Re: [lsc-users] modifyTimeStamp update condition OpenLDAP to AD

Tue, 25 Oct 2011 01:22:35 -0700 

hi,
it works for me, but i´m not sure about the rules behind this.
i can not believe that nobody have such a problem - we sync
19.000 users 3 times per hour and this runs only round if i forget
all the entries with no modifications.
best regards, rene

Am 25.10.2011 09:09, schrieb Sébastien Bahloul:

Hi Rene,

So have you still an issue with this or is it fully functionnal ?

Regards,
--
Sebastien BAHLOUL
IAM / Security specialist
Ldap Synchronization Connector : http://lsc-project.org
Blog : http://sbahloul.wordpress.com/



2011/10/24 Rene Zeipelt <[email protected] 
<mailto:[email protected]>>

    Am 24.10.2011 20:33, schrieb Clément OUDOT:

        2011/10/24 Rene Zeipelt<[email protected] 
<mailto:[email protected]>>:

            Am 24.10.2011 16:02, schrieb Rene Zeipelt:

            Am 24.10.2011 15:01, schrieb Clément OUDOT:

            2011/10/24 Rene Zeipelt<[email protected] 
<mailto:[email protected]>>:

            Am 24.10.2011 13:49, schrieb Clément OUDOT:

            2011/10/24 Rene Zeipelt<[email protected] 
<mailto:[email protected]>>:

            hello,
            we use version 1.2.1 for ldap to ad sync and all runs perfect. 
since we
            want
            to build in an update condition by checking the modifyTimeStamp in 
ldap
            and
            ad
            we recognize no function. we set the properties to
            lsc.tasks.user.condition.update =
            srcBean.getAttributeValueById("modifyTimeStamp")>
            dstBean.getAttributeValueById("modifyTimeStamp")
            any help? thanks. rene

            Hello,

            you should maybe try to use a substring of modifyTimeStamp value to
            get only digits, in order to have a successful comparaison test. To
            get date + time, take the first 14 characters of the value
            (YYYYMMDDhhmmss)


            Clément.

            ok improve from modifyTimeStamp to modifyTimestamp on source site
            (openldap).
            lsc.tasks.user.condition.update =
            srcBean.getAttributeValueById("modifyTimestamp").substr(0, 14)>
            dstBean.getAttributeValueById("modifyTimeStamp").substr(0, 14)
            ->   have no effects. exports show in source modifyTimestamp: 
20111024122754Z
            and in destination modifyTimeStamp: 20111024122104.0Z
            also the "whenChanged"-attribute on ad have no effects. can i debug 
this
            operation? thanks. rene

            Please answer to the list.

            I don't have any other idea for your problem, maybe other will.


            Clément.

            sorry for wrong redirection. i got a solution. so have to forget to 
list the
            modifyTimestamp to lsc.tasks.user.srcService.attrs and the 
modifyTimeStamp
            to lsc.tasks.user.dstService.attrs. if this is configured i need the
            property:
            lsc.syncoptions.user.modifyTimeStamp.action = K and it runs with no 
errors.
            regards, rene




            _______________________________________________________________
            Ldap Synchronization Connector (LSC) - http://lsc-project.org

            lsc-users mailing list
            [email protected] 
<mailto:[email protected]>
            http://lists.lsc-project.org/listinfo/lsc-users

            ok was too fast. i can not define a create_value for new users. it 
seems
            that lsc use the original timestamp from ldap and this results in
            javax.naming.directory.InvalidAttributeValueException: [LDAP: error 
code 21
            - 00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute 
conversion
            operation, data 0, v1db1];
            another way would be a filter on the source attribute? thanks. rene


        Hi,

        in any way, you will not be able to update the attribute
        modifyTimestamp, as it is an operational attribute managed by the
        directroy. To update such attribute in OpenLDAP, you need to add a
        compete entry with ldapadd.

        Clément.

    hello,
    well i know, but i have to list it for the getAttributeValueById function. 
so i do not
    want to write it to ad but i find the whenChanged attribute wich is not 
operational
    and which have no use of create_value if user in dst do not exists. so the 
config
    lsc.tasks.user.condition.update = 
srcBean.getAttributeValueById("modifyTimestamp").substr(0, 14) > 
dstBean.getAttributeValueById("whenChanged").substr(0, 14)
    ...
    lsc.tasks.user.dstService.attrs = sn sAMAccountName objectClass 
userPrincipalName unicodePwd userAccountControl whenChanged
    ...
    lsc.syncoptions.user.whenChanged.action = K
    works for me - any way :-)
-- _________________________________________________________ 

    BERGISCHE UNIVERSITÄT WUPPERTAL
    Zentrum fuer Informations- und Medienverarbeitung - ZIM

    Gaussstr. 20
    D-42097 Wuppertal (Germany)

    room  : P.06.09
    phone : +49 202 439 2236 <tel:%2B49%20202%20439%202236>
    fax   : +49 202 439 2910 <tel:%2B49%20202%20439%202910>
    e-mail: [email protected] <mailto:[email protected]>
    _________________________________________________________



    _______________________________________________________________
    Ldap Synchronization Connector (LSC) - http://lsc-project.org

    lsc-users mailing list
    [email protected] <mailto:[email protected]>
    http://lists.lsc-project.org/listinfo/lsc-users

Attachment: smime.p7s
Description: S/MIME Kryptografische Unterschrift

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to