Sébastien, the goal is to have objectClass (and several other attributes)
flow through without hard-coding any values in lsc.xml (since suitable
values already exist in the source):
When I use this configuration:
<defaultPolicy>KEEP</defaultPolicy>
<dataset>
<name>objectClass</name>
<policy>FORCE</policy>
</dataset>
<dataset>
<name>sAMAccountName</name>
<policy>FORCE</policy>
</dataset>
I get output like this:
DEBUG - In object "CN=abc,OU=Users,OU=US Scottsdale,dc=xyz,dc=qa1": List
of attributes considered for writing in destination: [mail, sn, cn,
sAMAccountName, description, userAccountControl, unicodePwd, objectClass,
givenName]
DEBUG - In object "CN=abc,OU=Users,OU=US Scottsdale,dc=xyz,dc=qa1":
Attribute "sAMAccountName" is in FORCE status
DEBUG - In object "CN=abc,OU=Users,OU=US Scottsdale,dc=xyz,dc=qa1":
Attribute "sAMAccountName" will not be written to the destination
DEBUG - In object "CN=abc,OU=Users,OU=US Scottsdale,dc=xyz,dc=qa1":
Attribute "objectClass" is in FORCE status
DEBUG - In object "CN=abc,OU=Users,OU=US Scottsdale,dc=xyz,dc=qa1":
Attribute "objectClass" will not be written to the destination
If it matters, I am using the trunk snapshot from 15 May, not my Eclipse
project from the branch.
Hugh
On Wed, May 16, 2012 at 7:34 AM, Sébastien Bahloul <
[email protected]> wrote:
> Hi Hugh,
>
> I'm not sure to understand the need, but my understanding is that you
> achieve such configuration by using the FORCE policy without any
> forceValues. The source values will be enforced in the destination.
>
> Regards,
> --
> Sebastien BAHLOUL
> IAM / Security specialist
> Ldap Synchronization Connector : http://lsc-project.org
> Blog : http://sbahloul.wordpress.com/
>
>
>
> 2012/5/16 Hugh Kelley <[email protected]>
>
>> I've been reading this,
>> http://lsc-project.org/wiki/documentation/2.0/configuration/syncoptions,
>> and trying to get the "lightest touch" possible in my synchronization
>> rules, but apparently I'm not understanding some concept(s).
>>
>> Given this config:
>>
>> <!-- source attributes -->
>> <fetchedAttributes>
>> <string>objectClass</string>
>> </fetchedAttributes>
>>
>>
>> <!-- destination attributes -->
>> <fetchedAttributes>
>> <string>objectClass</string>
>> </fetchedAttributes>
>>
>> <!-- attribute rule -->
>> <defaultDelimiter>;</defaultDelimiter>
>> <defaultPolicy>KEEP</defaultPolicy>
>> <dataset>
>> <name>objectClass</name>
>> <policy>KEEP</policy>
>> </dataset>
>>
>> and this explanation of the KEEP policy:
>>
>> * If no <forceValues/> are specified, no values are read from the
>> source, and a new entry is being added, the attribute will be created with
>> values from <createValues/>*
>>
>> I would expect the objectClass attributes to flow through from the source
>> to the destination, but they don't. I get this message.
>>
>> DEBUG - In object "CN=Craig Cramsey,OU=Users,OU=US
>> Scottsdale,dc=xyz,dc=qa1": Attribute "objectClass" is in KEEP status
>> DEBUG - In object "CN=Craig Cramsey,OU=Users,OU=US
>> Scottsdale,dc=xyz,dc=qa1": Attribute "objectClass" will not be written to
>> the destination
>>
>> As you would expect, this works fine, but is not very dynamic.
>>
>> <dataset>
>> <name>objectClass</name>
>> <policy>FORCE</policy>
>> <forceValues>
>> <string>"user"</string>
>> <string>"organizationalPerson"</string>
>> <string>"person"</string>
>> <string>"top"</string>
>> </forceValues>
>> </dataset>
>>
>> _______________________________________________________________
>> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>>
>> lsc-users mailing list
>> [email protected]
>> http://lists.lsc-project.org/listinfo/lsc-users
>>
>>
>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
