I had run it both ways, KEEP and FORCE. The result was/is the same. See
below:
dn: CN=Gwen Young,OU=Users,OU=US Scottsdale,dc=xyz,dc=qa1
changetype: add
unicodePwd:: IgAxAHEAYQB6ACEAUQBBAFoAIgA=
The <task> element:
<task>
<name>SyncTask-Users</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>SyncTask-Users-src</name>
<connection reference="src-ldap"/>
<baseDn>ou=US Scottsdale,dc=xyz,dc=net</baseDn>
<pivotAttributes>
<string>sAMAccountName</string>
</pivotAttributes>
<fetchedAttributes>
<string>description</string>
<string>cn</string>
<string>givenName</string>
<string>sn</string>
<string>objectClass</string>
<string>sAMAccountName</string>
<string>mail</string>
<string>userAccountControl</string>
</fetchedAttributes>
<getAllFilter>(&(!(isCriticalSystemObject=TRUE))(objectCategory=person)(objectClass=user)(sAMAccountName=*))</getAllFilter>
<getOneFilter>(&(!(isCriticalSystemObject=TRUE))(objectCategory=person)(objectClass=user)(sAMAccountName={sAMAccountName}))</getOneFilter>
<cleanFilter>(&(!(isCriticalSystemObject=TRUE))(objectCategory=person)(objectClass=user)(sAMAccountName={sAMAccountName}))</cleanFilter>
</ldapSourceService>
<ldapDestinationService>
<name>SyncTask-Users-dst</name>
<connection reference="dst-ldap"/>
<baseDn>dc=xyz,dc=qa1</baseDn>
<pivotAttributes>
<string>sAMAccountName</string>
</pivotAttributes>
<fetchedAttributes>
<string>description</string>
<string>cn</string>
<string>givenName</string>
<string>sn</string>
<string>objectClass</string>
<string>mail</string>
<string>sAMAccountName</string>
<string>unicodePwd</string>
<string>userAccountControl</string>
</fetchedAttributes>
<getAllFilter>(&(!(isCriticalSystemObject=TRUE))(objectCategory=person)(objectClass=user)(sAMAccountName=*))</getAllFilter>
<getOneFilter>(&(!(isCriticalSystemObject=TRUE))(objectCategory=person)(objectClass=user)(sAMAccountName={sAMAccountName}))</getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>
<![CDATA[
var pattern = "(?i)dc=xyz,dc=net" ;
var substitute = "dc=xyz,dc=qa1";
var dn=srcBean.getMainIdentifier();
dn = dn.replaceAll(pattern,substitute);
dn; // "emit" the result
]]>
</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<dataset>
<name>unicodePwd</name>
<policy>KEEP</policy>
<createValues>
<string>AD.getUnicodePwd("1qaz!QAZ")</string><!-- set unicodePwd
only at object creation (requires SSL connection to AD) -->
</createValues>
</dataset>
</propertiesBasedSyncOptions>
</task>
On Wed, May 16, 2012 at 8:20 AM, Clément OUDOT <[email protected]> wrote:
> 2012/5/16 Hugh Kelley <[email protected]>:
> > Thank, you. That is a good tip (that no dataset is needed for as-is
> > propagation). In that case, I must have some larger configuration
> issue.
> >
> > I am creating new objects, so there is no existing value. I have taken
> out
> > the superfluous dataset elements but still I get only this (whether the
> > default policy is KEEP or FORCE):
> >
> > dn: CN=abc,OU=Users,OU=US Scottsdale,dc=xyz,dc=qa1
> > changetype: add
> > unicodePwd:: IgAxAHEAYQB6ACEAUQBBAFoAIgA=
>
> No, in your configuration, default policy is KEEP. It should work with
> default policy set to FORCE. You can then set a KEEP policy for an
> attribute in a dataset.
>
> Clément.
>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
