Issue #521 has been updated by Clément OUDOT. Status changed from New to Assigned Assigned to set to Raphaël Ouazana
Hi, thanks for these files. The OpenLDAP log shows that the search on the destination done with the pivot attribut cn which is different between source and destination, because you remove "role.ldap". This can not work with LSC: your pivot attribute value must be same between source and destination, even if you code some changes in the dataset. I suggest you use another attribute in OpenLDAP to store the cn from AD, for example "description". Then, set the pivotAttribute for destination to "description" and adapt your filters and attributes mapping. For example: <pre> <?xml version="1.0" ?> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; id="1" revision="0"> <connections> <ldapConnection> <name>AD</name> <url>ldap://10.101.252.60/dc=itlab,dc=example,dc=com</url> <username>jfoote@itlab</username> <password>password</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>1000</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> </ldapConnection> <ldapConnection> <name>openLDAP</name> <url>ldap://10.68.0.50/dc=example,dc=com</url> <username>cn=manager,dc=example,dc=com</username> <password>secret</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>-1</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> </ldapConnection> </connections> <tasks> <task> <name>adGroup</name> <bean>org.lsc.beans.SimpleBean</bean> <ldapSourceService> <name>adgroup-src-service</name> <connection reference="AD" /> <baseDn>ou=LDAP,ou=Roles,ou=Groups,dc=itlab,dc=example,dc=com</baseDn> <pivotAttributes><string>cn</string></pivotAttributes> <fetchedAttributes> <string>cn</string> <string>gidNumber</string> <string>member</string> </fetchedAttributes> <getAllFilter>(gidNumber=*)</getAllFilter> <getOneFilter>(&(gidNumber=*)(cn={cn}))</getOneFilter> <cleanFilter>(&(gidNumber=*)(cn={description}))</cleanFilter> </ldapSourceService> <ldapDestinationService> <name>openldapgroup-dst-service</name> <connection reference="openLDAP" /> <baseDn>ou=group,dc=example,dc=com</baseDn> <pivotAttributes><string>cn</string></pivotAttributes> <fetchedAttributes> <string>objectClass</string> <string>cn</string> <string>gidNumber</string> <string>memberUid</string> <string>description</string> </fetchedAttributes> <getAllFilter>(objectClass=posixGroup)</getAllFilter> <getOneFilter>(&(objectClass=posixGroup)(description={cn}))</getOneFilter> </ldapDestinationService> <propertiesBasedSyncOptions> <mainIdentifier>var sname = srcBean.getDatasetFirstValueById("cn"); var tmpname = sname.replaceAll("role.ldap.", ""); "cn=" + tmpname + ",ou=group,dc=example,dc=com"</mainIdentifier> <defaultDelimiter>$</defaultDelimiter> <defaultPolicy>FORCE</defaultPolicy> <conditions> <create>true</create> <update>true</update> <delete>false</delete> </conditions> <dataset> <name>cn</name> <forceValues> <string>var sname = srcBean.getDatasetFirstValueById("cn"); var tmpname = sname.replaceAll("role.ldap.", "");tmpname</string> </forceValues> </dataset> <dataset> <name>gidNumber</name> <createValues> <string>srcBean.getDatasetFirstValueById("gidNumber")</string> </createValues> </dataset> <dataset> <name>objectClass</name> <policy>FORCE</policy> <forceValues> <string>"posixGroup"</string> <string>"top"</string> </forceValues> </dataset> <dataset> <name>memberUid</name> <forceValues> <string> var umembers = srcBean.getAttributeValuesById("member").toArray() ; for (var i=0; i<umembers.length; i++ ) { try { var tokens = umembers[i].split(",");(umembers[i] = srcLdap.attribute(tokens[0] + "," + tokens[1], 'sAMAccountName').get(0)) } catch (e) {umembers[i]=null} } umembers.toString(); umembers </string> </forceValues> </dataset> <dataset> <name>description</name> <createValues> <string>srcBean.getDatasetFirstValueById("cn")</string> </createValues> </dataset> </propertiesBasedSyncOptions> </task> </tasks> </lsc> </pre> ---------------------------------------- Bug #521: Entries only being added, not updated on RDN change http://tools.lsc-project.org/issues/521 Author: Joel Foote Status: Assigned Priority: Normal Assigned to: Raphaël Ouazana Category: Core Target version: 2.0.1 Problem in version: 2.0 Attempting to take a source object, change it's name, and synchronize that into a destination directory. Everything appears to go as planned but the operation will only add, it does not update existing objects. LSC 2.0 Source directory looks like: cn=role.ldap.groupname,ou=LDAP,ou=Roles,ou=Groups,dc=itlab,dc=example,dc=com Destination directory looks like: cn=groupname,ou=group,dc=example,dc=com I have attached my full lsc.xml, but here is where I am doing the modification: <mainIdentifier>var sname = srcBean.getDatasetFirstValueById("cn"); var tmpname = sname.replaceAll("role.ldap.", ""); "cn=" + tmpname + ",ou=group,dc=example,dc=com"</mainIdentifier> The logs appear to show everything being processed right, up until the add completes. Is the task evaluating if this should be a create or update before the modification takes place? Here's an example of the log output I see: Aug 21 20:29:15 - DEBUG - Loading XML configuration from: /usr/src/lsc-2.0/etc/lsc.xml Aug 21 20:29:15 - INFO - Reflections took 215 ms to scan 2 urls, producing 64 keys and 249 values Aug 21 20:29:15 - DEBUG - Importing XML schema file: schemas/lsc-core-2.0.xsd Aug 21 20:29:15 - DEBUG - Importing XML schema file: schemas/lsc-nis-plugin-1.0.xsd Aug 21 20:29:15 - INFO - Logging configuration successfully loaded from /usr/src/lsc-2.0/etc/logback.xml Aug 21 20:29:15 - INFO - LSC configuration successfully loaded from /usr/src/lsc-2.0/etc/ Aug 21 20:29:15 - INFO - Connecting to LDAP server ldap://localhost/dc=example,dc=com as cn=manager,dc=example,dc=com Aug 21 20:29:15 - INFO - Connecting to LDAP server ldap://10.101.252.60/dc=itlab,dc=example,dc=com as jfoote@itlab Aug 21 20:29:15 - INFO - Starting async for adGroup Aug 21 20:29:15 - DEBUG - Asynchronous synchronize adGroup Aug 21 20:29:15 - DEBUG - Using pagedResults control for 1000 entries at a time Aug 21 20:29:15 - DEBUG - In object "cn=acme-dev,ou=group,dc=example,dc=com": List of attributes considered for writing in destination: [cn, memberUid, gidNumber, objectClass] Aug 21 20:29:15 - DEBUG - In object "cn=acme-dev,ou=group,dc=example,dc=com": Attribute "cn" is in KEEP status Aug 21 20:29:15 - DEBUG - In object "cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute "cn" with values [acme-dev] Aug 21 20:29:15 - DEBUG - In object "cn=acme-dev,ou=group,dc=example,dc=com": Attribute "memberUid" is in FORCE status Aug 21 20:29:15 - DEBUG - In object "cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute "memberUid" with values [newtest] Aug 21 20:29:15 - DEBUG - In object "cn=acme-dev,ou=group,dc=example,dc=com": Attribute "gidNumber" is in FORCE status Aug 21 20:29:15 - DEBUG - In object "cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute "gidNumber" with values [10001] Aug 21 20:29:15 - DEBUG - In object "cn=acme-dev,ou=group,dc=example,dc=com": Attribute "objectClass" is in FORCE status Aug 21 20:29:15 - DEBUG - In object "cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute "objectClass" with values [posixGroup, top] Aug 21 20:29:15 - ERROR - Error while adding entry cn=acme-dev,ou=group,dc=example,dc=com in directory :javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - Entry Already Exists]; remaining name 'cn=acme-dev,ou=group' -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-dev mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-dev
