Hi Cl?ment :) On 04/05/09 17:16, Cl?ment OUDOT wrote: > Hello, > > here is my problem : I have to synchronize entries from 2 separates > branchs in AD. If I used as baseDn the upper branch, I get other entries > (because i have more than my 2 branches at this level). Using a filter > does not work because all are "user" entries. > > To be clearer: > - dc=example,dc=com > - ou=organization > - ou=admins > - ou=archives > - ou=users > > So I want entries from ou=admin and ou=users, but not from ou=archives. > > I wanted to use a create condition with a regexp on > srcBean.getDinstinguishName but I had a pb (see > http://tools.lsc-project.org/issues/show/47). > > I also try to make a filter on AD distinguishedName attribute, but it does > not support substring matching rules. >
Did you try using extensible filters? Like for example: (&(objectclass=user)(!(ou:dn:=archives))) This is defined in the LDAP search filters RFC, and I think AD implements it. > It works if I add distinguishedName in src attributes, and use it in > create condition, but this does not please me. > Right. This means that entries in "ou=archives" would be considered until *just before* actually creating them in your destination. So obviously that's a performance hit. > What do you think of be able to put several values for > lsc.tasks.inetOrgPerson.dstService.baseDn? LSC would do a search for each > value, so we can manage several branches. > That's an interesting idea! Thanks for it. I considered the same problem a while ago, with a list of ~50 DNs. At the time, I made a special source JNDI service that read an external CSV file containing the DNs. But I think your solution is neater. > For information, I still faces pb under Windows (see > http://tools.lsc-project.org/issues/show/48). > > Any help would be appreciated ;) > I will have a look tomorrow when I have access to a Windows machine. Good night, Jon
