LDAP query (sync service) return 0 users

googlearchive / calendar-connectors

Automatically exported from code.google.com/p/google-calendar-connectors

20 stars 20 forks source link

LDAP query (sync service) return 0 users #39

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. Modify GoogleCalendarSyncService.exe.config
2.
3.

What is the expected output? What do you see instead?
There are 20 user in that ou (contacts). LDAP query return 0.

What version of the product are you using? On what operating system?
1.3.0.0, Windows 2003 SP2 (32-bit)

Please provide any additional information below.

Original issue reported on code.google.com by petri.ra...@gmail.com on 23 Aug 2010 at 4:14

Attachments:

Sync_log.txt

GoogleCodeExporter commented 9 years ago

It seems that you have specifed LDAPUserFilter 
=(memberof=OU=GAPPS,OU=Contacts,OU=SUB,OU=UserAccounts,DC=ad,DC=ACME,DC=com) in 
the config file, which is filtering out all the users.

Original comment by jaideepg...@google.com on 27 Aug 2010 at 7:10

GoogleCodeExporter commented 9 years ago

Hmm.. Exclude, LDAPUserFilter is just a way it is in the documentation: (For 
example to include all members of an Active Directory Group: <add 
key="SyncService.LDAPUserFilter" 
value="(memberof=CN=GCAL_Users,CN=Users,DC=corp,DC=acme,DC=com)").

Way I understand this is filter that INCLUDE all contacts in this OU. Is this 
exclusion filter?

Original comment by petri.ra...@gmail.com on 27 Aug 2010 at 12:20

GoogleCodeExporter commented 9 years ago

If you see the log file GCC automatically adds filter 
(objectcategory=user)(objectcategory=contact) to your given filter. So it will 
query all the user and contact objects. 

I am not sure whether the filter specified is correct or not. You just keep the 
default  filter mail={0} to sync all the users and contact objects.

Specify you filter to exclude from the default all contact and user ojbects.

Original comment by jaideepg...@google.com on 27 Aug 2010 at 12:33

GoogleCodeExporter commented 9 years ago

How can I create a filter that returns all users in a specific OU, as the one 
mentioned in the example does not work

Original comment by petri.ra...@gmail.com on 1 Sep 2010 at 10:54

GoogleCodeExporter commented 9 years ago

In case no one ever answered this for you: I am pretty sure the first (last) 
item is a CN (container) not an OU (org unit) (You should be able to see this 
when you browse the hierarchy):

OU=GAPPS,OU=Contacts,OU=SUB,OU=UserAccounts,DC=ad,DC=ACME,DC=com

so change it to 

CN=GAPPS,OU=Contacts,OU=SUB,OU=UserAccounts,DC=ad,DC=ACME,DC=com

Just guessing on your situation...

Original comment by richard....@uwmidsouth.org on 28 Oct 2010 at 6:39

GoogleCodeExporter commented 9 years ago

You can not create an LDAP filter to return all members of an OU. 

MemberOf is a user attribute that contains the DN of groups the user is a 
member of so this works. There is not equivalent attribute in LDAP do this for 
an OU. 

You need to key off an LDAP attribute that is consistent to these users or use 
a group.

It should be possible to change the LDAP server setting to bind to the subtree 
location of the directory <add key="ActiveDirectory.DomainController" 
value="LDAP://HQAD1.corp.acme.com/OU=GAPPS,OU=Contacts,OU=SUB,OU=UserAccounts,DC
=ad,DC=ACME,DC=com"/>  and only look at objects within this subtree location, 
but even if this works I think this is a very complicate way to solve the 
problem and the other choices of using a group or user ldap attribute is the 
most simplest solution.

Original comment by dk...@google.com on 28 Oct 2010 at 7:42