Hello and thanks for the replies,
i will see what to do about disabling deleted users (perhaps first disabling
and then delete...)
So what about the renaming issue? Is this also not possible? Or did i do
something wrong? To make sure perhaps someone can check my script?
Note:
I am syncing one way from openLDAP to AD.
#############
### Tasks ###
#############
lsc.tasks=user
lsc.tasks=group
lsc.tasks.user.condition.create = true
lsc.tasks.user.condition.update = true
lsc.tasks.user.condition.delete = false
lsc.tasks.user.condition.modrdn = false
############
### User ###
############
lsc.tasks.user.bean=org.lsc.beans.SimpleBean
lsc.tasks.user.dn = "cn=" + srcBean.getAttributeValueById("cn") + ",ou=user"
# Source
lsc.tasks.user.srcService=org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.user.srcService.filterAll=(&(employeeNumber=*)(objectClass=posixAccount))
lsc.tasks.user.srcService.baseDn=ou=users
lsc.tasks.user.srcService.attrs= cn sn uid givenName employeeNumber ou
employeeType snitPrimaryMailAddress preferredLanguage departmentNumber
telephoneNumber postalCode street title displayName o
facsimileTelephoneNumber l
lsc.tasks.user.srcService.filterId =
(&(objectClass=posixAccount)(employeeNumber={employeeNumber}))
lsc.tasks.user.srcService.pivotAttrs = employeeNumber
# Destination
lsc.tasks.user.dstService=org.lsc.jndi.SimpleJndiDstService
lsc.tasks.user.dstService.filterAll=(&(sn=*)(objectClass=User))
lsc.tasks.user.dstService.baseDn=ou=user
lsc.tasks.user.dstService.attrs = sAMAccountName sn givenName employeeNumber
department employeeType mail preferredLanguage userAccountControl
departmentNumber telephoneNumber postalCode streetAddress cn title
displayName company facsimileTelephoneNumber l objectClass userPrincipalName
lsc.tasks.user.dstService.filterId =
(&(objectClass=User)(employeeNumber={employeeNumber}))
lsc.tasks.user.dstService.pivotAttrs = employeeNumber
#############
### Group ###
#############
lsc.tasks.group.bean = org.lsc.beans.SimpleBean
# Source
lsc.tasks.group.srcService = org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.group.srcService.attrs = cn description member
lsc.tasks.group.srcService.baseDn = ou=org
lsc.tasks.group.srcService.filterAll = (objectClass=groupOfNames)
lsc.tasks.group.srcService.filterId =
(&(objectClass=groupOfNames)(description={description}))
lsc.tasks.group.srcService.pivotAttrs = description
# Destination
lsc.tasks.group.dstService = org.lsc.jndi.SimpleJndiDstService
lsc.tasks.group.dstService.attrs = cn description member objectClass
sAMAccountName
lsc.tasks.group.dstService.baseDn = ou=org
lsc.tasks.group.dstService.filterAll = (objectClass=group)
lsc.tasks.group.dstService.filterId =
(&(objectClass=group)(description={description}))
lsc.tasks.group.dstService.pivotAttrs = description
lsc.tasks.group.dn = "cn=" + srcBean.getAttributeValueById("cn") +
",OU=badorg"
###################
### Syncoptions ###
###################
############
### User ###
############
##################################################
# Direct linkt - no need to specify syncoptions
# cn <- cn
# sn <- sn
# facsimileTelephoneNumber <- facsimileTelephoneNumber
# telephoneNumber <- telephoneNumber
# givenName <- givenName
# employeeNumber <- employeeNumber
# preferredLanguage <- preferredLanguage
# postalCode <- postalCode
# title <- title
# displayName <- displayName
# l <- l
# departmentNumber <- dapertmentNumber
####################################################
lsc.syncoptions.user = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.user.default.action = F
### objectClass <- top/user/person/organizationalperson
lsc.syncoptions.user.objectClass.action = F
lsc.syncoptions.user.objectClass.force_value =
"top";"user";"person";"organizationalPerson"
### sAMAccountName <- uid
lsc.syncoptions.user.sAMAccountName.create_value =
srcBean.getAttributeValueById("uid")
### department <- ou
lsc.syncoptions.user.department.create_value =
srcBean.getAttributeValueById("ou")
### mail <- snitPrimaryMailAddress
lsc.syncoptions.user.mail.create_value =
srcBean.getAttributeValueById("snitPrimaryMailAddress")
### userAccountControl <- snitAccountStatus
#lsc.syncoptions.ADuser.userAccountControl.create_value =
srcBean.getAttributeValueById("snitAccountStatus")
### streetAddress <- street
lsc.syncoptions.user.streetAddress.create_value =
srcBean.getAttributeValueById("street")
### company <- o
lsc.syncoptions.user.company.create_value =
srcBean.getAttributeValueById("o")
### userPrincipalName <- uid + "@bad.local"
lsc.syncoptions.user.userPrincipalName.force_value =
srcBean.getAttributeValueById("uid") + "@bad.local"
### pwdLastSet <- 0 to force user to change password on next connection
lsc.syncoptions.user.pwdLastSet.create_value = "0"
### unicodePwd <- "changeit" at creation (requires SSL connection to AD)
lsc.syncoptions.user.unicodePwd.action = K
lsc.syncoptions.user.unicodePwd.create_value = AD.getUnicodePwd("changeit")
### userAccountControl
lsc.syncoptions.user.userAccountControl.create_value =
AD.userAccountControlSet( "0", [ AD.UAC_SET_PASSWD_NOTREQD,
AD.UAC_SET_NORMAL_ACCOUNT ])
#############
### Group ###
#############
lsc.syncoptions.group = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.group.default.action = F
# Direct link - no need to specify syncoptions
# cn <- cn
# description <- description
# sAMAccountName <- cn
lsc.syncoptions.group.sAMAccountName.create_value =
srcBean.getAttributeValueById("cn")
# objectClass <- top/group
lsc.syncoptions.group.objectClass.force_value = "top";"group"
# member to AD <- member from OpenLDAP (groupOfNames)
# The line "lsc.syncoptions.group.member.force_value" helps to find the
corresponding groupmembers in AD
# 1. Find memberUid value of the user entry on source directory (OpenLDAP)
# 2. Search corresponding entry in destination directory (AD) with the
filter (sAMAccountName=$memberUid)
# 3. Find DN of the found entry in destination directory (AD)
# 4. Check if this value is not null and push it in member values
# member(AD) <- member(openLDAP)
lsc.syncoptions.group.member.delimiter = $
lsc.syncoptions.group.member.force_value = var umembers =
srcBean.getAttributeValuesById("member").toArray() ; for (var i=0;
i<umembers.length; i++ ) { try { umembers[i] = ldap.attribute(ldap.list(
"ou=baduser", "(sAMAccountName=" + (srcLdap.attribute(umembers[i],
'uid').get(0) + ")")).get(0), 'distinguishedname').get(0) } catch (e) {
umembers[i]=null }} var members = new Array(); var j=0; for (var i=0;
i<umembers.length; i++) { if (umembers[i]!=null) members[j++]=umembers[i] }
members
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
