In a default installation with Ubuntu 14.04.3 LTS, I'm trying to set up the cache refresh to get users from an OpenLDAP repository. It looks like it gets the users from the OpenLDAP source but it is unable to write them into the target server. It complains about attributes not included in the destination server schema but the attributes are as simple as cn, uid or sn and indeed they exist. Relevant entries in /opt/tomcat/logs/oxtrust_cache_refresh.log: ----------------------------------------------------------------- 2015-11-09 16:24:03,271 INFO [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-2-thread-10) Attempting to load entries from source server 2015-11-09 16:24:03,277 INFO [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-2-thread-10) Found '53' entries in source server 2015-11-09 16:24:03,283 INFO [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-2-thread-10) Found '53' unique entries in source server 2015-11-09 16:24:03,287 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-2-thread-10) Found '53' entries in inum objects disk cache 2015-11-09 16:24:03,287 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-2-thread-10) Count actual inum entries '53' after updating inum server 2015-11-09 16:24:03,299 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-2-thread-10) Count actual source entries '53' after calculating hash code 2015-11-09 16:24:03,300 INFO [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-2-thread-10) Found '0' changed entries 2015-11-09 16:24:03,300 INFO [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-2-thread-10) Loaded '57' problem entries from problem file 2015-11-09 16:24:03,370 ERROR [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-2-thread-10) **Skipping target entries update. Destination server shema doesn't has next attributes: '[uid sn cn]'** 2015-11-09 16:24:03,371 INFO [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-2-thread-10) Updated '0' entries 2015-11-09 16:24:03,371 INFO [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-2-thread-10) Failed to update '57' entries 2015-11-09 16:24:03,379 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-2-thread-10) Keep external persons: 'true' 2015-11-09 16:24:03,379 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-2-thread-10) Count entries '0' for removal from target server 2015-11-09 16:24:03,379 INFO [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-2-thread-10) Removed '0' persons from target server 2015-11-09 16:24:03,380 INFO [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-2-thread-10) There are '53' entries before updating inum list 2015-11-09 16:24:03,380 INFO [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-2-thread-10) There are '53' entries after removal '0' entries 2015-11-09 16:24:03,380 INFO [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-2-thread-10) There are '53' entries after adding '0' entries 2015-11-09 16:24:03,583 DEBUG [gluu.oxtrust.ldap.cache.service.CacheRefreshTimer] (pool-2-thread-10) Allowing to run new process exclusively ================================================================= Configuration in /opt/apache-tomcat-7.0.55 /conf/oxTrustCacheRefresh.properties: ------------------------------------------------------------------ # Define LDAP server configurations server.source.configs=openLDAP server.inum.config=inumdb server.target.config= cache.config.sizelimit=0 # Define configuration for source LDAP server #1 ldap.conf.openLDAP.bindDN=cn=admin\,dc=virdata\,dc=com ldap.conf.openLDAP.bindPassword=REMOVED ldap.conf.openLDAP.servers=ldap.virdata.com:636 ldap.conf.openLDAP.maxconnections=3 ldap.conf.openLDAP.useSSL=true ldap.conf.openLDAP.baseDNs=ou=Users\,dc=virdata\,dc=com ldap.conf.openLDAP.useAnonymousBind=false # Define configuration for InumDB server ldap.conf.inumdb.bindDN=cn=directory manager ldap.conf.inumdb.bindPassword=REMOVED ldap.conf.inumdb.servers=localhost:1636 ldap.conf.inumdb.maxconnections=2 ldap.conf.inumdb.useSSL=true ldap.conf.inumdb.baseDNs=ou=people\,o=site # Define compound key ldap.conf.source.compoundKey.attr=uid ldap.conf.source.compoundKey.objectClasses=inetOrgPerson # Define source attributes which application synchronize ldap.conf.source.attrs=uid sn cn # Define custom filter ldap.conf.source.custom.filter=uid=* # Use VDS or direct copy update method. Allowed values are 'vds', 'copy' target.server.update.method=copy # Keep non cache refresh users. Allowed values are 'true', 'false' target.keep.external.person=true # Use unlimited search or not. Allowed values are 'true', 'false' source.load.use.search.limit=false # Define mapping from source attribute names to destination attribute names. It's needed for target.server.update.method=copy only ldap.conf.target.attr.mapping.uid=uid ldap.conf.target.attr.mapping.sn=sn ldap.conf.target.attr.mapping.cn=cn # Snapshot configuration snapshot.folder=/snapshots snapshot.max.count=20 ================================================================= ================================================================= A simple search for testing if actually the users are written to the destination server returns only one user created by hand from the GUI: ------------------------------------------------------------------ GLUU.root@gluu:/opt# /opt/opendj/bin/ldapsearch -h localhost -p 1636 -Z -X -D "cn=directory manager" -w 'MzBcawBJGZ2T' -b 'ou=people,o=@!C85E.6ACD.62D0.D3CD!0001!28A6.4BB4,o=gluu' cn=* dn: inum=@!C85E.6ACD.62D0.D3CD!0001!28A6.4BB4!0000!3E49.4C84,ou=people,o=@!C85E. 6ACD.62D0.D3CD!0001!28A6.4BB4,o=gluu givenName: Test objectClass: gluuPerson objectClass: top objectClass: ox-C85E6ACD62D0D3CD000128A64BB4 gluuStatus: active uid: testPerson cn: Test Display Name sn: Person mail: test@test.com displayName: Display Name iname: null*person*testPerson inum: @!C85E.6ACD.62D0.D3CD!0001!28A6.4BB4!0000!3E49.4C84 GLUU.root@gluu:/opt# ------------------------------------------------------------------