See my comments below.
On 10/31/11 6:41 PM, "Clément OUDOT" <[email protected]> wrote: >Le 30 octobre 2011 22:29, Rohler, Brian L <[email protected]> a écrit : >> Thanks for the tip but I did get entries going into AD now by making >>the following change: >> >> Before >> lsc.tasks.user.dstService.filterAll = >>(&(sAMAccountName=*)(&(objectClass=user)) >> >> After >> lsc.tasks.user.dstService.filterAll = >>(&(sAMAccountName=*)(&(objectClass=user)(!(objectClass=computer)))) >> >> >> Now I do have a couple other questions. >> >> 1 - I'm trying to use the "uid" from my ldap (src) as the CN for the DN >> but then then the script fails. >> >> uid from ldap = msmith >> cn = Marc Smith >> >> For example: >> ------------ >> Oct 30 17:15:05 - INFO - # Adding new entry CN=Marc >>Smith,CN=Users,DC=nees36,DC=local for user >> dn: CN=Marc Smith,CN=Users,DC=nees36,DC=local >> changetype: add >> sn: Smith >> cn: Marc smith >> givenName: smith >> sAMAccountName: smith >> objectClass: organizationalPerson >> objectClass: person >> objectClass: user >> objectClass: top >> >> Here's what I prefer the entry go in as: >> ---------------------------------------- >> Oct 30 17:15:05 - INFO - # Adding new entry >>CN=msmith,CN=Users,DC=nees36,DC=local for user >> dn: CN=msmith,CN=Users,DC=nees36,DC=local >> changetype: add >> cn: Marc Smith >> sAMAccountName: msmith >> givenName: Marc >> sn: Smith >> objectClass: organizationalPerson >> objectClass: person >> objectClass: user >> objectClass: top >> >> What does it take to get this format to come out correctly. > >You have to set the dest cn value to the source uid value too (not >only for the DN). As a newbie I've had a struggle understanding the differences between .filterALL, .filterID, .attrs and .attrpivots. Would you be able to explain more of where this change needs to occur? I would appreciate any help you can provide. ########################################################################### ############## # SimpleJndiSrcService parameters (Linux LDAP) ########################################################################### ############## lsc.tasks.user.srcService = org.lsc.jndi.SimpleJndiSrcService lsc.tasks.user.srcService.baseDn = ou=Users lsc.tasks.user.srcService.filterAll = (&(uid=*)(objectClass=inetOrgPerson)) lsc.tasks.user.srcService.filterId = (&(objectClass=inetOrgPerson)(uid={uid})) lsc.tasks.user.srcService.pivotAttrs = uid uidNumber gidNumber lsc.tasks.user.srcService.attrs = uid sn cn uidNumber gidNumber ########################################################################### ############## # SimpleJndiDstService parameters (Windows Active Directory) ########################################################################### ############## lsc.tasks.user.dstService = org.lsc.jndi.SimpleJndiDstService lsc.tasks.user.dstService.baseDn = cn=Users lsc.tasks.user.dstService.filterAll = (&(sAMAccountName=*)(&(objectClass=user)(!(objectClass=computer)))) lsc.tasks.user.dstService.filterId = (&(objectClass=user)(sAMAccountName={uid})) lsc.tasks.user.dstService.pivotAttrs = uid sAMAccountName uidNumber lsc.tasks.user.dstService.attrs = sAMAccountName sn cn givenName uidNumber gidNumber objectClass AD.userAccountControl lsc.tasks.user.dn = "CN=" + srcBean.getAttributeValueById("cn") + ",CN=Users" dn.real_root = DC=nees36,DC=local ######################### # User - Syncoptions ######################### lsc.syncoptions.user = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions lsc.syncoptions.user.objectClass.action = F lsc.syncoptions.user.default.action = F lsc.syncoptions.user.default.delimiter = ; lsc.syncoptions.user.objectClass.force_value = "top";"user";"person";"organizationalPerson" lsc.syncoptions.user.userPrincipalName.create_value = srcBean.getAttributeValueById("uid") + "@nees36.local" lsc.syncoptions.user.givenName.create_value = srcBean.getAttributeValueById("uid") lsc.syncoptions.user.sAMAccountName.create_value = srcBean.getAttributeValueById("uid") lsc.syncoptions.user.sn.create_value = srcBean.getAttributeValueById("uid") lsc.syncoptions.user.cn.create_value = srcBean.getAttributeValueById("uid") lsc.syncoptions.user.uidNumber.create_value = srcBean.getAttributeValueById("uidNumber") lsc.syncoptions.user.gidNumber.create_value = srcBean.getAttributeValueById("gidNumber") # 653536 - DONT_EXPIRE_PASSWORD # 512 - NORMAL_ACCOUNT # + 32 - PASSWD_NOTREQD # --------------------------------------- # 66080 - AD.userAccountControlSet value lsc.syncoptions.user.userAccountControl.create_value = AD.userAccountControlSet( "0", "66080") > >> It also has the "User must change password at next logon" set which I >>do not want set. >> >> 2 - I can't seem to get the userAccountControl value set. It is always >>546 >> 512 - normal_account >> 32 - password_notreqd >> 2 - accountdiabled >> ---------------------------- >> 546 >> >> This is what I would like for it to be set to. >> 65536 - dont_expire_password >> 512 - normal_account >> 64 - passwd_cant_change >> 32 - password_notreqd >> 2 - accountdiabled >> ----------------------------- >> 66144 >> >> lsc.syncoptions.user.userAccountControl.create_value = >>AD.userAccountControlSet( "0", "66144") > >If this does not work, you maybe have to use another account with more >privileges to bind to AD. I'm currently using the administrator with full privileges. > _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
