Hi,
if anyone else has the problem, that lsc removes users from your groups if you
move a user to a sub ou - here is the solution:
lsc.syncoptions.group.member.force_value = \
var umembers = \
srcBean.getAttributeValuesById("uniqueMember").toArray() ; \
for (var i=0; i<umembers.length; i++ ) { \
try { \
--> umembers[i] = ldap.attribute(ldap.search( "ou=users", \
<--------
"(sAMAccountName=" \
+ (srcLdap.attribute(umembers[i], 'uid').get(0) \
+ ")"
)).get(0), 'distinguishedname').get(0) \
} catch (e) { \
umembers[i]=null \
} \
} \
var members = new Array(); \
var j=0; \
for (var i=0; i<umembers.length; i++) { \
if (umembers[i]!=null) members[j++]=umembers[i] \
} \
members
Replace "ldap.list" with "ldap.search"
See:
http://lsc-project.org/javadoc/1.2-SNAPSHOT/org/lsc/jndi/ScriptableJndiServices.html#search%28java.lang.Object,%20java.lang.Object%29
list: Performs a search with one level scope on a given base DN with a given
filter.
search: Performs a search with subtree scope on a given base DN with a given
filter.
-----Ursprüngliche Nachricht-----
Von: [email protected]
[mailto:[email protected]] Im Auftrag von Gunter Holzer
Gesendet: Montag, 7. Juni 2010 13:17
An: Jonathan Clarke
Cc: [email protected]
Betreff: Re: [lsc-users] move user to different OU
Hi,
is there are way do the same thing for groups and membership?
I have changed my config to:
lsc.tasks.group.dstService.baseDn =
How to change the line from the script below, to search the complete AD and not
only the ou users?
lsc.syncoptions.group.member.force_value = \
var umembers = \
srcBean.getAttributeValuesById("uniqueMember").toArray() ; \
for (var i=0; i<umembers.length; i++ ) { \
try { \
--> umembers[i] = ldap.attribute(ldap.list( "ou=users", \
<--------
"(sAMAccountName=" \
+ (srcLdap.attribute(umembers[i], 'uid').get(0) \
+ ")"
)).get(0), 'distinguishedname').get(0) \
} catch (e) { \
umembers[i]=null \
} \
} \
var members = new Array(); \
var j=0; \
for (var i=0; i<umembers.length; i++) { \
if (umembers[i]!=null) members[j++]=umembers[i] \
} \
members
Regards,
Gunter
-----Ursprüngliche Nachricht-----
Von: [email protected]
[mailto:[email protected]] Im Auftrag von Jonathan Clarke
Gesendet: Montag, 7. Juni 2010 09:36
An: Alexey Wasilyev
Cc: [email protected]
Betreff: Re: [lsc-users] move user to different OU
Le 07/06/2010 09:12, Alexey Wasilyev a écrit :
> I can succesfuly sync users openldap to ad, to cn=users.
> I want to move different users to different ou, by hand.
> but for moved users lsc try to recreate it, whithout success, of course.
> how can i fix it?
Hi,
You have set your dstService to search under "cn=users"
(dstService.baseDn), so LSC will not know about users in different OUs.
However, your search filter to get one user (dstService.filterId) only
needs a sAMAccountName to find a user - this is not related to it's DN.
So, if you changed your dstService.baseDn to nothing (just leave a space
after the = sign), LSC will search throughout your whole tree to find
users, and won't try to recreate existing ones.
Of course, you can leave the "lsc.tasks.user.dn" property containing
"cn=Users", so that any new users will be created in that branch.
Hope this helps,
Jonathan
> lsc.tasks.user.dstService = org.lsc.jndi.SimpleJndiDstService
> lsc.tasks.user.dstService.baseDn = cn=users
> lsc.tasks.user.dstService.filterAll =
> (&(sAMAccountName=*)(objectClass=user)(!(sAMAccountName=Administrator))(!(sAMAccountName=Guest))(!(sAMAccountName=krbtgt)))
>
> lsc.tasks.user.dstService.pivotAttrs = uid
> lsc.tasks.user.dstService.filterId =
> (&(objectClass=user)(sAMAccountName={uid}))
> lsc.tasks.user.dstService.attrs = cn sn objectClass sAMAccountName
> displayName userPrincipalName mail userAccountControl givenName uid
> pwdLastset unicodePwd
> lsc.tasks.user.bean = org.lsc.beans.SimpleBean
> lsc.tasks.user.dn = "cn=" + srcBean.getAttributeValueById("cn") +
> ",cn=users"
> #dn.real_root = ou=ldap,dc=ad,dc=griddynamics,dc=net
> lsc.syncoptions.user = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
> lsc.syncoptions.user.default.action = F
> lsc.syncoptions.user.objectClass.action = F
> lsc.syncoptions.user.objectClass.force_value =
> "top";"user";"person";"organizationalPerson"
> lsc.syncoptions.user.sAMAccountName.create_value =
> srcBean.getAttributeValueById("uid")
> lsc.syncoptions.user.userPrincipalName.force_value =
> srcBean.getAttributeValueById("uid") + "@ad.griddynamics.net"
> lsc.syncoptions.user.userAccountControl.create_value =
> AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT])
> lsc.syncoptions.user.pwdLastset.create_value = "0"
> lsc.syncoptions.user.unicodePwd.create_value = AD.getUnicodePwd("changeit")
>
--
--------------------------------------------------------------
Jonathan Clarke - [email protected]
--------------------------------------------------------------
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--------------------------------------------------------------
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
