Re: [lsc-users] openldap to ad sync

Thu, 25 Oct 2012 15:54:35 -0700

You are correct in saying that I don't know js. I built this lsc.xml to this point from copying examples and modifying them until they seem to work. Save from hacking at it day after day I was hoping that someone can have a look at the code and the AD & LDAP sample DNs and maybe suggest a solution. Should be trivial for you clever guys :) 

Your help is appreciated.

Regards,
GD



On 10/25/2012 07:11 PM, Clément OUDOT wrote:

2012/10/25 George Dobson <[email protected]>:

Hi Clément,

I'm also trying to populate the Group membership and used the example as
below but when I run the Group task the member update is just omitted.

An example of a valid user DN in the destination AD (samAccountName =
ajavier):
CN=Aaron Javier,OU=UsersTEST,OU=Dept,DC=company,DC=local
The corresponding user DN in the source openldap:
uid=ajavier,ou=People,dc=department,dc=zone

     <task>
       <name>Group</name>
       <bean>org.lsc.beans.SimpleBean</bean>
       <ldapSourceService>
         <name>openldap-source-service-group</name>
         <connection reference="ldap-src-conn" />
         <baseDn>ou=group,dc=department,dc=zone</baseDn>

         <pivotAttributes>
           <string>cn</string>
         </pivotAttributes>
         <fetchedAttributes>
           <string>cn</string>
           <string>memberUid</string>
           <string>description</string>
           <string>objectClass</string>
         </fetchedAttributes>
         <getAllFilter>(objectClass=top)</getAllFilter>
         <getOneFilter>(&amp;(objectClass=top)(cn={cn}))</getOneFilter>
         <cleanFilter>(&amp;(objectClass=top)(cn={cn}))</cleanFilter>
       </ldapSourceService>
       <ldapDestinationService>
         <name>ad-dst-service-group</name>
         <connection reference="ldap-dst-conn" />
         <baseDn>ou=GroupsTEST,ou=Dept,dc=company,dc=local</baseDn>

         <pivotAttributes>
           <string>cn</string>
         </pivotAttributes>
         <fetchedAttributes>
           <string>cn</string>
           <string>name</string>
           <string>description</string>
           <string>sAMAccountName</string>
           <string>objectClass</string>
           <string>member</string>
         </fetchedAttributes>
         <getAllFilter>(objectClass=group)</getAllFilter>

         <getOneFilter>(&amp;(objectClass=group)(cn={cn}))</getOneFilter>
<!--
         <cleanFilter>(&amp;(objectClass=group)(cn={cn}))</cleanFilter>
-->

       </ldapDestinationService>
       <propertiesBasedSyncOptions>
         <mainIdentifier>"CN=" + srcBean.getDatasetFirstValueById("cn") +
           ",OU=GroupsTEST,OU=Dept,DC=company,DC=local"</mainIdentifier>

         <defaultDelimiter>;</defaultDelimiter>
         <defaultPolicy>FORCE</defaultPolicy>
         <dataset>
           <name>member</name>
           <policy>MERGE</policy>
           <forceValues>
             <string>
<![CDATA[
                 var membersSrcDn =
srcBean.getDatasetValuesById("memberUid");

                 var memberUidValues = [];
                 for  (var i=0; i<membersSrcDn.size(); i++) {
                         var memberSrcDn = membersSrcDn.get(i);
                         var agriUid = "";
                         try {
                                 agriUid =
ldap-dst-conn.attribute(memberSrcDn, "samAccountName").get(0);
                         } catch(e) {
                                 continue;
                         }
                         var destMembersDn = ldap.search("ou=UsersTEST",
"(agriUid=" + agriUid + ")");

