2011/12/13 Tomislav Makarun <[email protected]>: > Hello, > > > > I'm doing synchronization between OpenLDAP and AD. In OpenLDAP I have lot of > domains with users in every domain. Basically what I’m trying to do is to > synchronize OpenLDAP domains to AD organizational units and then users from > OpenLDAP domains to associated organizational unit in AD. This I’m trying to > accomplish with two tasks. > > > > So I created task for OpenLDAP domain to AD OU and that is ok and working as > expected. But I don’t know how to sync users from specific OpenLDAP domain > to specific OU in AD because. I don’t know how to create DN for users to > reflect specific OU in AD. > > > > Here is lsc.config that I created. With configuration below every user from > any OpenLDAP domain goes to the same OU in AD :( > > Please anyone advise how to sync users to specific OU. Any help would be > appreciated. > > > > > > ############################## > > # Destination AD directory # > > ############################## > > dst.java.naming.provider.url = ldaps://dcname:636/DC=domain1,DC=hr > > dst.java.naming.security.authentication = simple > > dst.java.naming.security.principal = CN=ldap-sync,CN=Users,DC=domain1,DC=hr > > dst.java.naming.security.credentials = ******* > > dst.java.naming.referral = ignore > > dst.java.naming.ldap.derefAliases = never > > dst.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory > > dst.java.naming.ldap.version = 3 > > dst.java.naming.ldap.pageSize = 1000 > > > > ######################### > > # Source OpenLDAP directory # > > ######################### > > src.java.naming.provider.url = ldap://dcname2:389/dc=domain2,dc=hr > > src.java.naming.security.authentication = simple > > src.java.naming.security.principal = cn=adreplica,dc=domain2,dc=hr > > src.java.naming.security.credentials = ******* > > src.java.naming.referral = ignore > > src.java.naming.ldap.derefAliases = never > > src.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory > > src.java.naming.ldap.version = 3 > > srt.java.naming.ldap.pageSize = 1000 > > > > ####################### > > # Tasks configuration # > > ####################### > > lsc.tasks = ldap2ad_dc,ldap2ad_user > > > > #### > > #### ldap2ad_dc : Source > > #### > > lsc.tasks.ldap2ad_dc.srcService = org.lsc.jndi.SimpleJndiSrcService > > lsc.tasks.ldap2ad_dc.srcService.baseDn = > > lsc.tasks.ldap2ad_dc.srcService.filterAll = > (&(objectclass=dcObject)(dc=*)(!(dc=domain2,dc=hr))) > > lsc.tasks.ldap2ad_dc.srcService.pivotAttrs = dc > > lsc.tasks.ldap2ad_dc.srcService.filterId = > (&(objectclass=dcObject)(|(dc={dc})(dc={ou}))) > > lsc.tasks.ldap2ad_dc.srcService.attrs = dc l > > > > #### > > #### ldap2ad_dc : Destination > > #### > > lsc.tasks.ldap2ad_dc.dstService = org.lsc.jndi.SimpleJndiDstService > > lsc.tasks.ldap2ad_dc.dstService.baseDn = ou=LSC > > lsc.tasks.ldap2ad_dc.dstService.filterAll = > (&(objectClass=organizationalUnit)((ou=*)(!(ou=LSC)))) > > lsc.tasks.ldap2ad_dc.dstService.pivotAttrs = ou > > lsc.tasks.ldap2ad_dc.dstService.filterId = > (&(objectclass=organizationalUnit)(|(ou={ou})(ou={dc}))) > > lsc.tasks.ldap2ad_dc.dstService.attrs = ou objectClass l > > lsc.tasks.ldap2ad_dc.bean = org.lsc.beans.SimpleBean > > lsc.tasks.ldap2ad_dc.dn = "OU=" + srcBean.getAttributeValueById("dc") + > ",OU=LSC" > > > > dn.real_root = DC=domain1,DC=hr > > > > lsc.syncoptions.ldap2ad_dc = > org.lsc.beans.syncoptions.PropertiesBasedSyncOptions > > lsc.syncoptions.ldap2ad_dc.default.action = K > > lsc.syncoptions.ldap2ad_dc.default.delimiter = $ > > lsc.syncoptions.ldap2ad_dc.sn.action = F > > lsc.syncoptions.ldap2ad_dc.sn.force_value = > srcBean.getAttributeValueById("ou") > > lsc.syncoptions.ldap2ad_dc.objectClass.action = F > > lsc.syncoptions.ldap2ad_dc.objectClass.create_value = > "top"$"organizationalUnit" > > lsc.syncoptions.ldap2ad_dc.ou.default_value = > srcBean.getAttributeValueById("ou") > > > > #### > > #### ldap2ad_user : Source > > #### > > lsc.tasks.ldap2ad_user.srcService = org.lsc.jndi.SimpleJndiSrcService > > lsc.tasks.ldap2ad_user.srcService.baseDn = > > lsc.tasks.ldap2ad_user.srcService.filterAll = > (&(objectClass=inetOrgPerson)(uid=*)(!