My synchronization is now nearly finished, but I have one problem. So
for exemple, I have in my OpenLDAP, groups "commercial" and "ingenierie,
so i make the synchronization with this command :
bin/lsc -s all -f etc
So i see my groups in my AD. After, if i delete one group for exemple
"commercial", after, i launch this command :
bin/lsc -c all -f etc, and the group "commercial" are delete in my AD
but not the group "ingeniere" so its good. This exemple works also with
OU, etc... but no with user.
Indeed, if i delete one user in my OpenLDAP and i launch this command :
bin/lsc -c all -f etc , all my user are delete in AD, so its no good.
Have you an idea of this problem.
I have take my full lsc.properties next :
---------------------------------
##############
### Source ###
##############
src.java.naming.security.principal=cn=admin,dc=openldap,dc=nomotech,dc=local
src.java.naming.security.credentials=$ervSimu1
src.java.naming.security.authentication=simple
src.java.naming.referral=ignore
src.java.naming.provider.url=ldap://192.168.0.2/dc=openldap,dc=nomotech,dc=local
src.java.naming.ldap.version=3
src.java.naming.ldap.derefAliases=never
src.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
###################
### Destination ###
###################
dst.java.naming.security.principal=cn=Administrateur,cn=Users,dc=nomotech,dc=local
dst.java.naming.security.credentials=$ervSimu1
dst.java.naming.security.authentication=simple
dst.java.naming.referral=ignore
dst.java.naming.provider.url=ldaps://server.nomotech.local/dc=nomotech,dc=local
dst.java.naming.ldap.version=3
dst.java.naming.ldap.derefAliases=never
dst.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
dst.java.naming.ldap.pageSize = 1000
#dst.java.naming.tls = true
#############
### Tasks ###
#############
lsc.tasks=user
lsc.tasks=group
lsc.tasks=ou
### User ###
lsc.tasks.user.bean=org.lsc.beans.SimpleBean
lsc.tasks.user.dn = "cn=" + srcBean.getAttributeValueById("cn") +
",cn=Users"
# Source
lsc.tasks.user.srcService=org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.user.srcService.filterAll=(&(sn=*)(objectClass=inetOrgPerson))
lsc.tasks.user.srcService.baseDn=ou=Users
lsc.tasks.user.srcService.attrs= cn sn uid givenName mail userPassword
telephoneNumber
lsc.tasks.user.srcService.filterId =
(&(objectClass=inetOrgPerson)(uid={uid}))
lsc.tasks.user.srcService.pivotAttrs = uid
# Destination
lsc.tasks.user.dstService=org.lsc.jndi.SimpleJndiDstService
lsc.tasks.user.dstService.filterAll=(&(sn=*)(objectClass=user))
lsc.tasks.user.dstService.baseDn=cn=Users
lsc.tasks.user.dstService.attrs = cn sn sAMAccountName objectClass
userPrincipalName mail unicodePwd userAccountControl givenName mail
lsc.tasks.user.dstService.filterId =
(&(objectClass=user)(sAMAccountName={uid}))
lsc.tasks.user.dstService.pivotAttrs = uid
### Group ###
lsc.tasks.group.dn = "cn=" + srcBean.getAttributeValueById("cn") +
",ou=Services"
lsc.tasks.group.bean=org.lsc.beans.SimpleBean
# Source
lsc.tasks.group.srcService=org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.group.srcService.filterAll = (objectClass=groupOfUniqueNames)
lsc.tasks.group.srcService.filterId =
(&(objectClass=groupOfUniqueNames)(cn={cn}))
lsc.tasks.group.srcService.baseDn=ou=Services
lsc.tasks.group.srcService.attrs=cn objectClass uniqueMember
lsc.tasks.group.srcService.pivotAttrs = cn
# Destination
lsc.tasks.group.dstService=org.lsc.jndi.SimpleJndiDstService
lsc.tasks.group.dstService.baseDn=ou=Services
lsc.tasks.group.dstService.attrs = cn objectClass member
lsc.tasks.group.dstService.pivotAttrs = cn
