Le 30 octobre 2011 22:29, Rohler, Brian L <[email protected]> a écrit : > Thanks for the tip but I did get entries going into AD now by making the > following change: > > Before > lsc.tasks.user.dstService.filterAll = > (&(sAMAccountName=*)(&(objectClass=user)) > > After > lsc.tasks.user.dstService.filterAll = > (&(sAMAccountName=*)(&(objectClass=user)(!(objectClass=computer)))) > > > Now I do have a couple other questions. > > 1 - I'm trying to use the "uid" from my ldap (src) as the CN for the DN but > then then the script fails. > > uid from ldap = msmith > cn = Marc Smith > > For example: > ------------ > Oct 30 17:15:05 - INFO - # Adding new entry CN=Marc > Smith,CN=Users,DC=nees36,DC=local for user > dn: CN=Marc Smith,CN=Users,DC=nees36,DC=local > changetype: add > sn: Smith > cn: Marc smith > givenName: smith > sAMAccountName: smith > objectClass: organizationalPerson > objectClass: person > objectClass: user > objectClass: top > > Here's what I prefer the entry go in as: > ---------------------------------------- > Oct 30 17:15:05 - INFO - # Adding new entry > CN=msmith,CN=Users,DC=nees36,DC=local for user > dn: CN=msmith,CN=Users,DC=nees36,DC=local > changetype: add > cn: Marc Smith > sAMAccountName: msmith > givenName: Marc > sn: Smith > objectClass: organizationalPerson > objectClass: person > objectClass: user > objectClass: top > > What does it take to get this format to come out correctly.
You have to set the dest cn value to the source uid value too (not only for the DN). > It also has the "User must change password at next logon" set which I do not > want set. > > 2 - I can't seem to get the userAccountControl value set. It is always 546 > 512 - normal_account > 32 - password_notreqd > 2 - accountdiabled > ---------------------------- > 546 > > This is what I would like for it to be set to. > 65536 - dont_expire_password > 512 - normal_account > 64 - passwd_cant_change > 32 - password_notreqd > 2 - accountdiabled > ----------------------------- > 66144 > > lsc.syncoptions.user.userAccountControl.create_value = > AD.userAccountControlSet( "0", "66144") If this does not work, you maybe have to use another account with more privileges to bind to AD. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
