I believe it is found.
The logs show: > "cn=acme-dev,ou=group,dc=example,dc=com": List of
attributes considered for
> writing in destination: [cn, memberUid, gidNumber, objectClass]
That is what I expect the destination to be. My destination service is
pretty generic and matches.
The get one filter will be reading the dn on the destination right, so the
cn will already be the proper one.
<ldapDestinationService>
<name>openldapgroup-dst-service</name>
<connection reference="openLDAP" />
<baseDn>ou=group,dc=example,dc=com</baseDn>
<pivotAttributes><string>cn</string></pivotAttributes>
<fetchedAttributes>
<string>objectClass</string>
<string>cn</string>
<string>gidNumber</string>
<string>memberUid</string>
</fetchedAttributes>
<getAllFilter>(objectClass=posixGroup)</getAllFilter>
<getOneFilter>(&(objectClass=posixGroup)(cn={cn}))</getOneFilter>
</ldapDestinationService>
Any suggestion on what I should change?
On Tue, Aug 21, 2012 at 11:56 PM, Clément OUDOT <[email protected]>wrote:
> 2012/8/21 dunkan <[email protected]>:
> > Hey there,
> >
> > The RDN for a group object has to change when going from AD to ldap, I
> see
> > how I can do this but everytime it tries to add a new entry instead of
> > update it. Am I missing something that you can see?
> >
> > Before forcing the RDN change the group does update members as expected.
> >
> > Looking at my example I need to modify my cn attribute as well, but I
> don't
> > think that is triggering the add, it would just be another attribute to
> > update.
> >
> > LSC: 2.0
> >
> > AD object DN: role.ldap.groupname
> > LDAP object DN: groupname
> >
> > Here is what my config looks like:
> >
> > <propertiesBasedSyncOptions>
> > <mainIdentifier>var sname =
> srcBean.getDatasetFirstValueById("cn");
> > var tmpname = sname.replaceAll("role.ldap.", ""); "cn=" + tmpname +
> > ",ou=group,dc=example,dc=com"</mainIdentifier>
> > <defaultDelimiter>$</defaultDelimiter>
> > <defaultPolicy>FORCE</defaultPolicy>
> > <conditions>
> > <create>true</create>
> > <update>true</update>
> > <delete>false</delete>
> > </conditions>
> > <dataset>
> > <name>cn</name>
> > <policy>KEEP</policy>
> > <createValues>
> > <string>srcBean.getDatasetFirstValueById("cn")</string>
> > </createValues>
> > </dataset>
> > <dataset>
> > <name>gidNumber</name>
> > <createValues>
> > <string>srcBean.getDatasetFirstValueById("gidNumber")</string>
> > </createValues>
> > </dataset>
> > <dataset>
> > <name>objectClass</name>
> > <policy>FORCE</policy>
> > <forceValues>
> > <string>"posixGroup"</string>
> > <string>"top"</string>
> > </forceValues>
> > </dataset>
> > <dataset>
> > <name>memberUid</name>
> > <forceValues>
> > <string>
> > var umembers = srcBean.getAttributeValuesById("member").toArray() ; for
> (var
> > i=0; i<umembers.length; i++ ) { try { var tokens =
> > umembers[i].split(",");(umembers[i] = srcLdap.attribute(tokens[0] + "," +
> > tokens[1], 'sAMAccountName').get(0)) } catch (e) {umembers[i]=null} }
> > umembers.toString(); umembers
> > </string>
> > </forceValues>
> > </dataset>
> > </propertiesBasedSyncOptions>
> >
> > The logs show what I expect, except for the add instead of update:
> >
> > g 21 20:29:15 - DEBUG - Loading XML configuration from:
> > /usr/src/lsc-2.0/etc/lsc.xml
> > Aug 21 20:29:15 - INFO - Reflections took 215 ms to scan 2 urls,
> producing
> > 64 keys and 249 values
> > Aug 21 20:29:15 - DEBUG - Importing XML schema file:
> > schemas/lsc-core-2.0.xsd
> > Aug 21 20:29:15 - DEBUG - Importing XML schema file:
> > schemas/lsc-nis-plugin-1.0.xsd
> > Aug 21 20:29:15 - INFO - Logging configuration successfully loaded from
> > /usr/src/lsc-2.0/etc/logback.xml
> > Aug 21 20:29:15 - INFO - LSC configuration successfully loaded from
> > /usr/src/lsc-2.0/etc/
> > Aug 21 20:29:15 - INFO - Connecting to LDAP server
> > ldap://localhost/dc=example,dc=com as cn=manager,dc=example,dc=com
> > Aug 21 20:29:15 - INFO - Connecting to LDAP server
> > ldap://10.101.252.60/dc=itlab,dc=example,dc=com as jfoote@itlab
> > Aug 21 20:29:15 - INFO - Starting async for adGroup
> > Aug 21 20:29:15 - DEBUG - Asynchronous synchronize adGroup
> > Aug 21 20:29:15 - DEBUG - Using pagedResults control for 1000 entries at
> a
> > time
> > Aug 21 20:29:15 - DEBUG - In object
> > "cn=acme-dev,ou=group,dc=example,dc=com": List of attributes considered
> for
> > writing in destination: [cn, memberUid, gidNumber, objectClass]
> > Aug 21 20:29:15 - DEBUG - In object
> > "cn=acme-dev,ou=group,dc=example,dc=com": Attribute "cn" is in KEEP
> status
> > Aug 21 20:29:15 - DEBUG - In object
> > "cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute "cn" with
> values
> > [role.ldap.acme-dev]
> > Aug 21 20:29:15 - DEBUG - In object
> > "cn=acme-dev,ou=group,dc=example,dc=com": Attribute "memberUid" is in
> FORCE
> > status
> > Aug 21 20:29:15 - DEBUG - In object
> > "cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute "memberUid"
> with
> > values [newtest]
> > Aug 21 20:29:15 - DEBUG - In object
> > "cn=acme-dev,ou=group,dc=example,dc=com": Attribute "gidNumber" is in
> FORCE
> > status
> > Aug 21 20:29:15 - DEBUG - In object
> > "cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute "gidNumber"
> with
> > values [10001]
> > Aug 21 20:29:15 - DEBUG - In object
> > "cn=acme-dev,ou=group,dc=example,dc=com": Attribute "objectClass" is in
> > FORCE status
> > Aug 21 20:29:15 - DEBUG - In object
> > "cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute "objectClass"
> > with values [posixGroup, top]
> > Aug 21 20:29:15 - ERROR - Error while adding entry
> > cn=acme-dev,ou=group,dc=example,dc=com in directory
> > :javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - Entry
> > Already Exists]; remaining name 'cn=acme-dev,ou=group'
> >
> >
>
> Are you sure the group in the destination is found by LSC? Don't you
> have a destination filter problem?
>
> Clément.
>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