(uid=admin))) > > lsc.tasks.ldap2ad_user.srcService.pivotAttrs = uid > > lsc.tasks.ldap2ad_user.srcService.filterId = > (&(objectClass=inetOrgPerson)(|(uid={uid})(uid={samaccountname}))) > > lsc.tasks.ldap2ad_user.srcService.attrs = uid cn sn givenName > > > > #### > > #### ldap2ad_user : Destination > > #### > > lsc.tasks.ldap2ad_user.dstService = org.lsc.jndi.SimpleJndiDstService > > lsc.tasks.ldap2ad_user.dstService.baseDn = ou=ADSKOLE > > lsc.tasks.ldap2ad_user.dstService.filterAll = > (&(sAMAccountName=*)(objectClass=user)) > > lsc.tasks.ldap2ad_user.dstService.pivotAttrs = samaccountname > > lsc.tasks.ldap2ad_user.dstService.filterId = > (&(objectClass=user)(|(sAMAccountName={uid})(sAMAccountName={samaccountname}))) > > lsc.tasks.ldap2ad_user.dstService.attrs = name displayName cn sn unicodePwd > objectClass sAMAccountName userPrincipalName userAccountControl uid > givenName > > lsc.tasks.ldap2ad_user.bean = org.lsc.beans.SimpleBean > > lsc.tasks.ldap2ad_user.dn = "CN=" + srcBean.getAttributeValueById("cn") + > ",OU=LSC" > > > > > > dn.real_root = DC=domain1,DC=hr > > > > lsc.syncoptions.ldap2ad_user = > org.lsc.beans.syncoptions.PropertiesBasedSyncOptions > > lsc.syncoptions.ldap2ad_user.default.action = K > > lsc.syncoptions.ldap2ad_user.default.delimiter = $ > > lsc.syncoptions.ldap2ad_user.sn.action = F > > lsc.syncoptions.ldap2ad_user.sn.force_value = > srcBean.getAttributeValueById("sn") > > lsc.syncoptions.ldap2ad_user.objectClass.action = F > > lsc.syncoptions.ldap2ad_user.objectClass.create_value = > "top"$"user"$"person"$"organizationalPerson" > > lsc.syncoptions.ldap2ad_user.sAMAccountName.create_value = > srcBean.getAttributeValueById("uid") > > lsc.syncoptions.ldap2ad_user.uid.action = F > > lsc.syncoptions.ldap2ad_user.uid.force_value = > srcBean.getAttributeValueById("uid") > > lsc.syncoptions.ldap2ad_user.userPrincipalName.create_value = > srcBean.getAttributeValueById("uid") + "@domain1.hr" > > lsc.syncoptions.ldap2ad_user.cn.action = F > > lsc.syncoptions.ldap2ad_user.cn.force_value = > srcBean.getAttributeValueById("cn") > > lsc.syncoptions.ldap2ad_user.givenName.action = F > > lsc.syncoptions.ldap2ad_user.givenName.force_value = > srcBean.getAttributeValueById("givenName") > > lsc.syncoptions.ldap2ad_user.name.action = F > > lsc.syncoptions.ldap2ad_user.name.create_value = > srcBean.getAttributeValueById("cn") > > lsc.syncoptions.ldap2ad_user.DisplayName.action = F > > lsc.syncoptions.ldap2ad_user.DisplayName.create_value = > srcBean.getAttributeValueById("cn") > > #lsc.syncoptions.ldap2ad_user.mail.action = F > > #lsc.syncoptions.ldap2ad_user.mail.create_value = > srcBean.getAttributeValueById("mail") > > lsc.syncoptions.ldap2ad_user.userAccountControl.action = F > > lsc.syncoptions.ldap2ad_user.userAccountControl.force_value = > AD.userAccountControlSet( "0", [ AD.UAC_SET_DONT_EXPIRE_PASSWORD, > AD.UAC_SET_NORMAL_ACCOUNT, AD.UAC_SET_PASSWD_CANT_CHANGE ]) > > lsc.syncoptions.ldap2ad_user.unicodePwd.create_value = > AD.getUnicodePwd("Some.Passw0rd") > >
Hello Tomislav, I think you are near the solution. Your first task should create your domains, so you should have in destination the same domains than in the source. Your second task will create your users. You need to know how to find the domain of a particular user. Maybe you can parse the DN and get the user parent entry? When you get this value, use it to build the DN of the user in the destination, it will then be created in the corresponding domain. Clément. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
