Hello,
after solving the last mystery i have another issue that i do not
understand;
i sync groups from an opneldap to ad. From one OU to another OU
While it worked fine before, i now had to change a lot of the group names on
the open ldap. and now he synchronises the groups every time into the ad
when i start lsc. I find this very irritating and i do not understand it.
Why was it ok before and now it is not?
Although it does not seem to cause problems i would rather not have that
behaviour.
Below my script:
#############
### Group ###
#############
lsc.tasks.group.bean = org.lsc.beans.SimpleBean
# Source
lsc.tasks.group.srcService = org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.group.srcService.attrs = cn description member
lsc.tasks.group.srcService.baseDn = ou=groups
lsc.tasks.group.srcService.filterAll = (objectClass=groupOfNames)
lsc.tasks.group.srcService.filterId =
(&(objectClass=groupOfNames)(description={description}))
lsc.tasks.group.srcService.pivotAttrs = description
# Destination
lsc.tasks.group.dstService = org.lsc.jndi.SimpleJndiDstService
lsc.tasks.group.dstService.attrs = cn description member objectClass
sAMAccountName
lsc.tasks.group.dstService.baseDn = ou=badorg
lsc.tasks.group.dstService.filterAll = (objectClass=group)
lsc.tasks.group.dstService.filterId =
(&(objectClass=group)(description={description}))
lsc.tasks.group.dstService.pivotAttrs = description
lsc.tasks.group.dn = "cn=" + srcBean.getAttributeValueById("cn") +
",OU=groups"
#############
### Group ###
#############
lsc.syncoptions.group = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.group.default.action = F
# Direct link - no need to specify syncoptions
# cn <- cn
# description <- description
# sAMAccountName <- cn
lsc.syncoptions.group.sAMAccountName.create_value =
srcBean.getAttributeValueById("cn")
# objectClass <- top/group
lsc.syncoptions.group.objectClass.force_value = "top";"group"
# member to AD <- member from OpenLDAP (groupOfNames)
# The line "lsc.syncoptions.group.member.force_value" helps to find the
corresponding groupmembers in AD
# 1. Find memberUid value of the user entry on source directory (OpenLDAP)
# 2. Search corresponding entry in destination directory (AD) with the
filter (sAMAccountName=$memberUid)
# 3. Find DN of the found entry in destination directory (AD)
# 4. Check if this value is not null and push it in member values
# member(AD) <- member(openLDAP) Users
lsc.syncoptions.group.member.delimiter = $
lsc.syncoptions.group.member.force_value = var umembers =
srcBean.getAttributeValuesById("member").toArray() ; for (var i=0;
i<umembers.length; i++ ) { try { umembers[i] = ldap.attribute(ldap.list(
"ou=users", "(sAMAccountName=" + (srcLdap.attribute(umembers[i],
'uid').get(0) + ")")).get(0), 'distinguishedname').get(0) } catch (e) {
umembers[i]=null }} var members = new Array(); var j=0; for (var i=0;
i<umembers.length; i++) { if (umembers[i]!=null) members[j++]=umembers[i] }
members
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
