Hi Romain, great that did it! Thanks a lot!
So, I think the tutorial " http://lsc-project.org/wiki/documentation/1.2/tutorials/openldaptoactivedirectory"; should be corrected, or other people will run into the same issue. But now I have another question: If I manually move a user in AD into another OU I can prevent lsc from pushing it back with the "-nr" parameter. But if the user is member of a group synced by lsc the user gets removed from the group by lsc. Any idea how to deal with that? Regards, Gunter Von: Romain [mailto:[email protected]] Gesendet: Dienstag, 1. Juni 2010 13:48 An: Gunter Holzer Cc: [email protected] Betreff: Re: AW: [lsc-users] Problem with start parameter -c all So you have just to remplace these lines : ------------------------- lsc.tasks.ADuser.srcService.filterAll = (&(uid=*)(objectClass=inetOrgPerson)) lsc.tasks.ADuser.srcService.pivotAttrs = uid lsc.tasks.ADuser.srcService.filterId = (&(objectClass=inetOrgPerson)(uid={uid})) lsc.tasks.ADuser.dstService.filterAll = (&(sAMAccountName=*)(objectClass=user)) lsc.tasks.ADuser.dstService.pivotAttrs = uid lsc.tasks.ADuser.dstService.filterId = (&(objectClass=user)(sAMAccountName={uid})) ------------------------------- By the lines : ---------------------------------- lsc.tasks.user.srcService.filterAll=(&(cn=*)(objectClass=inetOrgPerson)) lsc.tasks.user.srcService.filterId = (&(objectClass=inetOrgPerson)(cn={cn})) lsc.tasks.user.srcService.pivotAttrs = cn lsc.tasks.user.dstService.filterAll=(&(cn=*)(objectClass=user)) lsc.tasks.user.dstService.filterId = (&(objectClass=user)(cn={cn})) lsc.tasks.user.dstService.pivotAttrs = cn ------------------------- Adapt for your configuration. Say we if it works now Regards Le 01/06/2010 13:37, Gunter Holzer a écrit : Hello Romain, thank you for your help! here is my config: ####################### # Tasks configuration # ####################### lsc.tasks = ADuser, group lsc.tasks.ADuser.srcService = org.lsc.jndi.SimpleJndiSrcService lsc.tasks.ADuser.srcService.baseDn = ou=People lsc.tasks.ADuser.srcService.filterAll = (&(uid=*)(objectClass=inetOrgPerson)) lsc.tasks.ADuser.srcService.pivotAttrs = uid lsc.tasks.ADuser.srcService.filterId = (&(objectClass=inetOrgPerson)(uid={uid})) lsc.tasks.ADuser.srcService.attrs = cn sn uid givenName mail telephoneNumber lsc.tasks.ADuser.dstService = org.lsc.jndi.SimpleJndiDstService lsc.tasks.ADuser.dstService.baseDn = OU=lsc lsc.tasks.ADuser.dstService.filterAll = (&(sAMAccountName=*)(objectClass=user)) lsc.tasks.ADuser.dstService.pivotAttrs = uid lsc.tasks.ADuser.dstService.filterId = (&(objectClass=user)(sAMAccountName={uid})) lsc.tasks.ADuser.dstService.attrs = cn sn objectClass sAMAccountName displayName userPrincipalName mail userAccountControl givenName unicodePwd lsc.tasks.ADuser.bean = org.lsc.beans.SimpleBean lsc.tasks.ADuser.dn = "CN=" + srcBean.getAttributeValueById("CN") + ",OU=lsc" dn.real_root = dc=test,dc=local ############################# # Syncoptions configuration # ############################# lsc.syncoptions.ADuser = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions lsc.syncoptions.ADuser.default.action = F #lsc.tasks.ADuser.condition.create = true #lsc.tasks.ADuser.condition.update = true #lsc.tasks.ADuser.condition.delete = true #lsc.tasks.ADuser.condition.modrdn = false lsc.syncoptions.ADuser.objectClass.action = F lsc.syncoptions.ADuser.objectClass.force_value = "top";"user";"person";"organizationalPerson" #displayName lsc.syncoptions.ADuser.displayName.create_value = srcBean.getAttributeValueById("cn") # sAMAccountName <- uid lsc.syncoptions.ADuser.sAMAccountName.create_value = srcBean.getAttributeValueById("uid") # userPrincipalName <- uid + "@test.local" lsc.syncoptions.ADuser.userPrincipalName.force_value = srcBean.getAttributeValueById("uid") + "@test.local" # userAccountControl lsc.syncoptions.ADuser.userAccountControl.create_value = AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT,AD.UAC_SET_DONT_EXPIRE_PASSWORD]) lsc.syncoptions.ADuser.default.delimiter = ; lsc.syncoptions.ADuser.userPassword.default_value = SecurityUtils.hash(SecurityUtils.HASH_SHA1, "defaultPassword") Von: [email protected]<mailto:[email protected]> [mailto:[email protected]] Im Auftrag von Romain Gesendet: Dienstag, 1. Juni 2010 13:29 An: [email protected]<mailto:[email protected]> Betreff: Re: [lsc-users] Problem with start parameter -c all So the -c parameter is used to delete user (for exemple) in AD. For exemple, if you delete an user in OpenLDAP, your user are delete in AD. But with certain configuration, the -c parameter delete all when you launch the sync with this parameter. Like that : lsc -f c:\lsc-openldap2ad\etc -c all -s all Indeed, when i begin with the LSC Project, i had this problem, but i have now resolv this problem, and now when i delete an user in my OpenLDAP, only this user is delete in AD. Can you