Re: [lsc-users] openldap to ad sync

Clément OUDOT Thu, 25 Oct 2012 01:12:07 -0700

2012/10/25 George Dobson <[email protected]>:
> Hi Clément,
>
> I'm also trying to populate the Group membership and used the example as
> below but when I run the Group task the member update is just omitted.
>
> An example of a valid user DN in the destination AD (samAccountName =
> ajavier):
> CN=Aaron Javier,OU=UsersTEST,OU=Dept,DC=company,DC=local
> The corresponding user DN in the source openldap:
> uid=ajavier,ou=People,dc=department,dc=zone
>
>     <task>
>       <name>Group</name>
>       <bean>org.lsc.beans.SimpleBean</bean>
>       <ldapSourceService>
>         <name>openldap-source-service-group</name>
>         <connection reference="ldap-src-conn" />
>         <baseDn>ou=group,dc=department,dc=zone</baseDn>
>
>         <pivotAttributes>
>           <string>cn</string>
>         </pivotAttributes>
>         <fetchedAttributes>
>           <string>cn</string>
>           <string>memberUid</string>
>           <string>description</string>
>           <string>objectClass</string>
>         </fetchedAttributes>
>         <getAllFilter>(objectClass=top)</getAllFilter>
>         <getOneFilter>(&amp;(objectClass=top)(cn={cn}))</getOneFilter>
>         <cleanFilter>(&amp;(objectClass=top)(cn={cn}))</cleanFilter>
>       </ldapSourceService>
>       <ldapDestinationService>
>         <name>ad-dst-service-group</name>
>         <connection reference="ldap-dst-conn" />
>         <baseDn>ou=GroupsTEST,ou=Dept,dc=company,dc=local</baseDn>
>
>         <pivotAttributes>
>           <string>cn</string>
>         </pivotAttributes>
>         <fetchedAttributes>
>           <string>cn</string>
>           <string>name</string>
>           <string>description</string>
>           <string>sAMAccountName</string>
>           <string>objectClass</string>
>           <string>member</string>
>         </fetchedAttributes>
>         <getAllFilter>(objectClass=group)</getAllFilter>
>
>         <getOneFilter>(&amp;(objectClass=group)(cn={cn}))</getOneFilter>
> <!--
>         <cleanFilter>(&amp;(objectClass=group)(cn={cn}))</cleanFilter>
> -->
>
>       </ldapDestinationService>
>       <propertiesBasedSyncOptions>
>         <mainIdentifier>"CN=" + srcBean.getDatasetFirstValueById("cn") +
>           ",OU=GroupsTEST,OU=Dept,DC=company,DC=local"</mainIdentifier>
>
>         <defaultDelimiter>;</defaultDelimiter>
>         <defaultPolicy>FORCE</defaultPolicy>
>         <dataset>
>           <name>member</name>
>           <policy>MERGE</policy>
>           <forceValues>
>             <string>
> <![CDATA[
>                 var membersSrcDn =
> srcBean.getDatasetValuesById("memberUid");
>
>                 var memberUidValues = [];
>                 for  (var i=0; i<membersSrcDn.size(); i++) {
>                         var memberSrcDn = membersSrcDn.get(i);
>                         var agriUid = "";
>                         try {
>                                 agriUid =
> ldap-dst-conn.attribute(memberSrcDn, "samAccountName").get(0);
>                         } catch(e) {
>                                 continue;
>                         }
>                         var destMembersDn = ldap.search("ou=UsersTEST",
> "(agriUid=" + agriUid + ")");
>
>                         if (destMembersDn.size() == 0 ||
> destMembersDn.size() > 1) {
>                                 continue;
>                         }
>                         var destMemberDn = destMembersDn.get(0);
>                         var memberUid = ldap.attribute(destMemberDn,
> "uid").get(0);
>                         memberUidValues.push (member);
>                 }
>                 memberUidValues
> ]]>
>             </string>
>           </forceValues>
