Hi Clément,
I'm also trying to populate the Group membership and used the example as below
but when I run the Group task the member update is just omitted.
An example of a valid user DN in the destination AD (samAccountName = ajavier):
CN=Aaron Javier,OU=UsersTEST,OU=Dept,DC=company,DC=local
The corresponding user DN in the source openldap:
uid=ajavier,ou=People,dc=department,dc=zone
<task>
<name>Group</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>openldap-source-service-group</name>
<connection reference="ldap-src-conn" />
<baseDn>ou=group,dc=department,dc=zone</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>memberUid</string>
<string>description</string>
<string>objectClass</string>
</fetchedAttributes>
<getAllFilter>(objectClass=top)</getAllFilter>
<getOneFilter>(&(objectClass=top)(cn={cn}))</getOneFilter>
<cleanFilter>(&(objectClass=top)(cn={cn}))</cleanFilter>
</ldapSourceService>
<ldapDestinationService>
<name>ad-dst-service-group</name>
<connection reference="ldap-dst-conn" />
<baseDn>ou=GroupsTEST,ou=Dept,dc=company,dc=local</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>name</string>
<string>description</string>
<string>sAMAccountName</string>
<string>objectClass</string>
<string>member</string>
</fetchedAttributes>
<getAllFilter>(objectClass=group)</getAllFilter>
<getOneFilter>(&(objectClass=group)(cn={cn}))</getOneFilter>
<!--
<cleanFilter>(&(objectClass=group)(cn={cn}))</cleanFilter>
-->
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>"CN=" + srcBean.getDatasetFirstValueById("cn") +
",OU=GroupsTEST,OU=Dept,DC=company,DC=local"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<dataset>
<name>member</name>
<policy>MERGE</policy>
<forceValues>
<string>
<![CDATA[
var membersSrcDn = srcBean.getDatasetValuesById("memberUid");
var memberUidValues = [];
for (var i=0; i<membersSrcDn.size(); i++) {
var memberSrcDn = membersSrcDn.get(i);
var agriUid = "";
try {
agriUid = ldap-dst-conn.attribute(memberSrcDn,
"samAccountName").get(0);
} catch(e) {
continue;
}
var destMembersDn = ldap.search("ou=UsersTEST", "(agriUid=" +
agriUid + ")");
if (destMembersDn.size() == 0 || destMembersDn.size() >
1) {
continue;
}
var destMemberDn = destMembersDn.get(0);
var memberUid = ldap.attribute(destMemberDn,
"uid").get(0);
memberUidValues.push (member);
}
memberUidValues
]]>
</string>
</forceValues>
</dataset>
<dataset>
<name>sAMAccountName</name>
<policy>KEEP</policy>
<forceValues>
<string>js:srcBean.getDatasetFirstValueById("cn")</string>
</forceValues>
</dataset>
<dataset>
<name>name</name>
<policy>KEEP</policy>
<forceValues>
<string>js:srcBean.getDatasetFirstValueById("cn")</string>
</forceValues>
</dataset>
<dataset>
<name>objectClass</name>
<policy>KEEP</policy>
<forceValues>
<string>"group"</string>
</forceValues>
</dataset>
</propertiesBasedSyncOptions>
</task>
The output I get is:
root:/usr/local/lsc-2.0# bin/lsc -f etc -c all -s Group
Oct 25 16:44:21 - DEBUG - Loading XML configuration from:
/usr/local/lsc-2.0/etc/lsc.xml
Oct 25 16:44:22 - INFO - Reflections took 821 ms to scan 1 urls, producing 60
keys and 226 values
Oct 25 16:44:22 - DEBUG - Importing XML schema file: schemas/lsc-core-2.0.xsd
Oct 25 16:44:22 - INFO - Logging configuration successfully loaded from
/usr/local/lsc-2.0/etc/logback.xml
Oct 25 16:44:22 - INFO - LSC configuration successfully loaded from
/usr/local/lsc-2.0/etc/
Oct 25 16:44:23 - INFO - Connecting to LDAP server
ldap://192.168.49.167:389/dc=company,dc=local as CN=ldapbind,DC=company,DC=local
Oct 25 16:44:23 - WARN - Your baseDn settings (ou=UsersTEST,ou=Dept) does not
end with the LDAP naming context (dc=company,dc=local). This is probably an
error ! For LSC 1.X users, this is part of the changelog to 2.X.
