Sorry for my instance and my ignorance but it looks like this should be a fairly easy thing to do but I can't get it to work.
I have a CN="Tom Smith" and a uid="tsmith" which comes in from the source (LDAP on linux). I don't want the CN="Tom Smith" to go into my destination (AD on windows) I would like to have the CN="tsmith" go into my destination (AD on windows). How do I do this? What type of conditional code can I use to get this to work? Thanks, Brian -----Original Message----- From: Clément OUDOT [mailto:[email protected]] Sent: Monday, October 31, 2011 6:42 PM To: Rohler, Brian L Cc: [email protected] Subject: Re: [lsc-users] LDAP: error code 53 - 00002077 Le 30 octobre 2011 22:29, Rohler, Brian L <[email protected]> a écrit : > Thanks for the tip but I did get entries going into AD now by making the > following change: > > Before > lsc.tasks.user.dstService.filterAll = > (&(sAMAccountName=*)(&(objectClass=user)) > > After > lsc.tasks.user.dstService.filterAll = > (&(sAMAccountName=*)(&(objectClass=user)(!(objectClass=computer)))) > > > Now I do have a couple other questions. > > 1 - I'm trying to use the "uid" from my ldap (src) as the CN for the DN but > then then the script fails. > > uid from ldap = msmith > cn = Marc Smith > > For example: > ------------ > Oct 30 17:15:05 - INFO - # Adding new entry CN=Marc > Smith,CN=Users,DC=nees36,DC=local for user > dn: CN=Marc Smith,CN=Users,DC=nees36,DC=local > changetype: add > sn: Smith > cn: Marc smith > givenName: smith > sAMAccountName: smith > objectClass: organizationalPerson > objectClass: person > objectClass: user > objectClass: top > > Here's what I prefer the entry go in as: > ---------------------------------------- > Oct 30 17:15:05 - INFO - # Adding new entry > CN=msmith,CN=Users,DC=nees36,DC=local for user > dn: CN=msmith,CN=Users,DC=nees36,DC=local > changetype: add > cn: Marc Smith > sAMAccountName: msmith > givenName: Marc > sn: Smith > objectClass: organizationalPerson > objectClass: person > objectClass: user > objectClass: top > > What does it take to get this format to come out correctly. You have to set the dest cn value to the source uid value too (not only for the DN). > It also has the "User must change password at next logon" set which I do not > want set. > > 2 - I can't seem to get the userAccountControl value set. It is always > 546 > 512 - normal_account > 32 - password_notreqd > 2 - accountdiabled > ---------------------------- > 546 > > This is what I would like for it to be set to. > 65536 - dont_expire_password > 512 - normal_account > 64 - passwd_cant_change > 32 - password_notreqd > 2 - accountdiabled > ----------------------------- > 66144 > > lsc.syncoptions.user.userAccountControl.create_value = > AD.userAccountControlSet( "0", "66144") If this does not work, you maybe have to use another account with more privileges to bind to AD. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