>         </dataset>
>         <dataset>
>           <name>sAMAccountName</name>
>           <policy>KEEP</policy>
>           <forceValues>
>             <string>js:srcBean.getDatasetFirstValueById("cn")</string>
>           </forceValues>
>         </dataset>
>         <dataset>
>           <name>name</name>
>           <policy>KEEP</policy>
>           <forceValues>
>             <string>js:srcBean.getDatasetFirstValueById("cn")</string>
>           </forceValues>
>         </dataset>
>         <dataset>
>           <name>objectClass</name>
>           <policy>KEEP</policy>
>           <forceValues>
>             <string>"group"</string>
>           </forceValues>
>         </dataset>
>       </propertiesBasedSyncOptions>
>     </task>
>
> The output I get is:
> root:/usr/local/lsc-2.0# bin/lsc -f etc -c all -s Group
> Oct 25 16:44:21 - DEBUG - Loading XML configuration from:
> /usr/local/lsc-2.0/etc/lsc.xml
> Oct 25 16:44:22 - INFO  - Reflections took 821 ms to scan 1 urls, producing
> 60 keys and 226 values
> Oct 25 16:44:22 - DEBUG - Importing XML schema file:
> schemas/lsc-core-2.0.xsd
> Oct 25 16:44:22 - INFO  - Logging configuration successfully loaded from
> /usr/local/lsc-2.0/etc/logback.xml
> Oct 25 16:44:22 - INFO  - LSC configuration successfully loaded from
> /usr/local/lsc-2.0/etc/
> Oct 25 16:44:23 - INFO  - Connecting to LDAP server
> ldap://192.168.49.167:389/dc=company,dc=local as
> CN=ldapbind,DC=company,DC=local
> Oct 25 16:44:23 - WARN  - Your baseDn settings (ou=UsersTEST,ou=Dept) does
> not end with the LDAP naming context (dc=company,dc=local). This is probably
> an error ! For LSC 1.X users, this is part of the changelog to 2.X.
> Oct 25 16:44:23 - INFO  - Connecting to LDAP server
> ldap://localhost:389/dc=department,dc=zone as uid=root,ou=People,dc=zone
> Oct 25 16:44:23 - INFO  - Starting clean for People
> Oct 25 16:44:25 - INFO  - All entries: 428, to modify entries: 0,
> successfully modified entries: 0, errors: 0
> Oct 25 16:44:25 - INFO  - Starting sync for Group
> Oct 25 16:44:25 - ERROR - Synchronization aborted because no source object
> has been found !
> Oct 25 16:44:26 - INFO  - # Adding new object
> CN=idev,OU=GroupsTEST,OU=Dept,DC=company,DC=local for Group
> dn: CN=idev,OU=GroupsTEST,OU=Dept,DC=company,DC=local
> changetype: add
> cn: idev
> sAMAccountName: idev
> description: Company Development Team
> name: idev
> objectClass: group
>
> Oct 25 16:44:27 - INFO  - # Adding new object
> CN=icsworkforce,OU=GroupsTEST,OU=Dept,DC=company,DC=local for Group
> dn: CN=icsworkforce,OU=GroupsTEST,OU=Dept,DC=company,DC=local
> changetype: add
> cn: icsworkforce
> sAMAccountName: icsworkforce
> description: Call Centre Team
> name: icsworkforce
> objectClass: group
>
> Oct 25 16:44:27 - INFO  - # Adding new object
> CN=icsprocess,OU=GroupsTEST,OU=Dept,DC=company,DC=local for Group
> dn: CN=icsprocess,OU=GroupsTEST,OU=Dept,DC=company,DC=local
> changetype: add
> cn: icsprocess
> sAMAccountName: icsprocess
> description: Call Centre Team
> name: icsprocess
> objectClass: group
>
> Oct 25 16:44:27 - INFO  - # Adding new object
> CN=ifraud,OU=GroupsTEST,OU=Dept,DC=company,DC=local for Group
> dn: CN=ifraud,OU=GroupsTEST,OU=Dept,DC=company,DC=local
> changetype: add
> cn: ifraud
> sAMAccountName: ifraud
> description: department fraud team
> name: ifraud
> objectClass: group
> ...
> ...
>


I think you cpy/paste the code without understanding it. Try to find
how the js code works. It will search attributes in src LDAP with a
filter, and then build values for attribute in destination. Adapt all
searches to your LDAP schema.

By the way, why did you choose a MERGE policy?

Clément.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Re: [lsc-users] openldap to ad sync

Reply via email to