Hey there,
The RDN for a group object has to change when going from AD to ldap, I see
how I can do this but everytime it tries to add a new entry instead of
update it. Am I missing something that you can see?
Before forcing the RDN change the group does update members as expected.
Looking at my example I need to modify my cn attribute as well, but I don't
think that is triggering the add, it would just be another attribute to
update.
LSC: 2.0
AD object DN: role.ldap.groupname
LDAP object DN: groupname
Here is what my config looks like:
<propertiesBasedSyncOptions>
<mainIdentifier>var sname = srcBean.getDatasetFirstValueById("cn");
var tmpname = sname.replaceAll("role.ldap.", ""); "cn=" + tmpname +
",ou=group,dc=example,dc=com"</mainIdentifier>
<defaultDelimiter>$</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<conditions>
<create>true</create>
<update>true</update>
<delete>false</delete>
</conditions>
<dataset>
<name>cn</name>
<policy>KEEP</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("cn")</string>
</createValues>
</dataset>
<dataset>
<name>gidNumber</name>
<createValues>
<string>srcBean.getDatasetFirstValueById("gidNumber")</string>
</createValues>
</dataset>
<dataset>
<name>objectClass</name>
<policy>FORCE</policy>
<forceValues>
<string>"posixGroup"</string>
<string>"top"</string>
</forceValues>
</dataset>
<dataset>
<name>memberUid</name>
<forceValues>
<string>
var umembers = srcBean.getAttributeValuesById("member").toArray() ; for
(var i=0; i<umembers.length; i++ ) { try { var tokens =
umembers[i].split(",");(umembers[i] = srcLdap.attribute(tokens[0] + "," +
tokens[1], 'sAMAccountName').get(0)) } catch (e) {umembers[i]=null} }
umembers.toString(); umembers
</string>
</forceValues>
</dataset>
</propertiesBasedSyncOptions>
The logs show what I expect, except for the add instead of update:
g 21 20:29:15 - DEBUG - Loading XML configuration from:
/usr/src/lsc-2.0/etc/lsc.xml
Aug 21 20:29:15 - INFO - Reflections took 215 ms to scan 2 urls, producing
64 keys and 249 values
Aug 21 20:29:15 - DEBUG - Importing XML schema file:
schemas/lsc-core-2.0.xsd
Aug 21 20:29:15 - DEBUG - Importing XML schema file:
schemas/lsc-nis-plugin-1.0.xsd
Aug 21 20:29:15 - INFO - Logging configuration successfully loaded from
/usr/src/lsc-2.0/etc/logback.xml
Aug 21 20:29:15 - INFO - LSC configuration successfully loaded from
/usr/src/lsc-2.0/etc/
Aug 21 20:29:15 - INFO - Connecting to LDAP server
ldap://localhost/dc=example,dc=com as cn=manager,dc=example,dc=com
Aug 21 20:29:15 - INFO - Connecting to LDAP server ldap://
10.101.252.60/dc=itlab,dc=example,dc=com as jfoote@itlab
Aug 21 20:29:15 - INFO - Starting async for adGroup
Aug 21 20:29:15 - DEBUG - Asynchronous synchronize adGroup
Aug 21 20:29:15 - DEBUG - Using pagedResults control for 1000 entries at a
time
Aug 21 20:29:15 - DEBUG - In object
"cn=acme-dev,ou=group,dc=example,dc=com": List of attributes considered
for writing in destination: [cn, memberUid, gidNumber, objectClass]
Aug 21 20:29:15 - DEBUG - In object
"cn=acme-dev,ou=group,dc=example,dc=com": Attribute "cn" is in KEEP status
Aug 21 20:29:15 - DEBUG - In object
"cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute "cn" with
values [role.ldap.acme-dev]
Aug 21 20:29:15 - DEBUG - In object
"cn=acme-dev,ou=group,dc=example,dc=com": Attribute "memberUid" is in
FORCE status
Aug 21 20:29:15 - DEBUG - In object
"cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute "memberUid"
with values [newtest]
Aug 21 20:29:15 - DEBUG - In object
"cn=acme-dev,ou=group,dc=example,dc=com": Attribute "gidNumber" is in
FORCE status
Aug 21 20:29:15 - DEBUG - In object
"cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute "gidNumber"
with values [10001]
Aug 21 20:29:15 - DEBUG - In object
"cn=acme-dev,ou=group,dc=example,dc=com": Attribute "objectClass" is in
FORCE status
Aug 21 20:29:15 - DEBUG - In object
"cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute "objectClass"
with values [posixGroup, top]
Aug 21 20:29:15 - ERROR - Error while adding entry
cn=acme-dev,ou=group,dc=example,dc=com in directory
:javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - Entry
Already Exists]; remaining name 'cn=acme-dev,ou=group'
I appreciate any help!
-Joel
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
