Good day everyone! I have a working configuration for OpenLDAP ---> AD which works fine for creating and updating the users... but the problem I have is if I remove the users from the source it doesn't get deleted in the destination. How can I do this? Also I just want the users to be deleted within the destination baseDN.
My configuration is: <?xml version="1.0" ?> <lsc xmlns="http://lsORc-project.org/XSD/lsc-core-2.0.xsd"; revision="0"> <connections> <ldapConnection> <name>ldap-src-conn</name> <url>ldap://10.11.10.70:389/o=OR</url> <username>cn=Manager,o=OR</username> <password>secret</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>900</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> </ldapConnection> <ldapConnection> <name>ldap-dst-conn</name> <url>ldaps:// WIN-ADBOX.testdir.Organization.com:636/dc=testdir,dc=Organization,dc=com </url> <username>[email protected]</username> <password>password!</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>900</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> </ldapConnection> </connections> <tasks> <task> <name>Users</name> <bean>org.lsc.beans.SimpleBean</bean> <ldapSourceService> <name>openldap-source-service</name> <connection reference="ldap-src-conn" /> <baseDn>o=OR</baseDn> <pivotAttributes> <string>entryUUID</string> </pivotAttributes> <fetchedAttributes> <string>entryUUID</string> <string>cn</string> <string>sn</string> <string>givenName</string> <string>objectClass</string> <string>mail</string> <!--<string>userPassword</string>--> </fetchedAttributes> <getAllFilter>(&(objectClass=inetorgperson)(groupMembership=cn=ReplGroup,ou=GROUPS,ou=CORP,o=OR))</getAllFilter> <getOneFilter>(&(&(objectClass=inetorgperson)(entryUUID={entryUUID}))(groupMembership=cn=ReplGroup,ou=GROUPS,ou=CORP,o=OR))</getOneFilter> <cleanFilter>(&(groupMembership=cn=ReplGroup,ou=CORP,o=OR)(&(objectClass=inetorgperson)(entryUUID={entryUUID}))</cleanFilter> </ldapSourceService> <ldapDestinationService> <name>ad-dst-service</name> <connection reference="ldap-dst-conn" /> <baseDn>OU=IDVault,DC=testdir,DC=Organization,dc=com</baseDn> <pivotAttributes> <string>description</string> </pivotAttributes> <fetchedAttributes> <string>description</string> <string>cn</string> <string>sn</string> <string>givenName</string> <string>objectClass</string> <string>samAccountName</string> <string>userPrincipalName</string> <string>mail</string> <string>displayName</string> <string>userAccountControl</string> <string>unicodePwd</string> <!--<string>userPassword</string>--> </fetchedAttributes> <getAllFilter>(objectClass=user)</getAllFilter> <getOneFilter>(&(objectClass=user)(description={entryUUID}))</getOneFilter> </ldapDestinationService> <propertiesBasedSyncOptions> <mainIdentifier>"CN=" + srcBean.getDatasetFirstValueById("cn") + ",OU=IDVault,DC=testdir,DC=Organization,DC=com"</mainIdentifier> <defaultDelimiter>;</defaultDelimiter> <defaultPolicy>FORCE</defaultPolicy> <conditions> <create>true</create> <delete>true</delete> </conditions> <dataset> <name>description</name> <policy>FORCE</policy> <forceValues> <string>js:srcBean.getDatasetFirstValueById("entryUUID")</string> </forceValues> </dataset> <dataset> <name>samAccountName</name> <policy>KEEP</policy> <createValues> <string><![CDATA[js: var result = srcBean.getDatasetFirstValueById("cn"); <!-- java.lang.System.out.println("DEBUG++++++++++++++++:"+result+result.length().toString());--> if (result.length() > 20){ var result = result.substring(0,19); } <!-- java.lang.System.out.println("DEBUG++++++++++++++++++++++++++++++:"+result); --> result ]]></string> </createValues> </dataset> <dataset> <name>objectClass</name> <policy>KEEP</policy> <createValues> <string>"user"</string> </createValues> </dataset> <dataset> <name>unicodePwd</name> <policy>KEEP</policy> <createValues> <string>AD.getUnicodePwd("Changeth1s!")</string> </createValues> </dataset> <dataset> <name>userPrincipalName</name> <policy>KEEP</policy> <forceValues> <string><![CDATA[js: var result = srcBean.getDatasetFirstValueById("cn"); java.lang.System.out.println("DEBUG++++++++++++++++:"+result+result.length().toString()); if (result.length() > 20){ var result = result.substring(0,19); } java.lang.System.out.println("DEBUG++++++++++++++++++++++++++++++:"+result); var result = result + "@testdir.Organization.com"; result ]]></string> </forceValues> </dataset> <dataset> <name>userAccountControl</name> <policy>KEEP</policy> <createValues> <string>AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT])</string> </createValues> </dataset> </propertiesBasedSyncOptions> </task> </tasks> </lsc> Cloudreach Limited is a limited company registered in England with registered number 06975407 The above terms reflect a potential business arrangement, are provided solely as a basis for further discussion, and are not intended to be and do not constitute a legally binding obligation. No legally binding obligations will be created, implied, or inferred until an agreement in final form is executed in writing by all parties involved. This email may be confidential or privileged. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let us know that it has gone to the wrong person.
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
