Hello,
I have make with success a sync of users between OpenLDAP and AD. So my
user can connect with a Windows XP computer with his account. But I want
that the user don't have to change his password in the first connection.
I have tried many configuration, but with no success, i am always oblige
to change.
This is my configuration for user :
---------------------------------------
### User ###
lsc.tasks.user.bean=org.lsc.beans.SimpleBean
lsc.tasks.user.dn = "cn=" + srcBean.getAttributeValueById("cn") +
",cn=Users"
lsc.tasks.user.condition.update = false
lsc.tasks.user.condition.modrdn = false
# Source
lsc.tasks.user.srcService=org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.user.srcService.filterAll=(&(sn=*)(objectClass=inetOrgPerson))
lsc.tasks.user.srcService.baseDn=ou=Users
lsc.tasks.user.srcService.attrs= cn sn uid givenName mail userPassword
telephoneNumber
lsc.tasks.user.srcService.filterId =
(&(objectClass=inetOrgPerson)(uid={uid}))
lsc.tasks.user.srcService.pivotAttrs = uid
# Destination
lsc.tasks.user.dstService=org.lsc.jndi.SimpleJndiDstService
lsc.tasks.user.dstService.filterAll=(&(sn=*)(objectClass=user))
lsc.tasks.user.dstService.baseDn=cn=Users
lsc.tasks.user.dstService.attrs = cn sn sAMAccountName objectClass
userPrincipalName mail unicodePwd userAccountControl givenName
telephoneNumber pwdLastSet
lsc.tasks.user.dstService.filterId =
(&(objectClass=user)(sAMAccountName={uid}))
lsc.tasks.user.dstService.pivotAttrs = uid
### User ###
lsc.syncoptions.user = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.user.default.action = F
### objectClass <- top/user/person/organizationalperson
lsc.syncoptions.user.objectClass.action = F
lsc.syncoptions.user.objectClass.force_value =
"top";"user";"person";"organizationalPerson"
### sAMAccountName <- uid
lsc.syncoptions.user.sAMAccountName.create_value =
srcBean.getAttributeValueById("uid")
### userPrincipalName <- uid + "@nomotech.local"
lsc.syncoptions.user.userPrincipalName.force_value =
srcBean.getAttributeValueById("uid") + "@nomotech.local"
### userAccountControl
lsc.syncoptions.user.userAccountControl.create_value =
AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT])
### pwdLastSet <- 0 to force user to change password on next connection
lsc.syncoptions.user.pwdLastSet.create_value = "0"
### unicodePwd <- "changeit" at creation (requires SSL connection to AD)
#lsc.syncoptions.user.unicodePwd.action = K
#lsc.syncoptions.user.unicodePwd.create_value = AD.getUnicodePwd("changeit")
lsc.syncoptions.user.unicodePwd.action = F
lsc.syncoptions.user.unicodePwd.force_value =
AD.getUnicodePwd(srcBean.getAttributeValueById("userPassword"))
---------------------------------------------
I think that it is this line :
### pwdLastSet <- 0 to force user to change password on next connection
lsc.syncoptions.user.pwdLastSet.create_value = "0"
But if i take an other value for this (ex : 1), i obtain this error
-------------------------------------------
mai 19 09:38:16 - ERROR - Error while adding entry cn=Romain
Grante,cn=Users in directory :javax.naming.NamingException: [LDAP: error
code 80 - 00000057: SysErr: DSID-031A0FB2, problem 22 (Invalid
argument), data 0
]; remaining name 'cn=Romain Grante,cn=Users'
mai 19 09:38:16 - ERROR - Error while synchronizing ID cn=Romain
Grante,cn=Users: java.lang.Exception: Technical problem while applying
modifications to directory
dn: cn=Romain Grante,cn=Users,dc=nomotech,dc=local
changetype: add
userPrincipalName: [email protected]
sn: Grante
pwdLastSet: 1
cn: Romain Grante
sAMAccountName: rgrante
userAccountControl: 512
unicodePwd:: IgAkAGUAcgB2AFMAaQBtAHUAMQAiAA==
objectClass: organizationalPerson
objectClass: person
objectClass: user
objectClass: top
givenName: Romain
-------------------------------------------
Thanks
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
