Hi sebastien,
You may try without -c all which launch a clean task ...
Regards,
2009/10/22, S?bastien Descamps <sebastiendescamps at free.fr>:
> I forgot to say that i used the command :
> ant lsc::synchronize -Dsynchronize.parameters="-f $PWD/etc -c all -s all"
>
> Maybe that's the point...
>
> S.
>
> ----- "S?bastien Descamps" <sebastiendescamps at free.fr> a ?crit :
>
>> Hello,
>>
>> I've made it work (at least partially)!
>>
>> The users are being imported into AD from OpenLDAP, but they are
>> removed as soon as the importaion is finished ??? There is first a
>> "change type: add" and then a "change type:delete"...
>>
>> For the moment, the password is not imported, and is set to
>> "changeit". Do you have an idea about how the password could be
>> synchronized ?
>>
>> I had to set a SSL connection to the OpenLDAP server and to the AD one
>> to make it work, even if LSC runs on the AD server.
>>
>> Here is my lsc.properties file :
>>
>> _________________________
>> src.java.naming.security.principal=cn=manager,dc=mondomaineLDAP,dc=fr
>> src.java.naming.security.credentials=xxxxxx
>> src.java.naming.security.authentication=simple
>> src.java.naming.referral=ignore
>> src.java.naming.provider.url=ldaps://192.168.xxx.xxx:636/dc=mondomaineLDAP,dc=fr
>> src.java.naming.ldap.version=3
>> src.java.naming.ldap.derefAliases=never
>> src.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
>> #src.database.username=sa
>> #src.database.url=jdbc:hsqldb:file:hsqldb/lsc
>> #src.database.password=
>> #src.database.driver=org.hsqldb.jdbcDriver
>> #lsc.tasks=FirstTask, user
>> lsc.tasks=user
>>
>>
>> lsc.tasks.user.type=ldap2ldap
>> lsc.tasks.user.srcService=org.lsc.jndi.SimpleJndiSrcService
>> #lsc.tasks.user.srcService.pivotAttrs=cn sn
>> #lsc.tasks.user.srcService.filterId=(sn={sn})
>> lsc.tasks.user.srcService.filterAll=(&(sn=*)(objectClass=inetOrgPerson))
>> lsc.tasks.user.srcService.baseDn=ou=Users,ou=securite
>> lsc.tasks.user.srcService.attrs = cn sn uid description userPassword
>> #userPassword description
>> lsc.tasks.user.object=org.lsc.objects.inetOrgPerson
>> lsc.tasks.user.dstService=org.lsc.jndi.SimpleJndiDstService
>> #lsc.tasks.user.dstService.pivotAttrs=cn sn
>> #lsc.tasks.user.dstService.filterId=(sn={sn})
>> lsc.tasks.user.dstService.filterAll=(&(sn=*)(objectClass=user))
>> lsc.tasks.user.dstService.baseDn=cn=Users
>> lsc.tasks.user.dstService.attrs = cn sn sAMAccountName objectClass
>> description userPrincipalName unicodePwd
>> # objectClass description
>> #lsc.tasks.user.dn="cn=" + srcBean.getAttributeValueById("cn") +
>> ",cn=Users"
>> lsc.tasks.user.bean=org.lsc.beans.userBean
>>
>> #lignes ajout?es
>> lsc.tasks.user.srcService.filterId =
>> (&(objectClass=inetOrgPerson)(uid={uid}))
>> lsc.tasks.user.srcService.pivotAttrs = uid
>> lsc.tasks.user.dstService.filterId =
>> (&(objectClass=user)(sAMAccountName={uid}))
>> lsc.tasks.user.dstService.pivotAttrs = uid
>> lsc.tasks.user.dn = "cn=" + srcBean.getAttributeValueById("cn") +
>> ",cn=users"
>>
>>
>> dst.java.naming.security.principal=cn=Administrateur,cn=Users,dc=mondomaineAD,dc=test
>> dst.java.naming.security.credentials=YYYYYYYY
>> dst.java.naming.security.authentication=simple
>> dst.java.naming.referral=ignore
>> dst.java.naming.provider.url=ldaps://192.168.yyy.yyy:636/dc=mondomaineAD,dc=test
>> dst.java.naming.ldap.version=3
>> dst.java.naming.ldap.derefAliases=never
>> dst.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
>>
>> #mod
>> dst.java.naming.ldap.pageSize = 1000
>>
>> dn.real_root=cn=Users,dc=mondomaineAD,dc=test
>> #Tue Oct 20 16:34:13 CEST 2009
>> #Re/set the Source LDAP properties
>>
>>
>>
>> # Synchronization options
>> lsc.syncoptions.user =
>> org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
>> lsc.syncoptions.user.default.action = F
>>
>> # Direct link - no need to specify syncoptions
>> # uid <- uid
>> # cn <- cn (done with DN generation)
>> # sn <- sn
>>
>> # objectClass <- top/user/person/organizationalperson
>> lsc.syncoptions.user.objectClass.action = F
>> lsc.syncoptions.user.objectClass.force_value =
>> "top";"user";"person";"organizationalPerson"
>>
>> # sAMAccountName <- uid
>> lsc.syncoptions.user.sAMAccountName.create_value =
>> srcBean.getAttributeValueById("uid")
>>
>> # userPrincipalName <- uid + "@linagora.lan"
>> lsc.syncoptions.user.userPrincipalName.force_value =
>> srcBean.getAttributeValueById("uid") + "@mondomaineAD.test"
>>
>> # userAccountControl
>> lsc.syncoptions.user.userAccountControl.create_value =
>> AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT])
>>
>>
>>
>> # pwdLastSet <- 0 to force user to change password on next connection
>> lsc.syncoptions.user.pwdLastset.create_value = "0"
>>
>> # unicodePwd <- "changeit" at creation (requires SSL connection to AD)
>> lsc.syncoptions.user.unicodePwd.create_value =
>> AD.getUnicodePwd("changeit")
>>
>> #lsc.syncoptions.user.unicodePwd.action = F
>> #lsc.syncoptions.user.unicodePwd.force_value =
>> AD.getUnicodePwd(srcBean.getAttributeValueById("userPassword")
>>
>>
>> ______________________________
>>
>>
>> Thanks again for your help...
>>
>> Cheers,
>>
>> S?bastien.
>> _______________________________________________
>> lsc-users mailing list
>> lsc-users at lists.lsc-project.org
>> http://lists.lsc-project.org/listinfo/lsc-users
> _______________________________________________
> lsc-users mailing list
> lsc-users at lists.lsc-project.org
> http://lists.lsc-project.org/listinfo/lsc-users
>
--
Envoy? avec mon mobile
--
Sebastien BAHLOUL
Open Source Software Assurance : http://www.08000linux.com/
Directeur technique / Technical Officer
LINAGORA : http://www.linagora.com/
Tel / Phone : +33 (0)1 58 18 68 42
Mobile : +33 (0)6 45 63 27 39 (!)
-----------
Ldap Synchronization Connector : http://interldap.objectweb.org/lsc/
FederID : http://www.federid.org/
Open Source projects for identities management and federation