                         if (destMembersDn.size() == 0 ||
destMembersDn.size() > 1) {
                                 continue;
                         }
                         var destMemberDn = destMembersDn.get(0);
                         var memberUid = ldap.attribute(destMemberDn,
"uid").get(0);
                         memberUidValues.push (member);
                 }
                 memberUidValues
]]>
             </string>
           </forceValues>
         </dataset>
         <dataset>
           <name>sAMAccountName</name>
           <policy>KEEP</policy>
           <forceValues>
             <string>js:srcBean.getDatasetFirstValueById("cn")</string>
           </forceValues>
         </dataset>
         <dataset>
           <name>name</name>
           <policy>KEEP</policy>
           <forceValues>
             <string>js:srcBean.getDatasetFirstValueById("cn")</string>
           </forceValues>
         </dataset>
         <dataset>
           <name>objectClass</name>
           <policy>KEEP</policy>
           <forceValues>
             <string>"group"</string>
           </forceValues>
         </dataset>
       </propertiesBasedSyncOptions>
     </task>

The output I get is:
root:/usr/local/lsc-2.0# bin/lsc -f etc -c all -s Group
Oct 25 16:44:21 - DEBUG - Loading XML configuration from:
/usr/local/lsc-2.0/etc/lsc.xml
Oct 25 16:44:22 - INFO  - Reflections took 821 ms to scan 1 urls, producing
60 keys and 226 values
Oct 25 16:44:22 - DEBUG - Importing XML schema file:
schemas/lsc-core-2.0.xsd
Oct 25 16:44:22 - INFO  - Logging configuration successfully loaded from
/usr/local/lsc-2.0/etc/logback.xml
Oct 25 16:44:22 - INFO  - LSC configuration successfully loaded from
/usr/local/lsc-2.0/etc/
Oct 25 16:44:23 - INFO  - Connecting to LDAP server
ldap://192.168.49.167:389/dc=company,dc=local as
CN=ldapbind,DC=company,DC=local
Oct 25 16:44:23 - WARN  - Your baseDn settings (ou=UsersTEST,ou=Dept) does
not end with the LDAP naming context (dc=company,dc=local). This is probably
an error ! For LSC 1.X users, this is part of the changelog to 2.X.
Oct 25 16:44:23 - INFO  - Connecting to LDAP server
ldap://localhost:389/dc=department,dc=zone as uid=root,ou=People,dc=zone
Oct 25 16:44:23 - INFO  - Starting clean for People
Oct 25 16:44:25 - INFO  - All entries: 428, to modify entries: 0,
successfully modified entries: 0, errors: 0
Oct 25 16:44:25 - INFO  - Starting sync for Group
Oct 25 16:44:25 - ERROR - Synchronization aborted because no source object
has been found !
Oct 25 16:44:26 - INFO  - # Adding new object
CN=idev,OU=GroupsTEST,OU=Dept,DC=company,DC=local for Group
dn: CN=idev,OU=GroupsTEST,OU=Dept,DC=company,DC=local
changetype: add
cn: idev
sAMAccountName: idev
description: Company Development Team
name: idev
objectClass: group

Oct 25 16:44:27 - INFO  - # Adding new object
CN=icsworkforce,OU=GroupsTEST,OU=Dept,DC=company,DC=local for Group
dn: CN=icsworkforce,OU=GroupsTEST,OU=Dept,DC=company,DC=local
changetype: add
cn: icsworkforce
sAMAccountName: icsworkforce
description: Call Centre Team
name: icsworkforce
objectClass: group

Oct 25 16:44:27 - INFO  - # Adding new object
CN=icsprocess,OU=GroupsTEST,OU=Dept,DC=company,DC=local for Group
dn: CN=icsprocess,OU=GroupsTEST,OU=Dept,DC=company,DC=local
changetype: add
cn: icsprocess
sAMAccountName: icsprocess
description: Call Centre Team
name: icsprocess
objectClass: group

Oct 25 16:44:27 - INFO  - # Adding new object
CN=ifraud,OU=GroupsTEST,OU=Dept,DC=company,DC=local for Group
dn: CN=ifraud,OU=GroupsTEST,OU=Dept,DC=company,DC=local
changetype: add
cn: ifraud
sAMAccountName: ifraud
description: department fraud team
name: ifraud
objectClass: group
...
...


I think you cpy/paste the code without understanding it. Try to find
how the js code works. It will search attributes in src LDAP with a
filter, and then build values for attribute in destination. Adapt all
searches to your LDAP schema.

By the way, why did you choose a MERGE policy?

Clément.



_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to