[lsc-users] Synchronize openldap to ad (Non openldap users lose group membership to openldap group after sync)

Tue, 13 Sep 2011 06:03:34 -0700 

Hello,

i have a problem with my synchronisation from openLDAP  to AD 2008 R2.
Everything with the synchronisation works fine so far.
Except keeping group membership of openldap groups for non openldap users.
(So user that are not known to the open LDAP lose the membership to openldap
grous after a sync)

I already tried to change §lsc.syncoptions.group.default.action = F" to
"lsc.syncoptions.group.default.action = M" but then es does not delete
opneldap users from openldap groups when i do this in the openldap.
Maybe someone can tell me what i am doing wrong i already tried to adjust my
script but i am basically out of ideas. Below the part for the groups.


#############
### Group ###
#############

lsc.syncoptions.group = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.group.default.action = F

# Direct link - no need to specify syncoptions
# cn <- cn
# description <- description

# sAMAccountName <- cn
lsc.syncoptions.group.sAMAccountName.create_value =
srcBean.getAttributeValueById("cn")

# objectClass <- top/group
lsc.syncoptions.group.objectClass.force_value = "top";"group"

# member to AD <- member from OpenLDAP (groupOfNames)
# The line "lsc.syncoptions.group.member.force_value" helps to find the
corresponding groupmembers in AD
# 1. Find memberUid value of the user entry on source directory (OpenLDAP)
# 2. Search corresponding entry in destination directory (AD) with the
filter (sAMAccountName=$memberUid)
# 3. Find DN of the found entry in destination directory (AD)
# 4. Check if this value is not null and push it in member values

# member(AD) <- member(openLDAP) Users
lsc.syncoptions.group.member.delimiter = $
lsc.syncoptions.group.member.force_value = var umembers =
srcBean.getAttributeValuesById("member").toArray() ; for (var i=0;
i<umembers.length; i++ ) { try { umembers[i] = ldap.attribute(ldap.list(
"ou=companyuser", "(sAMAccountName=" + (srcLdap.attribute(umembers[i],
'uid').get(0) + ")")).get(0), 'distinguishedname').get(0) } catch (e) {
umembers[i]=null }} var members = new Array(); var j=0; for (var i=0;
i<umembers.length; i++) { if (umembers[i]!=null) members[j++]=umembers[i] }
members

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to