Hello, I'm doing synchronization between OpenLDAP and AD. In OpenLDAP I have lot of domains with users in every domain. Basically what I'm trying to do is to synchronize OpenLDAP domains to AD organizational units and then users from OpenLDAP domains to associated organizational unit in AD. This I'm trying to accomplish with two tasks.
So I created task for OpenLDAP domain to AD OU and that is ok and working as expected. But I don't know how to sync users from specific OpenLDAP domain to specific OU in AD because. I don't know how to create DN for users to reflect specific OU in AD. Here is lsc.config that I created. With configuration below every user from any OpenLDAP domain goes to the same OU in AD :( Please anyone advise how to sync users to specific OU. Any help would be appreciated. ############################## # Destination AD directory # ############################## dst.java.naming.provider.url = ldaps://dcname:636/DC=domain1,DC=hr dst.java.naming.security.authentication = simple dst.java.naming.security.principal = CN=ldap-sync,CN=Users,DC=domain1,DC=hr dst.java.naming.security.credentials = ******* dst.java.naming.referral = ignore dst.java.naming.ldap.derefAliases = never dst.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory dst.java.naming.ldap.version = 3 dst.java.naming.ldap.pageSize = 1000 ######################### # Source OpenLDAP directory # ######################### src.java.naming.provider.url = ldap://dcname2:389/dc=domain2,dc=hr src.java.naming.security.authentication = simple src.java.naming.security.principal = cn=adreplica,dc=domain2,dc=hr src.java.naming.security.credentials = ******* src.java.naming.referral = ignore src.java.naming.ldap.derefAliases = never src.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory src.java.naming.ldap.version = 3 srt.java.naming.ldap.pageSize = 1000 ####################### # Tasks configuration # ####################### lsc.tasks = ldap2ad_dc,ldap2ad_user #### #### ldap2ad_dc : Source #### lsc.tasks.ldap2ad_dc.srcService = org.lsc.jndi.SimpleJndiSrcService lsc.tasks.ldap2ad_dc.srcService.baseDn = lsc.tasks.ldap2ad_dc.srcService.filterAll = (&(objectclass=dcObject)(dc=*)(!(dc=domain2,dc=hr))) lsc.tasks.ldap2ad_dc.srcService.pivotAttrs = dc lsc.tasks.ldap2ad_dc.srcService.filterId = (&(objectclass=dcObject)(|(dc={dc})(dc={ou}))) lsc.tasks.ldap2ad_dc.srcService.attrs = dc l #### #### ldap2ad_dc : Destination #### lsc.tasks.ldap2ad_dc.dstService = org.lsc.jndi.SimpleJndiDstService lsc.tasks.ldap2ad_dc.dstService.baseDn = ou=LSC lsc.tasks.ldap2ad_dc.dstService.filterAll = (&(objectClass=organizationalUnit)((ou=*)(!(ou=LSC)))) lsc.tasks.ldap2ad_dc.dstService.pivotAttrs = ou lsc.tasks.ldap2ad_dc.dstService.filterId = (&(objectclass=organizationalUnit)(|(ou={ou})(ou={dc}))) lsc.tasks.ldap2ad_dc.dstService.attrs = ou objectClass l lsc.tasks.ldap2ad_dc.bean = org.lsc.beans.SimpleBean lsc.tasks.ldap2ad_dc.dn = "OU=" + srcBean.getAttributeValueById("dc") + ",OU=LSC" dn.real_root = DC=domain1,DC=hr lsc.syncoptions.ldap2ad_dc = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions lsc.syncoptions.ldap2ad_dc.default.action = K lsc.syncoptions.ldap2ad_dc.default.delimiter = $ lsc.syncoptions.ldap2ad_dc.sn.action = F lsc.syncoptions.ldap2ad_dc.sn.force_value = srcBean.getAttributeValueById("ou") lsc.syncoptions.ldap2ad_dc.objectClass.action = F lsc.syncoptions.ldap2ad_dc.objectClass.create_value = "top"$"organizationalUnit" lsc.syncoptions.ldap2ad_dc.ou.default_value = srcBean.getAttributeValueById("ou") #### #### ldap2ad_user : Source #### lsc.tasks.ldap2ad_user.srcService = org.lsc.jndi.SimpleJndiSrcService lsc.tasks.ldap2ad_user.srcService.baseDn = lsc.tasks.ldap2ad_user.srcService.filterAll = (&(objectClass=inetOrgPerson)(uid=*)(!