On Oct 31, 2011, at 6:42 PM, "Clément OUDOT" <[email protected]> wrote:
> Le 30 octobre 2011 22:29, Rohler, Brian L <[email protected]> a écrit : >> Thanks for the tip but I did get entries going into AD now by making the >> following change: >> >> Before >> lsc.tasks.user.dstService.filterAll = >> (&(sAMAccountName=*)(&(objectClass=user)) >> >> After >> lsc.tasks.user.dstService.filterAll = >> (&(sAMAccountName=*)(&(objectClass=user)(!(objectClass=computer)))) >> >> >> Now I do have a couple other questions. >> >> 1 - I'm trying to use the "uid" from my ldap (src) as the CN for the DN but >> then then the script fails. >> >> uid from ldap = msmith >> cn = Marc Smith >> >> For example: >> ------------ >> Oct 30 17:15:05 - INFO - # Adding new entry CN=Marc >> Smith,CN=Users,DC=nees36,DC=local for user >> dn: CN=Marc Smith,CN=Users,DC=nees36,DC=local >> changetype: add >> sn: Smith >> cn: Marc smith >> givenName: smith >> sAMAccountName: smith >> objectClass: organizationalPerson >> objectClass: person >> objectClass: user >> objectClass: top >> >> Here's what I prefer the entry go in as: >> ---------------------------------------- >> Oct 30 17:15:05 - INFO - # Adding new entry >> CN=msmith,CN=Users,DC=nees36,DC=local for user >> dn: CN=msmith,CN=Users,DC=nees36,DC=local >> changetype: add >> cn: Marc Smith >> sAMAccountName: msmith >> givenName: Marc >> sn: Smith >> objectClass: organizationalPerson >> objectClass: person >> objectClass: user >> objectClass: top >> >> What does it take to get this format to come out correctly. > > You have to set the dest cn value to the source uid value too (not > only for the DN). I'll try that tonight. > >> It also has the "User must change password at next logon" set which I do not >> want set. >> >> 2 - I can't seem to get the userAccountControl value set. It is always 546 >> 512 - normal_account >> 32 - password_notreqd >> 2 - accountdiabled >> ---------------------------- >> 546 >> >> This is what I would like for it to be set to. >> 65536 - dont_expire_password >> 512 - normal_account >> 64 - passwd_cant_change >> 32 - password_notreqd >> 2 - accountdiabled >> ----------------------------- >> 66144 >> >> lsc.syncoptions.user.userAccountControl.create_value = >> AD.userAccountControlSet( "0", "66144") > > If this does not work, you maybe have to use another account with more > privileges to bind to AD. I don't have ssl/636 working yet. I'm wondering if that isn't the problem. I've also been told there might be a registry change so new user accounts don't default to disabled. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
