Hello,
I've made it work (at least partially)!
The users are being imported into AD from OpenLDAP, but they are removed as
soon as the importaion is finished ??? There is first a "change type: add" and
then a "change type:delete"...
For the moment, the password is not imported, and is set to "changeit". Do you
have an idea about how the password could be synchronized ?
I had to set a SSL connection to the OpenLDAP server and to the AD one to make
it work, even if LSC runs on the AD server.
Here is my lsc.properties file :
_________________________
src.java.naming.security.principal=cn=manager,dc=mondomaineLDAP,dc=fr
src.java.naming.security.credentials=xxxxxx
src.java.naming.security.authentication=simple
src.java.naming.referral=ignore
src.java.naming.provider.url=ldaps://192.168.xxx.xxx:636/dc=mondomaineLDAP,dc=fr
src.java.naming.ldap.version=3
src.java.naming.ldap.derefAliases=never
src.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
#src.database.username=sa
#src.database.url=jdbc:hsqldb:file:hsqldb/lsc
#src.database.password=
#src.database.driver=org.hsqldb.jdbcDriver
#lsc.tasks=FirstTask, user
lsc.tasks=user
lsc.tasks.user.type=ldap2ldap
lsc.tasks.user.srcService=org.lsc.jndi.SimpleJndiSrcService
#lsc.tasks.user.srcService.pivotAttrs=cn sn
#lsc.tasks.user.srcService.filterId=(sn={sn})
lsc.tasks.user.srcService.filterAll=(&(sn=*)(objectClass=inetOrgPerson))
lsc.tasks.user.srcService.baseDn=ou=Users,ou=securite
lsc.tasks.user.srcService.attrs = cn sn uid description userPassword
#userPassword description
lsc.tasks.user.object=org.lsc.objects.inetOrgPerson
lsc.tasks.user.dstService=org.lsc.jndi.SimpleJndiDstService
#lsc.tasks.user.dstService.pivotAttrs=cn sn
#lsc.tasks.user.dstService.filterId=(sn={sn})
lsc.tasks.user.dstService.filterAll=(&(sn=*)(objectClass=user))
lsc.tasks.user.dstService.baseDn=cn=Users
lsc.tasks.user.dstService.attrs = cn sn sAMAccountName objectClass description
userPrincipalName unicodePwd
# objectClass description
#lsc.tasks.user.dn="cn=" + srcBean.getAttributeValueById("cn") + ",cn=Users"
lsc.tasks.user.bean=org.lsc.beans.userBean
#lignes ajout?es
lsc.tasks.user.srcService.filterId = (&(objectClass=inetOrgPerson)(uid={uid}))
lsc.tasks.user.srcService.pivotAttrs = uid
lsc.tasks.user.dstService.filterId = (&(objectClass=user)(sAMAccountName={uid}))
lsc.tasks.user.dstService.pivotAttrs = uid
lsc.tasks.user.dn = "cn=" + srcBean.getAttributeValueById("cn") + ",cn=users"
dst.java.naming.security.principal=cn=Administrateur,cn=Users,dc=mondomaineAD,dc=test
dst.java.naming.security.credentials=YYYYYYYY
dst.java.naming.security.authentication=simple
dst.java.naming.referral=ignore
dst.java.naming.provider.url=ldaps://192.168.yyy.yyy:636/dc=mondomaineAD,dc=test
dst.java.naming.ldap.version=3
dst.java.naming.ldap.derefAliases=never
dst.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
#mod
dst.java.naming.ldap.pageSize = 1000
dn.real_root=cn=Users,dc=mondomaineAD,dc=test
#Tue Oct 20 16:34:13 CEST 2009
#Re/set the Source LDAP properties
# Synchronization options
lsc.syncoptions.user = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.user.default.action = F
# Direct link - no need to specify syncoptions
# uid <- uid
# cn <- cn (done with DN generation)
# sn <- sn
# objectClass <- top/user/person/organizationalperson
lsc.syncoptions.user.objectClass.action = F
lsc.syncoptions.user.objectClass.force_value =
"top";"user";"person";"organizationalPerson"
# sAMAccountName <- uid
lsc.syncoptions.user.sAMAccountName.create_value =
srcBean.getAttributeValueById("uid")
# userPrincipalName <- uid + "@linagora.lan"
lsc.syncoptions.user.userPrincipalName.force_value =
srcBean.getAttributeValueById("uid") + "@mondomaineAD.test"
# userAccountControl
lsc.syncoptions.user.userAccountControl.create_value =
AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT])
# pwdLastSet <- 0 to force user to change password on next connection
lsc.syncoptions.user.pwdLastset.create_value = "0"
# unicodePwd <- "changeit" at creation (requires SSL connection to AD)
lsc.syncoptions.user.unicodePwd.create_value = AD.getUnicodePwd("changeit")
#lsc.syncoptions.user.unicodePwd.action = F
#lsc.syncoptions.user.unicodePwd.force_value =
AD.getUnicodePwd(srcBean.getAttributeValueById("userPassword")
______________________________
Thanks again for your help...
Cheers,
S?bastien.
