrator
lsc.tasks.Administrator.srcService = org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.Administrator.srcService.baseDn = ou=users
lsc.tasks.Administrator.srcService.filterAll = (&(objectClass=person))
lsc.tasks.Administrator.srcService.pivotAttrs = uid 
lsc.tasks.Administrator.srcService.filterId = (&(objectClass=person)(uid={uid}))
lsc.tasks.Administrator.srcService.attrs = description uid userPassword

lsc.tasks.Administrator.dstService = org.lsc.jndi.SimpleJndiDstService
lsc.tasks.Administrator.dstService.baseDn = cn=Users
lsc.tasks.Administrator.dstService.filterAll = (&(cn=*)(objectClass=organizationalPerson))
lsc.tasks.Administrator.dstService.pivotAttrs = cn, top, person, user, organizationalPerson
lsc.tasks.Administrator.dstService.filterId = (&(objectClass=user) (sAMAccountName={cn}))
lsc.tasks.Administrator.dstService.attrs = description cn userPassword objectClass

lsc.tasks.Administrator.bean = org.lsc.beans.SimpleBean
lsc.tasks.Administrator.dn = "uid=" + srcBean.getAttributeValueById("uid") + ",ou=Users"

dn.real_root = dc=Domname,dc=com

############################# 
Syncoptions configuration 
#############################

lsc.syncoptions.Administrator = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.Administrator.default.action = M
lsc.syncoptions.Administrator.objectClass.action = M
lsc.syncoptions.Administrator.objectClass.force_value = srcBean.getAttributeValueById("cn").toUpperCase()
lsc.syncoptions.Administrator.userPassword.default_value = SecurityUtils.hash(SecurityUtils.HASH_SHA1, "defaultPassword")
lsc.syncoptions.Administrator.default.delimiter=;
lsc.syncoptions.Administrator.objectClass.force_value = "top";"user";"person";"organizationalPerson"
lsc.syncoptions.Administrator.userPrincipalName.force_value = srcBean.getAttributeValueById("uid") + "@Domname.com"
lsc.syncoptions.Administrator.userAccountControl.create_value = AD.userAccountControlSet ( "0", [AD.UAC_SET_NORMAL_ACCOUNT])

    I'm suspecting that it has something to do with the baseDn of the Task configuration in the part of the source configuration.

    The OSs is ubuntu 10.04 and Windows2K3

    Someone suggested to me to make a manual sync between them but I have not found any guides to do so. And this program is pretty much the only thing that says that is does this kind of job without costs.

  • Ben_A_135
    Ben_A_135 almost 12 years
    I did so and it gave a sightly different error: javax.naming.NameNotFoundException: [LDAP: error code 32 - No such Object]; remaining name 'ou=users,dc=domname,dc=com' Empty or non existant source
  • subodhbahl
    subodhbahl about 11 years
    Did you ever resolve this? I am running into the same issue. Please let me know. Thanks.
  • OO7
    OO7 over 9 years
    @Terry Gardner LDAP: Search best practices link is broken. Please update it.
  • alexander
    alexander almost 9 years
    No idea about this downvote. It is an correct answer so far.
  • user1568901
    user1568901 almost 9 years
    I've resolved my similar issue by making users a cn lookup and groups an ou lookup. Also, groups MUST be in a separate container from users. Any other combination results in the error listed (yet, actually functions fine, just throws a bunch of errors in the log).
  • not2savvy
    not2savvy over 3 years
    Probably because it does not give a hint how to fix it.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What are the other alternative to test a LDAP connection on linux machine
I need to find out disabled users from ldap
Is there an LDAP standard group membership attribute for users?
Finding DNS name of exchange server for user using LDAP
Configuring OpenLDAP as a Active Directory Proxy
Open LDAP and ActiveDirectory synchronization
ldapquery an Active Directory server for users that belongs to a group named X
ldapsearch against Active Directory fails authentication + search params wrong
How do I migrate user-accounts from OpenLDAP to Active-Directory?
Suggestions for using Active Directory credentials (user name/password) with Google Apps?