[lsc-users] groups ad/openldap

Thu, 03 Jun 2010 23:21:54 -0700 

Hello
With your help, syncing of users from ldap to ad works ok. Now it's tyme to sync groups. I try to write config according to http://lsc-project.org/wiki/documentation/1.1/tutorials/synchronizegroups Can you explain me javascript, used for lsc.syncoptions.group.member.force_value? 
Here is my config:

lsc.tasks.group.bean = org.lsc.beans.SimpleBean
lsc.tasks.group.dn = "cn=" + srcBean.getAttributeValueById("cn") + ",ou=groups" 
lsc.tasks.group.srcService = org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.group.srcService.attrs = cn description memberUid
lsc.tasks.group.srcService.baseDn = ou=groups
lsc.tasks.group.srcService.filterAll = (objectClass=groupOfNames)
lsc.tasks.group.srcService.filterId = (&(objectClass=groupOfNames)(cn={cn}))
lsc.tasks.group.srcService.pivotAttrs = cn
lsc.tasks.group.dstService = org.lsc.jndi.SimpleJndiDstService
lsc.tasks.group.dstService.attrs = cn description member objectClass
lsc.tasks.group.dstService.baseDn = ou=groups
lsc.tasks.group.dstService.filterAll = (objectClass=group)
lsc.tasks.group.dstService.filterId = (&(objectClass=group)(cn={cn}))
lsc.tasks.group.dstService.pivotAttrs = cn
lsc.syncoptions.group = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.group.default.action = F
lsc.syncoptions.group.objectClass.force_value = "top";"group"
lsc.syncoptions.group.member.delimiter = $
lsc.syncoptions.group.member.force_value = \
    var umembers = srcBean.getAttributeValuesById("member").toArray() ; \
    for (var i=0; i<umembers.length; i++ ) { \
        try { \
umembers[i] = ldap.attribute(ldap.list( "cn=users","(sAMAccountName=" + (srcLdap.attribute(umembers[i], 'uid').get(0) + ")")).get(0), 'distinguishedname').get(0) \ 
        } catch (e) { \
            umembers[i]=null \
        } \
    } \
    var members = new Array(); \
    var j=0; \
    for (var i=0; i<umembers.length; i++) { \
        if (umembers[i]!=null) members[j++]=umembers[i] \
    } \
    members

Our openldap don't have uniqueMember attribute, i change it with Member.
Same thing for groupOfUniqueNames -> groupOfNames.
Also, we don't have distinguishedname attribute in openldap, and i don't know how to replace it. 
In this configuration groups syncing ok, but withous memberships.

--
Alexey Wasilyev
Systems Administrator
Grid Dynamics

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to