Hitachi Vantara Pentaho Community Forums
Results 1 to 21 of 21

Thread: How to Transfer Active directory user to OpenLDAP using LDAP Ihput

  1. #1
    Join Date
    Oct 2011
    Posts
    23

    Default How to Transfer Active directory user to OpenLDAP using LDAP Ihput

    Hi All,

    I have active directory user tree which have

    cn=admin,ou=resource,dc=mydomain,dc=com

    i want to transfer that ou=resource to my another OpenLdap

    cn=admin,dc=mydomain,dc=net


    Actually i see LDAP input step on kettle,

    But i don't know how to use it. I tried search base with = cn=admin,dc=mydomain,dc=com and it's failed.


    Help me to solve this

  2. #2
    Join Date
    Oct 2010
    Posts
    369

    Default

    your username would be fully qualified name when u want to use it in LDAP input
    cn=admin,ou=resource,dc=mydomain,dc=com
    once you enter information in LDAP input click on test connection to validate

  3. #3
    Join Date
    Oct 2011
    Posts
    23

    Default

    Quote Originally Posted by lalgourav View Post
    your username would be fully qualified name when u want to use it in LDAP input
    cn=admin,ou=resource,dc=mydomain,dc=com
    once you enter information in LDAP input click on test connection to validate
    Hi,

    I have configure username and test connection. I got message box "Connected to LDAP Server" . Actually i don't know any properties on LDAP input step. I imagine that LDAP input step like a table input.

    How i can select my LDAP tree :

    cn=admin,ou=resource,dc=mydomain,dc=com

    What should i set on LDAP Input properties ?



    Thanks

  4. #4
    Join Date
    Oct 2010
    Posts
    369

    Default

    as you r able to connect to LDAP . go to fields tab and "get fields" fro LDAP say preview rows and u will find the information which u wanted to have

  5. #5
    Join Date
    Oct 2011
    Posts
    23

    Default

    Actually i have connected to LDAP Server. I'm also have been choose any field which i want to transfer to my new LDAP.

    But i got error message like bellow :

    Code:
    014/03/12 09:51:32 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : org.pentaho.di.core.exception.KettleException: 
    2014/03/12 09:51:32 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : We can not find DN field [dc=domain,dc=net] in the incoming stream!
    2014/03/12 09:51:32 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : 
    2014/03/12 09:51:32 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) :     at org.pentaho.di.trans.steps.ldapoutput.LDAPOutput.processRow(LDAPOutput.java:160)
    2014/03/12 09:51:32 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) :     at org.pentaho.di.trans.step.RunThread.run(RunThread.java:40)
    2014/03/12 09:51:32 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) :     at java.lang.Thread.run(Thread.java:744)
    My transformation design now like on :

    http://imagebin.org/298913


    I'm using Replace in String step for change the dc domain, because between datasource and destination have different domain (.com to .net)
    But i don;t know about error message above.

    Anyone could help me to solve this ?

    Thanks

  6. #6
    Join Date
    Oct 2010
    Posts
    369

    Default

    u have an issue in ur ldap output step.

    its failing due to its not able to find ur DN where u r inserting LDAP.

    r u able to connect to new LDAp where u r inserting ur data?

  7. #7
    Join Date
    Oct 2011
    Posts
    23

    Default

    Actually i have message "Connected to LDAP Server" when i try to test connection on LDAP Output.

    Actually i have rootDN cn=admin,dc=mydomain,dc=net. then i fill Dn fieldname on LDAP Output dc=mydomain,dc=net. is it wrong ? or any missing configuration ?

  8. #8
    Join Date
    Oct 2010
    Posts
    369

    Default

    u have settings tab as well where u can define old dn and new dn and dn field name do u have all fields filled up.

    add ur transformation in the attachment may be that will help to identify cause

  9. #9
    Join Date
    Oct 2011
    Posts
    23

    Default

    Quote Originally Posted by lalgourav View Post
    u have settings tab as well where u can define old dn and new dn and dn field name do u have all fields filled up.

    add ur transformation in the attachment may be that will help to identify cause
    I can't setting old dn and new dn because i'm using insert.

    I've attach my transformation, please let me know any missing configuration or etc.


    Thanks
    Attached Files Attached Files

  10. #10
    Join Date
    Jun 2012
    Posts
    5,534

    Default

    You must calculate the distinguishedName for your target directory and specify the fieldname in your LDAP Output step.
    So long, and thanks for all the fish.

  11. #11
    Join Date
    Oct 2010
    Posts
    369

    Default found a sample may be it help

    found a sample may be it help
    Attached Files Attached Files

  12. #12
    Join Date
    Oct 2011
    Posts
    23

    Default

    Quote Originally Posted by lalgourav View Post
    found a sample may be it help
    I cannot open your attachment on pdi, could you re attach that file ?

  13. #13
    Join Date
    Oct 2010
    Posts
    369

    Default try

    modify ur transformation as per sample
    Attached Files Attached Files

  14. #14
    Join Date
    Oct 2011
    Posts
    23

    Default

    Quote Originally Posted by lalgourav View Post
    modify ur transformation as per sample
    With some modified on my transformation based on your sample ktr, now i can transfer OU to my openladp.

    But on my ldap tree, there are OU, CN for username in the inside OU.

    With that properties i just can transfer OU, but not child inside. I try to change base and search filter, but stilll failed.

