[lsc-users] OpenLDAP to AD synchronization

Thu, 22 Oct 2009 16:58:01 +0200 (CEST) 

I forgot to say that i used the command : 
ant lsc::synchronize -Dsynchronize.parameters="-f $PWD/etc -c all -s all"

Maybe that's the point...

S.

----- "S?bastien Descamps" <sebastiendescamps at free.fr> a ?crit :

> Hello,
> 
> I've made it work (at least partially)!
> 
> The users are being imported into AD from OpenLDAP, but they are
> removed as soon as the importaion is finished ??? There is first a
> "change type: add" and then a "change type:delete"...
> 
> For the moment, the password is not imported, and is set to
> "changeit". Do you have an idea about how the password could be
> synchronized ?
> 
> I had to set a SSL connection to the OpenLDAP server and to the AD one
> to make it work, even if LSC runs on the AD server.
> 
> Here is my lsc.properties file :
> 
> _________________________
> src.java.naming.security.principal=cn=manager,dc=mondomaineLDAP,dc=fr
> src.java.naming.security.credentials=xxxxxx
> src.java.naming.security.authentication=simple
> src.java.naming.referral=ignore
> src.java.naming.provider.url=ldaps://192.168.xxx.xxx:636/dc=mondomaineLDAP,dc=fr
> src.java.naming.ldap.version=3
> src.java.naming.ldap.derefAliases=never
> src.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
> #src.database.username=sa
> #src.database.url=jdbc:hsqldb:file:hsqldb/lsc
> #src.database.password=
> #src.database.driver=org.hsqldb.jdbcDriver
> #lsc.tasks=FirstTask, user
> lsc.tasks=user
> 
> 
> lsc.tasks.user.type=ldap2ldap
> lsc.tasks.user.srcService=org.lsc.jndi.SimpleJndiSrcService
> #lsc.tasks.user.srcService.pivotAttrs=cn sn
> #lsc.tasks.user.srcService.filterId=(sn={sn})
> lsc.tasks.user.srcService.filterAll=(&(sn=*)(objectClass=inetOrgPerson))
> lsc.tasks.user.srcService.baseDn=ou=Users,ou=securite
> lsc.tasks.user.srcService.attrs = cn sn uid description userPassword
> #userPassword description
> lsc.tasks.user.object=org.lsc.objects.inetOrgPerson
> lsc.tasks.user.dstService=org.lsc.jndi.SimpleJndiDstService
> #lsc.tasks.user.dstService.pivotAttrs=cn sn
> #lsc.tasks.user.dstService.filterId=(sn={sn})
> lsc.tasks.user.dstService.filterAll=(&(sn=*)(objectClass=user))
> lsc.tasks.user.dstService.baseDn=cn=Users
> lsc.tasks.user.dstService.attrs = cn sn sAMAccountName objectClass
> description userPrincipalName unicodePwd
> # objectClass description
> #lsc.tasks.user.dn="cn=" + srcBean.getAttributeValueById("cn") +
> ",cn=Users"
> lsc.tasks.user.bean=org.lsc.beans.userBean
> 
> #lignes ajout?es
> lsc.tasks.user.srcService.filterId =
> (&(objectClass=inetOrgPerson)(uid={uid}))
> lsc.tasks.user.srcService.pivotAttrs = uid
> lsc.tasks.user.dstService.filterId =
> (&(objectClass=user)(sAMAccountName={uid}))
> lsc.tasks.user.dstService.pivotAttrs = uid
> lsc.tasks.user.dn = "cn=" + srcBean.getAttributeValueById("cn") +
> ",cn=users"
> 
> 
> dst.java.naming.security.principal=cn=Administrateur,cn=Users,dc=mondomaineAD,dc=test
> dst.java.naming.security.credentials=YYYYYYYY
> dst.java.naming.security.authentication=simple
> dst.java.naming.referral=ignore
> dst.java.naming.provider.url=ldaps://192.168.yyy.yyy:636/dc=mondomaineAD,dc=test
> dst.java.naming.ldap.version=3
> dst.java.naming.ldap.derefAliases=never
> dst.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
> 
> #mod
> dst.java.naming.ldap.pageSize = 1000
> 
> dn.real_root=cn=Users,dc=mondomaineAD,dc=test
> #Tue Oct 20 16:34:13 CEST 2009
> #Re/set the Source LDAP properties
> 
> 
> 
> # Synchronization options
> lsc.syncoptions.user =
> org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
> lsc.syncoptions.user.default.action = F
> 
> # Direct link - no need to specify syncoptions
> # uid <- uid
> # cn <- cn (done with DN generation)
> # sn <- sn
> 
> # objectClass <- top/user/person/organizationalperson
> lsc.syncoptions.user.objectClass.action = F
> lsc.syncoptions.user.objectClass.force_value =
> "top";"user";"person";"organizationalPerson"
> 
> # sAMAccountName <- uid
> lsc.syncoptions.user.sAMAccountName.create_value =
> srcBean.getAttributeValueById("uid")
> 
> # userPrincipalName <- uid + "@linagora.lan"
> lsc.syncoptions.user.userPrincipalName.force_value =
> srcBean.getAttributeValueById("uid") + "@mondomaineAD.test"
> 
> # userAccountControl
> lsc.syncoptions.user.userAccountControl.create_value =
> AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT])
> 
> 
> 
> # pwdLastSet <- 0 to force user to change password on next connection
> lsc.syncoptions.user.pwdLastset.create_value = "0"
> 
> # unicodePwd <- "changeit" at creation (requires SSL connection to AD)
> lsc.syncoptions.user.unicodePwd.create_value =
> AD.getUnicodePwd("changeit")
> 
> #lsc.syncoptions.user.unicodePwd.action = F
> #lsc.syncoptions.user.unicodePwd.force_value =
> AD.getUnicodePwd(srcBean.getAttributeValueById("userPassword")
> 
> 
> ______________________________
> 
> 
> Thanks again for your help...
> 
> Cheers,
> 
> S?bastien.
> _______________________________________________
> lsc-users mailing list
> lsc-users at lists.lsc-project.org
> http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to