lsc.tasks.group.dstService.filterAll = (objectClass=group)
lsc.tasks.group.dstService.filterId = (&(objectClass=group)(cn={cn}))
### OU ###
lsc.tasks.ou.bean = org.lsc.beans.SimpleBean
lsc.tasks.ou.condition.create = true
lsc.tasks.ou.condition.update = true
lsc.tasks.ou.condition.delete = false
lsc.tasks.ou.condition.modrdn = false
lsc.tasks.ou.dn = "ou=" + srcBean.getAttributeValueById("ou") + ""
# Source
lsc.tasks.ou.srcService = org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.ou.srcService.baseDn =
lsc.tasks.ou.srcService.filterAll = (objectClass=organizationalUnit)
lsc.tasks.ou.srcService.pivotAttrs = ou
lsc.tasks.ou.srcService.filterId =
(&(objectClass=organizationalUnit)(ou={ou}))
lsc.tasks.ou.srcService.attrs = ou objectclass description
# Destination
lsc.tasks.ou.dstService = org.lsc.jndi.SimpleJndiDstService
lsc.tasks.ou.dstService.baseDN = dc=nomotech,dc=local
lsc.tasks.ou.dstService.filterAll = (objectClass=organizationalUnit)
lsc.tasks.ou.dstService.pivotAttrs = ou
lsc.tasks.ou.dstService.filterId =
(&(objectClass=organizationalUnit)(ou={ou}))
lsc.tasks.ou.dstService.attrs = ou objectclass description
###################
### Syncoptions ###
###################
### User ###
lsc.syncoptions.user = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.user.default.action = F
### objectClass <- top/user/person/organizationalperson
lsc.syncoptions.user.objectClass.action = F
lsc.syncoptions.user.objectClass.force_value =
"top";"user";"person";"organizationalPerson"
### sAMAccountName <- uid
lsc.syncoptions.user.sAMAccountName.create_value =
srcBean.getAttributeValueById("uid")
### userPrincipalName <- uid + "@nomotech.local"
lsc.syncoptions.user.userPrincipalName.force_value =
srcBean.getAttributeValueById("uid") + "@nomotech.local"
### userAccountControl
lsc.syncoptions.user.userAccountControl.create_value =
AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT])
#lsc.syncoptions.user.userAccountControl.create_value =
AD.userAccountControlSet( "0",
[AD.UAC_SET_NORMAL_ACCOUNT,AD.UAC_PASSWORD_DONT_EXPIRE])
### pwdLastSet <- 0 to force user to change password on next connection
lsc.syncoptions.user.pwdLastSet.create_value = "0"
### unicodePwd <- "changeit" at creation (requires SSL connection to AD)
#lsc.syncoptions.user.unicodePwd.action = K
#lsc.syncoptions.user.unicodePwd.create_value = AD.getUnicodePwd("changeit")
lsc.syncoptions.user.unicodePwd.action = F
lsc.syncoptions.user.unicodePwd.force_value =
AD.getUnicodePwd(srcBean.getAttributeValueById("userPassword"))
### Group ###
lsc.syncoptions.group = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.group.default.action = F
lsc.syncoptions.group.objectClass.force_value = "top";"group"
# member <- uniqueMember
lsc.syncoptions.group.default.delimiter = $
#lsc.syncoptions.group.member.force_value =
srcBean.getAttributeValuesById("uniqueMember").toArray()
lsc.syncoptions.group.member.force_value = \
var umembers = \
srcBean.getAttributeValuesById("uniqueMember").toArray() ; \
for (var i=0; i<umembers.length; i++ ) { \
try { \
umembers[i] = ldap.attribute(ldap.list( "cn=users", \
"(sAMAccountName=" \
+ (srcLdap.attribute(umembers[i], 'uid').get(0) \
+ ")" \
)).get(0), 'distinguishedname').get(0) \
} catch (e) { \
umembers[i]=null \
} \
} \
var members = new Array(); \
var j=0; \
for (var i=0; i<umembers.length; i++) { \
if (umembers[i]!=null) members[j++]=umembers[i] \
} \
members
------------------------------------------------
Thanks for your helps
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
