Hi,
I´m having problems with the group sync.
My OpenLDAP groups are posixGroups, with memberUid: username
As I´m a noob to programming I´m having problems with the expression
lsc.syncoptions.group.member.force_value.
I don´t know how to change the source code for a correct dn string.
With the configuration below I get the following error:
Mai 31 14:32:43 - ERROR - Error while reading entry jdoe: javax.naming.InvalidNa
meException: jdoe: [LDAP: error code 34 - invalid DN]; remaining name 'jdoe'
Thanks!
Regards,
Gunter
# Task "group"
#==============================================================================
lsc.tasks.group.bean = org.lsc.beans.SimpleBean
lsc.tasks.group.dn = "cn=" + srcBean.getAttributeValueById("cn") + ",ou=lsc"
lsc.tasks.group.srcService = org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.group.srcService.attrs = cn description memberUid member
lsc.tasks.group.srcService.baseDn = ou=Groups
lsc.tasks.group.srcService.filterAll = (objectClass=posixGroup)
lsc.tasks.group.srcService.filterId = (&(objectClass=posixGroup)(cn={cn}))
lsc.tasks.group.srcService.pivotAttrs = cn
lsc.tasks.group.dstService = org.lsc.jndi.SimpleJndiDstService
lsc.tasks.group.dstService.attrs = cn description member objectClass
lsc.tasks.group.dstService.baseDn = ou=lsc
lsc.tasks.group.dstService.filterAll = (objectClass=group)
lsc.tasks.group.dstService.filterId = (&(objectClass=group)(cn={cn}))
lsc.tasks.group.dstService.pivotAttrs = cn
# Synchronization options
lsc.syncoptions.group = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.group.default.action = F
# Direct link - no need to specify syncoptions
# cn <- cn
# description <- description
# objectClass <- top/group
lsc.syncoptions.group.objectClass.force_value = "top";"group"
# member AD <- member OL (posixGroup)
lsc.syncoptions.group.member.delimiter = $
lsc.syncoptions.group.member.force_value = \
var umembers = \
srcBean.getAttributeValuesById("memberUid").toArray() ; \
for (var i=0; i<umembers.length; i++ ) { \
try { \
umembers[i] = ldap.attribute(ldap.list( "ou=users", \
"(sAMAccountName=" \
+ (srcLdap.attribute(umembers[i], 'memberUid').get(0) \
+ ")"
)).get(0), 'distinguishedname').get(0) \
} catch (e) { \
umembers[i]=null \
} \
} \
var members = new Array(); \
var j=0; \
for (var i=0; i<umembers.length; i++) { \
if (umembers[i]!=null) members[j++]=umembers[i] \
} \
members
-----Ursprüngliche Nachricht-----
Von: Clément OUDOT [mailto:[email protected]]
Gesendet: Montag, 31. Mai 2010 10:04
An: Gunter Holzer
Cc: [email protected]
Betreff: Re: [lsc-users] OpenLDAP to AD groupsync with 1.2
2010/5/30 Gunter Holzer <[email protected]>:
> Hi,
>
>
>
> has anybody a group synchronisation up and running from OpenLDAP to AD with
> LSC 1.2?
>
>
>
> This Tutorial is no longer valid for 1.2:
>
> http://lsc-project.org/wiki/documentation/1.1/tutorials/synchronizegroups
>
>
>
> Can anybody please post his configuration?
>
>
>
> The next problem I have: There is no objectClass groupOfUniqueNames. In my
> OpenLDAP the objectclass is posixGroup or sambaGroupMapping.
>
> The Names of the the groupmembers look like:
>
> memberUid: username
>
> I don´t have :
>
> member: cn=Jane Doe,ou=people,dc=ldap,dc=test
>
>
>
> Is there a way to get the groupsync running?
>
Hi Gunter,
group synchroniszation should work if you adapt your configuration to
your needs. If you do not want to use groupOfUniqueNames objectClass
with uniqueMembre attribute, replace them by the one you want
(posixGroup and memberUid), in this case you don't need to put the
full DN in memberUid but just the user login.
Please try it, and send your configuration to the list in case of problem.
Clément.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
