Hi Hugh, I'm not sure to understand the need, but my understanding is that you achieve such configuration by using the FORCE policy without any forceValues. The source values will be enforced in the destination.
Regards, -- Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2012/5/16 Hugh Kelley <[email protected]> > I've been reading this, > http://lsc-project.org/wiki/documentation/2.0/configuration/syncoptions, > and trying to get the "lightest touch" possible in my synchronization > rules, but apparently I'm not understanding some concept(s). > > Given this config: > > <!-- source attributes --> > <fetchedAttributes> > <string>objectClass</string> > </fetchedAttributes> > > > <!-- destination attributes --> > <fetchedAttributes> > <string>objectClass</string> > </fetchedAttributes> > > <!-- attribute rule --> > <defaultDelimiter>;</defaultDelimiter> > <defaultPolicy>KEEP</defaultPolicy> > <dataset> > <name>objectClass</name> > <policy>KEEP</policy> > </dataset> > > and this explanation of the KEEP policy: > > * If no <forceValues/> are specified, no values are read from the > source, and a new entry is being added, the attribute will be created with > values from <createValues/>* > > I would expect the objectClass attributes to flow through from the source > to the destination, but they don't. I get this message. > > DEBUG - In object "CN=Craig Cramsey,OU=Users,OU=US > Scottsdale,dc=xyz,dc=qa1": Attribute "objectClass" is in KEEP status > DEBUG - In object "CN=Craig Cramsey,OU=Users,OU=US > Scottsdale,dc=xyz,dc=qa1": Attribute "objectClass" will not be written to > the destination > > As you would expect, this works fine, but is not very dynamic. > > <dataset> > <name>objectClass</name> > <policy>FORCE</policy> > <forceValues> > <string>"user"</string> > <string>"organizationalPerson"</string> > <string>"person"</string> > <string>"top"</string> > </forceValues> > </dataset> > > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] > http://lists.lsc-project.org/listinfo/lsc-users > >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