    Is there additional properties If i want to transfer OU with chiild inside it ?


    Thanks

  15. #15
    Join Date
    Jun 2012
    Posts
    5,534

    Default

    Quote Originally Posted by firantika View Post
    Is there additional properties If i want to transfer OU with chiild inside it ?
    The structure of your tree is reflected by the distinguishedname!
    That's all you need for a mapping of source dn to target dn.
    And check your search filter to make sure it covers any non-user entries relevant to rebuilding the structure in your target directory.
    So long, and thanks for all the fish.

  16. #16
    Join Date
    Oct 2011
    Posts
    23

    Default

    Quote Originally Posted by marabu View Post
    The structure of your tree is reflected by the distinguishedname!
    That's all you need for a mapping of source dn to target dn.
    And check your search filter to make sure it covers any non-user entries relevant to rebuilding the structure in your target directory.
    Hi Marabu,

    Now, The situation is

    source

    +root
    + cn=admin,dc=domain,dc=com
    + -ou=resource,dc=domain,dc=com
    +--cn=user1,ou=resources,dc=domain,dc=com
    +--cn=user2,ou=resources,dc=domain,dc=com


    target

    +root
    + cn=admin,dc=domain,dc=net



    I want to transfer ou resource and child inside it to target which have no ou=resource.

    What i should mapping then what should i fill on filter ? now i try filter objectClass=* because i don't know how it works


    How to solve this ?

  17. #17
    Join Date
    Jun 2012
    Posts
    5,534

    Default

    So you want to migrate a whole subtree, not only the child entries?
    Use two transformations T1 and T2 in a job.
    Let T1 migrate the OU structure, and let T2 deal with the user accounts.
    So long, and thanks for all the fish.

  18. #18
    Join Date
    Oct 2011
    Posts
    23

    Default

    Hi All,

    Actually i have some clue why my transfer got error.
    Now i have transfer some data from AD to OpenLDAP successfully.

    The role of filter string is very important to get data


    Now, i when i transfer some CN, i got error like bellow :

    Code:
    5952 from 2011-10-25 15.27.10 by buildguy) : Error upserting for entry with DN = [CN=Marjoko,OU=EPM-ACC,OU=EPM-Center,OU=Resources,DC=domain,DC=com]!
    2014/03/20 09:18:59 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : [LDAP: error code 21 - objectClass: value #3 invalid per syntax]
    2014/03/20 09:18:59 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : 
    2014/03/20 09:18:59 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : 	at org.pentaho.di.trans.steps.ldapinput.LDAPConnection.upsert(LDAPConnection.java:546)
    2014/03/20 09:18:59 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : 	at org.pentaho.di.trans.steps.ldapoutput.LDAPOutput.processRow(LDAPOutput.java:189)
    2014/03/20 09:18:59 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : 	at org.pentaho.di.trans.step.RunThread.run(RunThread.java:40)
    2014/03/20 09:18:59 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : 	at java.lang.Thread.run(Thread.java:744)
    2014/03/20 09:18:59 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : Caused by: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - objectClass: value #3 invalid per syntax]; remaining name 'CN=Marjoko,OU=EPM-ACC,OU=EPM-Center,OU=Resources,DC=domain,DC=com'
    2014/03/20 09:18:59 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : 	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3100)
    2014/03/20 09:18:59 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
    2014/03/20 09:18:59 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
    2014/03/20 09:18:59 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : 	at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:811)
    2014/03/20 09:18:59 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : 	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:337)
    2014/03/20 09:18:59 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : 	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:266)
    2014/03/20 09:18:59 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : 	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:254)
    2014/03/20 09:18:59 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : 	at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:197)
    2014/03/20 09:18:59 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : 	at org.pentaho.di.trans.steps.ldapinput.LDAPConnection.upsert(LDAPConnection.java:533)
    2014/03/20 09:18:59 - LDAP Output.0 - ERROR (version 4.2.1-stable, build 15952 from 2011-10-25 15.27.10 by buildguy) : 	... 3 more
    That error i got on LDAP output.

    Any idea about this error message ?
    Last edited by firantika; 03-19-2014 at 10:21 PM.

  19. #19
    Join Date
    Jun 2012
    Posts
    5,534

    Default

    Quote Originally Posted by firantika View Post
    LDAP: error code 21 - objectClass: value #3 invalid per syntax
    What's the content of attribute objectClass?
    What character is configured as multi-value separator in LDAP Output?

    Just curious: Have you ever worked with LDAP?
    So long, and thanks for all the fish.

  20. #20
    Join Date
    Oct 2011
    Posts
    23

    Default

    Quote Originally Posted by marabu View Post
    You must calculate the distinguishedName for your target directory and specify the fieldname in your LDAP Output step.
    Hi Marabu,
    Actually, i have specify fieldname on My LDAP output,

    What do you mean with calculate to tthe distinguishedname ? Now i just want to transfer my CN on subtree of OU. i think the distinguishedname just on cn.

    Could you explain to me about that ?

  21. #21
    Join Date
    Jun 2012
    Posts
    5,534

    Default

    Quote Originally Posted by firantika View Post
    What do you mean with calculate to tthe distinguishedname ?
    When migrating user accounts from one directory to another, you can't always use the source dn as target dn, because the directory information tree and the naming context will not be the same.
    But why do we talk about LDAP in a Kettle forum?
    So long, and thanks for all the fish.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.