join your configuration for user ? Regards Le 01/06/2010 12:57, Gunter Holzer a écrit : Hi, I´m confused about the start parameter of lsc. If I use "lsc -f c:\lsc-openldap2ad\etc -c all -s all" all users synced from OpenLDAP to AD correctly and right afterwards they get deleted instantly?? (see below) If I start lsc with "-s all" only the users keep residing in AD - but if I delete a user in OpenLDAP it doesn´t get deleted in AD. So what´s up with the "-c all" parameter?? What about " lsc.tasks.ADuser.condition.delete = false" in lsc.properties. Does it override the "-c all"? Regards, Gunter ################ lsc -f c:\lsc-openldap2ad\etc -c all -s all############################# Jun 01 12:41:45 - INFO - Starting sync for ADuser Jun 01 12:41:45 - INFO - Connecting to LDAP server ldap://141.69.121.114:389/dc =ldap,dc=test as cn=admin,dc=ldap,dc=test Jun 01 12:41:45 - INFO - Connecting to LDAP server ldap://141.69.121.117:389/DC =test,DC=local as cn=Administrator,cn=Users,dc=test,dc=local Jun 01 12:41:45 - INFO - # Adding new entry CN=Pavel Chekov,OU=lsc for ADuser dn: CN=Pavel Chekov,OU=lsc,DC=test,DC=local changetype: add userPrincipalName: [email protected]<mailto:[email protected]> sn: Chekov cn: Pavel Chekov sAMAccountName: pchekov userAccountControl: 66048 objectClass: organizationalPerson objectClass: person objectClass: user objectClass: top givenName: Pavel displayName: Pavel Chekov Jun 01 12:41:45 - INFO - # Adding new entry CN=Jane Doe,OU=lsc for ADuser dn: CN=Jane Doe,OU=lsc,DC=test,DC=local changetype: add userPrincipalName: [email protected]<mailto:[email protected]> mail: [email protected]<mailto:[email protected]> sn: Doe cn: Jane Doe sAMAccountName: jdoe userAccountControl: 66048 objectClass: organizationalPerson objectClass: person objectClass: user objectClass: top givenName: Jane displayName: Jane Doe Jun 01 12:41:45 - INFO - All entries: 2, to modify entries: 2, modified entries : 2, errors: 0 Jun 01 12:41:45 - INFO - Starting clean for ADuser Jun 01 12:41:45 - INFO - # Removing entry CN=Pavel Chekov,OU=lsc,DC=test,DC=loc al for ADuser dn: CN=Pavel Chekov,OU=lsc,DC=test,DC=local changetype: delete Jun 01 12:41:45 - INFO - # Removing entry CN=Jane Doe,OU=lsc,DC=test,DC=local f or ADuser dn: CN=Jane Doe,OU=lsc,DC=test,DC=local changetype: delete Jun 01 12:41:45 - INFO - All entries: 2, to modify entries: 2, modified entries : 2, errors: 0 Jun 01 12:41:45 - INFO - Starting sync for group Jun 01 12:41:45 - INFO - All entries: 2, to modify entries: 0, modified entries : 0, errors: 0 Jun 01 12:41:45 - INFO - Starting clean for group Jun 01 12:41:45 - INFO - All entries: 2, to modify entries: 0, modified entries : 0, errors: 0 ###############################END################################################### #####################lsc -f c:\lsc-openldap2ad\etc -s all####################################### Jun 01 12:51:41 - INFO - Starting sync for ADuser Jun 01 12:51:41 - INFO - Connecting to LDAP server ldap://141.69.121.114:389/dc =ldap,dc=test as cn=admin,dc=ldap,dc=test Jun 01 12:51:43 - INFO - Connecting to LDAP server ldap://141.69.121.117:389/DC =test,DC=local as cn=Administrator,cn=Users,dc=test,dc=local Jun 01 12:51:44 - INFO - # Adding new entry CN=Pavel Chekov,OU=lsc for ADuser dn: CN=Pavel Chekov,OU=lsc,DC=test,DC=local changetype: add userPrincipalName: [email protected]<mailto:[email protected]> sn: Chekov cn: Pavel Chekov sAMAccountName: pchekov userAccountControl: 66048 objectClass: organizationalPerson objectClass: person objectClass: user objectClass: top givenName: Pavel displayName: Pavel Chekov Jun 01 12:51:44 - INFO - # Adding new entry CN=Jane Doe,OU=lsc for ADuser dn: CN=Jane Doe,OU=lsc,DC=test,DC=local changetype: add userPrincipalName: [email protected]<mailto:[email protected]> mail: [email protected]<mailto:[email protected]> sn: Doe cn: Jane Doe sAMAccountName: jdoe userAccountControl: 66048 objectClass: organizationalPerson objectClass: person objectClass: user objectClass: top givenName: Jane displayName: Jane Doe Jun 01 12:51:44 - INFO - All entries: 2, to modify entries: 2, modified entries : 2, errors: 0 Jun 01 12:51:44 - INFO - Starting sync for group Jun 01 12:51:44 - INFO - # Adding new entry cn=ai,ou=lsc for group dn: cn=ai,ou=lsc,DC=test,DC=local changetype: add member: CN=Jane Doe,OU=lsc,DC=test,DC=local cn: ai objectClass: group objectClass: top Jun 01 12:51:44 - INFO - # Adding new entry cn=wi,ou=lsc for group dn: cn=wi,ou=lsc,DC=test,DC=local changetype: add member: CN=Jane Doe,OU=lsc,DC=test,DC=local cn: wi objectClass: group objectClass: top Jun 01 12:51:44 - INFO - All entries: 2, to modify entries: 2, modified entries : 2, errors: 0 _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected]<mailto:[email protected]> http://lists.lsc-project.org/listinfo/lsc-users
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
