On 21/10/2009 13:58, sebastiendescamps at free.fr wrote:
> Hello,
>
> Here is the structures of my directories :
>
> OpenLDAP : dn: ou=Users, ou=securite,dc=mondomaine,dc=fr
> AD : dn: CN=Users, dc=mondomaine,dc=test
>
> And here is my lsc.properties file :
Hi,
I see where the problem is coming from: your search base is specified
twice (in provider url and in {src,dst}Service.baseDn.
I also note some other elements that might cause problems, see below. I
have reformatted the file slightly, to put conflicting lines together,
to make it easier to understand.
> src.java.naming.provider.url=ldap://192.168.xxx.xxx:389/ou=Users,ou=securite,dc=mondomaine,dc=fr
> lsc.tasks.user.srcService.baseDn=ou=Users,ou=securite
These two properties work together. The base dn from provider.url is
appended to the srcService.baseDn. So, searches are actually being
performed on
ou=Users,ou=securite,ou=Users,ou=securite,dc=mondomaine,dc=fr, which is
unlikely to be what you want. Change one or the other.
> dst.java.naming.provider.url=ldap://192.168.xxx.xxx:389/cn=Users,dc=mondomaine,dc=test
> lsc.tasks.user.dstService.baseDn=ou=Users
Same as above, this would use ou=Users,cn=Users,dc=mondomaine,dc=test
Also, be careful: is it "cn=" or "ou="?
> lsc.tasks.user.srcService.pivotAttrs=cn sn
> lsc.tasks.user.srcService.filterId=(sn={sn})
> lsc.tasks.user.srcService.filterAll=(&(sn=*)(objectClass=inetOrgPerson))
> lsc.tasks.user.dstService.pivotAttrs=cn sn
> lsc.tasks.user.dstService.filterId=(sn={sn})
> lsc.tasks.user.dstService.filterAll=(&(sn=*)(objectClass=user))
>
> #lignes ajout?es
> lsc.tasks.user.srcService.filterId = (&(objectClass=inetOrgPerson)(uid={uid}))
> lsc.tasks.user.srcService.pivotAttrs = uid
> lsc.tasks.user.dstService.filterId =
> (&(objectClass=user)(sAMAccountName={uid}))
> lsc.tasks.user.dstService.pivotAttrs = uid
You must avoid defining properties twice. Java doesn't read properties
in any particular order, so there's no way of knowing which line will be
used. Delete the unused ones.
> lsc.tasks.user.srcService.attrs=description cn sn userPassword
> lsc.syncoptions.user.sAMAccountName.create_value =
> srcBean.getAttributeValueById("uid")
> lsc.syncoptions.user.userPrincipalName.force_value =
> srcBean.getAttributeValueById("uid") + "@mondomaine.fr"
Since you use the "uid" attribute from the source bean here, you should
read this attribute from the srcService. Add "uid" to
lsc.tasks.user.srcService.attrs.
> lsc.tasks.user.dstService.attrs=description cn sn userPassword objectClass
> # userAccountControl
> lsc.syncoptions.user.userAccountControl.create_value =
> AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT])
> # pwdLastSet<- 0 to force user to change password on next connection
> lsc.syncoptions.user.pwdLastset.create_value = "0"
> # unicodePwd<- "changeit" at creation (requires SSL connection to AD)
> lsc.syncoptions.user.unicodePwd.create_value = AD.getUnicodePwd("changeit")
Similarly, you obivously want to write "userAccountControl",
"pwdLastSet" and "unicodePwd" to the destination, so you must add them
to the list in lsc.tasks.user.dstService.attrs.
> Also, I am running LSC on the AD Server, should I configure the SSL
> connection ?
This is really up to you. I consider that if the connection is to
localhost, it's not going to be intercepted on the network, so SSL is
not necessary. You'll probably want to use SSL to connect to the distant
server, though.
> Well, maybe the subject of my internship is a bit too difficult for me, so
> don't hesitate to tell me if my questions are really too stupid :) I think i
> miss a lot of knowledge about all this, but I have to present my conclusions
> about directories synchronization by the end of the week...
Of course not. You've obviously made an effort to work things out
yourself before asking here, and it's never easy to understand software
you don't know. Also, we're aware our documentation is not as good as it
might be... In fact, if you see anything in particular that could be
improved, please mention it! We'd love to improve it, but need feedback!
Best of luck,
Jonathan
