Re: [lsc-users] OpenLDAP -> ActiveDirectory Sync

[Evandro Nabor]

I've already solved the problem !

http://www.mail-archive.com/lsc-users@lists.lsc-project.org/msg00718.html

I've just changed this part

lsc.tasks.user.dstService.pivotAttrs = uid

to

lsc.tasks.user.dstService.pivotAttrs = sAMAccount

Thanks !
LSC rock !!

2012/9/14 Evandro Nabor <evandrona...@gmail.com>

> Hi all
>
> I trying to do a sync users and groups from my OpenLDAP to ActiveDirectory
> 2008 R2.
>
> When I run bin/lsc -f etc/ -s all , it work's fine, all of my openldap
> users are sync to my ActiveDirectory.
>
> The problem is when i run bin/lsc -f etc/ -c all , only all of my users
> are deleted, the groups stay ok in AD.
> So, just the groups work fine, if a delete the group "Developers" from my
> OpenLDAP and run bin/lsc -f etc/ -c all , just this group is deleted from
> ActiveDirectory, but the users are all deleted.
>
> this is my lsc.properties
>
> Thanks !
>
> ### Source ###
>
> src.java.naming.security.principal=cn=Manager,dc=domain,dc=test
> src.java.naming.security.credentials=supersecret
> src.java.naming.security.authentication=simple
> src.java.naming.referral=ignore
> src.java.naming.provider.url=ldap://localhost/dc=domain,dc=test
> src.java.naming.ldap.version=3
> src.java.naming.ldap.derefAliases=never
> src.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
>
>
>
> ### Destination ###
>
> dst.java.naming.security.principal=CN=LSC,CN=Users,dc=ad,dc=test
> dst.java.naming.security.credentials=supersecret
> dst.java.naming.security.authentication=simple
> dst.java.naming.referral=ignore
> dst.java.naming.provider.url=ldap://10.1.190.17/dc=ad,dc=test
> dst.java.naming.ldap.version=3
> dst.java.naming.ldap.derefAliases=never
> dst.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
> dst.java.naming.ldap.pageSize = 1000
> #dst.java.naming.tls = true
>
>
> ### Tasks ###
>
> lsc.tasks=user
> lsc.tasks=group
>
>  ### User ###
> lsc.tasks.user.condition.create = 1
> lsc.tasks.user.condition.update = 1
> lsc.tasks.user.condition.delete = 1
> lsc.tasks.user.condition.modrdn = 1
>
> lsc.tasks.user.bean=org.lsc.beans.SimpleBean
> lsc.tasks.user.dn = "CN=" + srcBean.getAttributeValueById("uid") +
> ",CN=Users"
> # Source
> lsc.tasks.user.srcService=org.lsc.jndi.SimpleJndiSrcService
> lsc.tasks.user.srcService.filterAll=(&(objectClass=inetOrgPerson)(uid=*))
> lsc.tasks.user.srcService.filterId =
> (&(objectClass=inetOrgPerson)(|(uid={uid})(uid={sAMAccountName})))
> lsc.tasks.user.srcService.baseDn=ou=Pessoas
> lsc.tasks.user.srcService.attrs= uid sambaLogonScript homeDirectory
> lsc.tasks.user.srcService.pivotAttrs = uid
> # Destination
> lsc.tasks.user.dstService=org.lsc.jndi.SimpleJndiDstService
> lsc.tasks.user.dstService.baseDn=cn=Users
> lsc.tasks.user.dstService.attrs = sAMAccountName userAccountControl
> objectClass userPrincipalName pwdLastSet scriptPath homeDirectory
>
> lsc.tasks.user.dstService.filterAll=(&(objectClass=person)(sAMAccountName=*)(!(sAMAccountName=Administrator))(!(sAMAccountName=Guest))(!(sAMAccountName=krbtgt))(!(sAMAccountName=LSC)))
> lsc.tasks.user.dstService.filterId =
> (&(objectClass=person)(sAMAccountName={uid}))
> lsc.tasks.user.dstService.pivotAttrs = uid
>
> ### Group ###
>
> lsc.tasks.group.condition.create = 1
> lsc.tasks.group.condition.update = 1
> lsc.tasks.group.condition.delete = 1
> lsc.tasks.group.condition.modrdn = 1
>