(uid=admin))) lsc.tasks.ldap2ad_user.srcService.pivotAttrs = uid lsc.tasks.ldap2ad_user.srcService.filterId = (&(objectClass=inetOrgPerson)(|(uid={uid})(uid={samaccountname}))) lsc.tasks.ldap2ad_user.srcService.attrs = uid cn sn givenName #### #### ldap2ad_user : Destination #### lsc.tasks.ldap2ad_user.dstService = org.lsc.jndi.SimpleJndiDstService lsc.tasks.ldap2ad_user.dstService.baseDn = ou=ADSKOLE lsc.tasks.ldap2ad_user.dstService.filterAll = (&(sAMAccountName=*)(objectClass=user)) lsc.tasks.ldap2ad_user.dstService.pivotAttrs = samaccountname lsc.tasks.ldap2ad_user.dstService.filterId = (&(objectClass=user)(|(sAMAccountName={uid})(sAMAccountName={samaccountname}))) lsc.tasks.ldap2ad_user.dstService.attrs = name displayName cn sn unicodePwd objectClass sAMAccountName userPrincipalName userAccountControl uid givenName lsc.tasks.ldap2ad_user.bean = org.lsc.beans.SimpleBean lsc.tasks.ldap2ad_user.dn = "CN=" + srcBean.getAttributeValueById("cn") + ",OU=LSC" dn.real_root = DC=domain1,DC=hr lsc.syncoptions.ldap2ad_user = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions lsc.syncoptions.ldap2ad_user.default.action = K lsc.syncoptions.ldap2ad_user.default.delimiter = $ lsc.syncoptions.ldap2ad_user.sn.action = F lsc.syncoptions.ldap2ad_user.sn.force_value = srcBean.getAttributeValueById("sn") lsc.syncoptions.ldap2ad_user.objectClass.action = F lsc.syncoptions.ldap2ad_user.objectClass.create_value = "top"$"user"$"person"$"organizationalPerson" lsc.syncoptions.ldap2ad_user.sAMAccountName.create_value = srcBean.getAttributeValueById("uid") lsc.syncoptions.ldap2ad_user.uid.action = F lsc.syncoptions.ldap2ad_user.uid.force_value = srcBean.getAttributeValueById("uid") lsc.syncoptions.ldap2ad_user.userPrincipalName.create_value = srcBean.getAttributeValueById("uid") + "@domain1.hr" lsc.syncoptions.ldap2ad_user.cn.action = F lsc.syncoptions.ldap2ad_user.cn.force_value = srcBean.getAttributeValueById("cn") lsc.syncoptions.ldap2ad_user.givenName.action = F lsc.syncoptions.ldap2ad_user.givenName.force_value = srcBean.getAttributeValueById("givenName") lsc.syncoptions.ldap2ad_user.name.action = F lsc.syncoptions.ldap2ad_user.name.create_value = srcBean.getAttributeValueById("cn") lsc.syncoptions.ldap2ad_user.DisplayName.action = F lsc.syncoptions.ldap2ad_user.DisplayName.create_value = srcBean.getAttributeValueById("cn") #lsc.syncoptions.ldap2ad_user.mail.action = F #lsc.syncoptions.ldap2ad_user.mail.create_value = srcBean.getAttributeValueById("mail") lsc.syncoptions.ldap2ad_user.userAccountControl.action = F lsc.syncoptions.ldap2ad_user.userAccountControl.force_value = AD.userAccountControlSet( "0", [ AD.UAC_SET_DONT_EXPIRE_PASSWORD, AD.UAC_SET_NORMAL_ACCOUNT, AD.UAC_SET_PASSWD_CANT_CHANGE ]) lsc.syncoptions.ldap2ad_user.unicodePwd.create_value = AD.getUnicodePwd("Some.Passw0rd") Regards, Tomislav
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
