2012/9/11 Domenic Silletti <[email protected]> > Thank you! > Sorry for the delay in responding, here is my dataset: > > <dataset> > <name>userAccountControl</name> > <policy>FORCE</policy> > <forceValues> > <string> > var uac = > dstBean.getDatasetFirstValueById('userAccountControl'); > if > (srcBean.getDatasetFirstValueById('employeeType') == "Abandoned") { > uac = > AD.userAccountControlSet(dstBean.getDatasetFirstValueById('userAccountControl'), > > [AD.UAC_SET_ACCOUNTDISABLE]); > } else { > uac = > AD.userAccountControlSet(dstBean.getDatasetFirstValueById('userAccountControl'), > > [AD.UAC_UNSET_ACCOUNTDISABLE]); > } > uac; > </string> > </forceValues> > </dataset> > > This works, although I have to run "lsc -f /etc/lsc -s all" twice to get > the desired results. First run adds the user to AD and the second run > enables all users who aren't labeled as "Abandoned". Am I correct in > thinking that I should have this dataset in a separate task to avoid having > to run lsc twice? > >
You can maybe add a <createValues> configuration in your dataset that will not search values in dstBean, and will be called only if the entry is created. Clément. > > --- On *Mon, 8/27/12, Clément OUDOT <[email protected]>* wrote: > > > From: Clément OUDOT <[email protected]> > Subject: Re: [lsc-users] Setting Users in Active Directory To Disabled > To: "Domenic Silletti" <[email protected]> > Cc: [email protected] > Date: Monday, August 27, 2012, 11:25 AM > > 2012/8/27 Domenic Silletti > <[email protected]<http://mc/[email protected]> > > > > > > HI, > > I'm running LSC 2.0 that successfully synchronizes users from openldap > to Active Directory. I want to be able to set userAccountControl to "0" > (the account needs to be disabled in Active Directory) based on the value > of an attribute in openldap. We have "employeeType = Abandoned" in > opendlap to designate an employee who has left. I need to insert some > simple if/then logic into my esc.xml file and would like to know if this is > possible or not. > > > > Of course it is possible! > > In the dataset you created for attribute userAccountControl, write > this kind of script (test it, I write it just as an example): > > var uac = dstBean.getDatasetFirstValueById('userAccountControl'); > if (srcBean.getDatasetFirstValueById('emplyeeType') == "Abandonned") { > uac = AD.userAccountControlSet( > dstBean.getDatasetFirstValueById('userAccountControl'), > [AD.UAC_SET_ACCOUNTDISABLE]); > } else { > uac = AD.userAccountControlSet( > dstBean.getDatasetFirstValueById('userAccountControl'), > [AD.UAC_UNSET_ACCOUNTDISABLE]); > } > uac; > > > See > http://lsc-project.org/wiki/documentation/2.0/configuration/syncoptions/activedirectory > for more details. > > > Clément. > >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