Oct 25 16:44:23 - INFO - Connecting to LDAP server
ldap://localhost:389/dc=department,dc=zone as uid=root,ou=People,dc=zone
Oct 25 16:44:23 - INFO - Starting clean for People
Oct 25 16:44:25 - INFO - All entries: 428, to modify entries: 0, successfully
modified entries: 0, errors: 0
Oct 25 16:44:25 - INFO - Starting sync for Group
Oct 25 16:44:25 - ERROR - Synchronization aborted because no source object has
been found !
Oct 25 16:44:26 - INFO - # Adding new object
CN=idev,OU=GroupsTEST,OU=Dept,DC=company,DC=local for Group
dn: CN=idev,OU=GroupsTEST,OU=Dept,DC=company,DC=local
changetype: add
cn: idev
sAMAccountName: idev
description: Company Development Team
name: idev
objectClass: group
Oct 25 16:44:27 - INFO - # Adding new object
CN=icsworkforce,OU=GroupsTEST,OU=Dept,DC=company,DC=local for Group
dn: CN=icsworkforce,OU=GroupsTEST,OU=Dept,DC=company,DC=local
changetype: add
cn: icsworkforce
sAMAccountName: icsworkforce
description: Call Centre Team
name: icsworkforce
objectClass: group
Oct 25 16:44:27 - INFO - # Adding new object
CN=icsprocess,OU=GroupsTEST,OU=Dept,DC=company,DC=local for Group
dn: CN=icsprocess,OU=GroupsTEST,OU=Dept,DC=company,DC=local
changetype: add
cn: icsprocess
sAMAccountName: icsprocess
description: Call Centre Team
name: icsprocess
objectClass: group
Oct 25 16:44:27 - INFO - # Adding new object
CN=ifraud,OU=GroupsTEST,OU=Dept,DC=company,DC=local for Group
dn: CN=ifraud,OU=GroupsTEST,OU=Dept,DC=company,DC=local
changetype: add
cn: ifraud
sAMAccountName: ifraud
description: department fraud team
name: ifraud
objectClass: group
...
...
Thanks for helping.
Regards,
George
On 10/22/2012 06:31 PM, Clément OUDOT wrote:
2012/10/22 Christian Bösch <[email protected]>:
On Oct 19, 2012, at 14:36 , Clément OUDOT <[email protected]> wrote:
2012/10/19 Christian Bösch <[email protected]>:
Hi Clement,
This had the effect that all the members have been deleted in the AD group.
Oct 19 14:19:15 - INFO - # Updating object
CN=ou-is,OU=FHgroups,DC=ad,DC=abc,DC=net for groups
dn: CN=ou-is,OU=FHgroups,DC=ad,DC=abc,DC=net
changetype: modify
delete: member
So try with :
var members = [];
You should just get a compliant javacript code, LSC will jsut run it into Rhino.
Hi Clement,
Still no success.
So to test I set members manually:
<string><![CDATA[
var members = ['CN=Lastname
Firstname,OU=FHusers,DC=ad,DC=abc,DC=net'];
members
]]></string>
But there is still the error:
ERROR - Error while modifying entry CN=ou-is,OU=FHgroups,DC=ad,DC=abc,DC=net in
directory :javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
0000054F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'CN=ou-is,OU=FHgroups'
ERROR - Error while synchronizing ID CN=ou-is,OU=FHgroups,DC=ad,DC=abc,DC=net:
java.lang.NullPointerException
dn: CN=ou-is,OU=FHgroups,DC=ad,DC=abc,DC=net
changetype: modify
replace: member
member: sun.org.mozilla.javascript.NativeArray@f052d5
Here is a sample code that transform uniqueMember values (DN) into
memberUid values (uid) :
<dataset>
<name>memberUid</name>
<policy>FORCE</policy>
<defaultValues></defaultValues>
<forceValues>
<string>
<![CDATA[
var membersSrcDn =
srcBean.getDatasetValuesById("uniqueMember");
var memberUidValues = [];
for (var i=0; i<membersSrcDn.size(); i++) {
var memberSrcDn = membersSrcDn.get(i);
var agriUid = "";
try {
agriUid =
srcLdap.attribute(memberSrcDn, "uid").get(0);
} catch(e) {
continue;
}
var destMembersDn = ldap.search("ou=users",
"(agriUid=" + agriUid + ")");
if (destMembersDn.size() == 0 ||
destMembersDn.size() > 1) {
continue;
}
var destMemberDn = destMembersDn.get(0);
var memberUid = ldap.attribute(destMemberDn,
"uid").get(0);
memberUidValues.push (memberUid);
}
memberUidValues
]]>
</string>
</forceValues>
<createValues></createValues>
</dataset>
Hope this can help you to get a correct script.
Clément.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
