07.06.2010 12:03, Jonathan Clarke пишет:
Please keep replies on the list. I'm putting it back in CC.
Le 07/06/2010 09:52, Alexey Wasilyev a écrit :
07.06.2010 11:36, Jonathan Clarke пишет:
Le 07/06/2010 09:12, Alexey Wasilyev a écrit :
I can succesfuly sync users openldap to ad, to cn=users.
I want to move different users to different ou, by hand.
but for moved users lsc try to recreate it, whithout success, of
course.
how can i fix it?
Hi,
You have set your dstService to search under "cn=users"
(dstService.baseDn), so LSC will not know about users in different OUs.
However, your search filter to get one user (dstService.filterId) only
needs a sAMAccountName to find a user - this is not related to it's DN.
So, if you changed your dstService.baseDn to nothing (just leave a
space after the = sign), LSC will search throughout your whole tree to
find users, and won't try to recreate existing ones.
Of course, you can leave the "lsc.tasks.user.dn" property containing
"cn=Users", so that any new users will be created in that branch.
I try this recipe, and got all computer deleted from ad. Thanks God, it
was test ad )
I think i need to change dstService.filterId to something like this:
lsc.tasks.user.dstService.filterId =
(&(objectClass=user)(sAMAccountName={uid})(sAMAccountType=))
but i don't know how to specify NORMAL_ACCOUNT_TYPE
Deletions are part of the clean phase. The clean phase does a search
on the destination with dstService.filterAll, then looks up each entry
in the source with srcService.filterId to make sure it exists. If it
can't be found, it deletes it from the destination.
So to solve this problem, you need to make sure that your
dstService.filterAll doesn't return entries other than those you sync.
I suggest adding a component like this to your dstService.filterAll:
"&((the rest of your filter)(!(objectClass=computer)))".
Indeed, the "computer" object class is a subclass of "user" in Active
Directory... make sense? No, not to me either, but hey:
http://msdn.microsoft.com/en-us/library/ms680987(v=VS.85).aspx
Glad to hear you're using a test system and not trusting my advice
blindly :-)
Jonathan
find solution:
lsc.tasks.user.dstService.filterAll =
(&(sAMAccountName=*)(objectClass=user)(!(sAMAccountName=Administrator))(!(sAMAccountName=Guest))(!(sAMAccountName=krbtgt))(sAMAccountType=805306368))
--
Alexey Wasilyev
Systems Administrator
Grid Dynamics
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
