2012/8/27 Domenic Silletti <[email protected]>
>
> HI,
> I'm running LSC 2.0 that successfully synchronizes users from openldap to
> Active Directory. I want to be able to set userAccountControl to "0" (the
> account needs to be disabled in Active Directory) based on the value of an
> attribute in openldap. We have "employeeType = Abandoned" in opendlap to
> designate an employee who has left. I need to insert some simple if/then
> logic into my esc.xml file and would like to know if this is possible or not.
Of course it is possible!
In the dataset you created for attribute userAccountControl, write
this kind of script (test it, I write it just as an example):
var uac = dstBean.getDatasetFirstValueById('userAccountControl');
if (srcBean.getDatasetFirstValueById('emplyeeType') == "Abandonned") {
uac = AD.userAccountControlSet(
dstBean.getDatasetFirstValueById('userAccountControl'),
[AD.UAC_SET_ACCOUNTDISABLE]);
} else {
uac = AD.userAccountControlSet(
dstBean.getDatasetFirstValueById('userAccountControl'),
[AD.UAC_UNSET_ACCOUNTDISABLE]);
}
uac;
See
http://lsc-project.org/wiki/documentation/2.0/configuration/syncoptions/activedirectory
for more details.
Clément.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