> lsc.tasks.group.dn = "CN=" + srcBean.getAttributeValueById("cn") +
> ",CN=Users"
> lsc.tasks.group.bean=org.lsc.beans.SimpleBean
> # Source
> lsc.tasks.group.srcService=org.lsc.jndi.SimpleJndiSrcService
> lsc.tasks.group.srcService.filterAll = (&(objectClass=posixGroup)(cn=*))
> lsc.tasks.group.srcService.filterId = (&(objectClass=posixGroup)(cn={cn}))
> lsc.tasks.group.srcService.baseDn=ou=Grupos
> lsc.tasks.group.srcService.attrs=cn objectClass memberUid
> lsc.tasks.group.srcService.pivotAttrs = cn
> # Destination
> lsc.tasks.group.dstService=org.lsc.jndi.SimpleJndiDstService
> lsc.tasks.group.dstService.baseDn=cn=Users
> lsc.tasks.group.dstService.attrs = cn objectClass member sAMAccountName
> lsc.tasks.group.dstService.pivotAttrs =  cn
> lsc.tasks.group.dstService.filterAll =
> (&(objectClass=group)(sAMAccountName=*)(!(sAMAccountName=DnsAdmins))(!(sAMAccountName=DnsUpdateProxy))(!(sAMAccountName=Domain
> Computers))(!(sAMAccountName=Domain Controllers))(!(sAMAccountName=Schema
> Admins))(!(sAMAccountName=Enterprise Admins))(!(sAMAccountName=Cert
> Publishers))(!(sAMAccountName=Domain Admins))(!(sAMAccountName=Domain
> Users))(!(sAMAccountName=Domain Guests))(!(sAMAccountName=Group Policy
> Creator Owners))(!(sAMAccountName=RAS and IAS
> Servers))(!(sAMAccountName=Allowed RODC Password Replication
> Group))(!(sAMAccountName=Denied RODC Password Replication
> Group))(!(sAMAccountName=Read-only Domain
> Controllers))(!(sAMAccountName=Enterprise Read-only Domain Controllers)))
> lsc.tasks.group.dstService.filterId = (&(objectClass=group)(cn={cn}))
>
>
> ### Syncoptions ###
>
> ### User ###
> lsc.syncoptions.user = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
> lsc.syncoptions.user.default.action = K
> lsc.syncoptions.user.objectClass.action = F
> lsc.syncoptions.user.objectClass.force_value =
> "top";"user";"person";"organizationalPerson"
> lsc.syncoptions.user.sAMAccountName.create_value =
> srcBean.getAttributeValueById("uid")
> lsc.syncoptions.user.scriptPath.create_value =
> srcBean.getAttributeValueById("sambaLogonScript")
> lsc.syncoptions.user.userPrincipalName.force_value =
> srcBean.getAttributeValueById("uid") + "@ad.test"
> lsc.syncoptions.user.userAccountControl.create_value =
> AD.userAccountControlSet( "0", [
> AD.UAC_SET_PASSWD_NOTREQD,AD.UAC_SET_NORMAL_ACCOUNT ])
> lsc.syncoptions.user.pwdLastSet.create_value = "-1"
>
> ### Group ###
> lsc.syncoptions.group =
> org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
> lsc.syncoptions.group.sAMAccountName.create_value =
> srcBean.getAttributeValueById("cn")
> lsc.syncoptions.group.default.action = K
> lsc.syncoptions.group.objectClass.force_value = "top";"group"
> lsc.syncoptions.group.member.delimiter = $
>
> lsc.syncoptions.group.member.force_value = \
>     var umembers = \
>         srcBean.getAttributeValuesById("memberUid").toArray() ; \
>     for (var i=0; i<umembers.length; i++ ) { \
>         try { \
>             umembers[i] =
> ldap.attribute(ldap.list("CN=Users","(sAMAccountName=" + (umembers[i]) +
> ")").get(0), 'distinguishedName').get(0) \
>         } catch (e) { \
>             umembers[i]=null; \
>         } \
>     } \
>     var members = new Array(); \
>     var j=0; \
>     for (var i=0; i<umembers.length; i++) { \
>         if (umembers[i]!=null) members[j++]=umembers[i]; \
>     } \
>     members;
>
>
>

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users