I have to admit to being completely new to using this tool. I tried
force_value but it didn't work. I'm not quite sure what you mean by
putting it in the lsc.tasks.task.dstService.attrs. My understanding
(what there is of it) was that dstService.attrs was to modify LDAP
values and the userAccountControl was using the values from the AD class
to modify the LDAP.
I checked and the password is not expired on the accounts.
My other question is how do you get the "User must change password at
next logon" unchecked? I didn't see a function for that in the AD class.
Is there better documentation out there that I'm missing?
dst.java.naming.provider.url =
ldaps://Myrul.blah.com/dc=ad,dc=lis,dc=illinois,dc=edu
dst.java.naming.security.authentication = simple
dst.java.naming.security.principal = [email protected]
dst.java.naming.security.credentials = xxxxxxxxx
dst.java.naming.referral = ignore
dst.java.naming.ldap.derefAliases = never
dst.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory
dst.java.naming.ldap.version = 3
dst.java.naming.tls = true
dst.java.naming.ldap.pageSize = 1000
src.java.naming.provider.url = ldaps://localhost/dc=MYDC
src.java.naming.security.authentication = simple
src.java.naming.security.principal = cn=nsinfo,dc=MYDC
src.java.naming.security.credentials = ldap2nss
src.java.naming.referral = ignore
src.java.naming.ldap.derefAliases = never
src.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory
src.java.naming.ldap.version = 3
dst.java.naming.tls = true
lsc.tasks = SyncAccounts
lsc.tasks.SyncAccounts.srcService = org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.SyncAccounts.srcService.baseDn = ou=People
lsc.tasks.SyncAccounts.srcService.filterAll = (&(objectClass=person)(uid=*))
lsc.tasks.SyncAccounts.srcService.pivotAttrs = uid sn givenName description
lsc.tasks.SyncAccounts.srcService.filterId =
(&(objectClass=person)(uid={uid}))
lsc.tasks.SyncAccounts.srcService.attrs = description cn sn givenName uid
lsc.tasks.SyncAccounts.dstService = org.lsc.jndi.SimpleJndiDstService
lsc.tasks.SyncAccounts.dstService.baseDn = cn=Users,ou=MYDC
lsc.tasks.SyncAccounts.dstService.filterAll = (&(cn=*)(sAMAccountType =
805306368))
lsc.tasks.SyncAccounts.dstService.pivotAttrs = uid sn cn givenName
description
lsc.tasks.SyncAccounts.dstService.filterId = (uid={uid})
lsc.tasks.SyncAccounts.dstService.attrs = description cn sn objectClass
sAMAccountName givenName userPrincipalName
lsc.tasks.SyncAccounts.bean = org.lsc.beans.SimpleBean
lsc.tasks.SyncAccounts.dn = "cn=" + srcBean.getAttributeValueById("uid")
+ ",cn=Users,ou=MYDC"
dn.real_root = cn=Users,ou=MYDC
lsc.syncoptions.SyncAccounts =
org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.SyncAccounts.default.action = F
lsc.syncoptions.SyncAccounts.objectClass.action = F
lsc.syncoptions.SyncAccounts.objectClass.force_value =
"top";"user";"person";"organizationalPerson"
lsc.syncoptions.SyncAccounts.sAMAccountName.create_value =
srcBean.getAttributeValueById("uid")
lsc.syncoptions.SyncAccounts.cn.force_value =
srcBean.getAttributeValueById("uid")
lsc.syncoptions.SyncAccounts.userPrincipalName.force_value =
srcBean.getAttributeValueById("uid") + "@blah.com"
lsc.syncoptions.SyncAccounts.userAccountControl.force_value =
AD.userAccountControlSet( "0",
[AD.UAC_SET_NORMAL_ACCOUNT,AD.UAC_UNSET_ACCOUNTDISABLE])
lsc.syncoptions.SyncAccounts.unicodePwd.create_value =
AD.getUnicodePwd("xxxxxxxxxx")
Jonathan Clarke wrote:
Hi Neil,
On 19/04/2011 17:02, Neil L Thackeray wrote:
I'm been able to sync users from our OpenLDAP server to our AD, but so
far all the users are disabled. I tried using the following to
override the disabling:
lsc.syncoptions.SyncAccounts.userAccountControl.create_value =
AD.userAccountControlSet( "0",
[AD.UAC_SET_NORMAL_ACCOUNT,AD.UAC_UNSET_ACCOUNTDISABLE]).
No luck on current accounts in the AD or in accounts created with this
setting.
Using a create_value will only affect newly created accounts. If you
want to change current (already existing) accounts, use force_value instead.
Are you sure that this attribute is being updated? Make sure it's in
your lsc.tasks.task.dstService.attrs configuration option.
If you still have no success, check that the password is set and is not
marked as expired.
Hope this helps,
Jonathan
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
