Hi Emilio, If you run LSC with -c for clean mode, does this do the deletions?
Thanks, Joel On Wed, Nov 14, 2012 at 7:02 AM, Emilio García < [email protected]> wrote: > Good day everyone! > > I have a working configuration for OpenLDAP ---> AD which works fine for > creating and updating the users... but the problem I have is if I remove > the users from the source it doesn't get deleted in the destination. How > can I do this? Also I just want the users to be deleted within the > destination baseDN. > > My configuration is: > > <?xml version="1.0" ?> > > <lsc xmlns="http://lsORc-project.org/XSD/lsc-core-2.0.xsd"; revision="0"> > > <connections> > > <ldapConnection> > > <name>ldap-src-conn</name> > > <url>ldap://10.11.10.70:389/o=OR</url> > > <username>cn=Manager,o=OR</username> > > <password>secret</password> > > <authentication>SIMPLE</authentication> > > <referral>IGNORE</referral> > > <derefAliases>NEVER</derefAliases> > > <version>VERSION_3</version> > > <pageSize>900</pageSize> > > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > > <tlsActivated>false</tlsActivated> > > </ldapConnection> > > <ldapConnection> > > <name>ldap-dst-conn</name> > > <url>ldaps:// > WIN-ADBOX.testdir.Organization.com:636/dc=testdir,dc=Organization,dc=com > </url> > > <username>[email protected]</username> > > <password>password!</password> > > <authentication>SIMPLE</authentication> > > <referral>IGNORE</referral> > > <derefAliases>NEVER</derefAliases> > > <version>VERSION_3</version> > > <pageSize>900</pageSize> > > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > > <tlsActivated>false</tlsActivated> > > </ldapConnection> > > </connections> > > <tasks> > > <task> > > <name>Users</name> > > <bean>org.lsc.beans.SimpleBean</bean> > > <ldapSourceService> > > <name>openldap-source-service</name> > > <connection reference="ldap-src-conn" /> > > <baseDn>o=OR</baseDn> > > <pivotAttributes> > > <string>entryUUID</string> > > </pivotAttributes> > > <fetchedAttributes> > > <string>entryUUID</string> > > <string>cn</string> > > <string>sn</string> > > <string>givenName</string> > > <string>objectClass</string> > > <string>mail</string> > > <!--<string>userPassword</string>--> > > </fetchedAttributes> > > > <getAllFilter>(&(objectClass=inetorgperson)(groupMembership=cn=ReplGroup,ou=GROUPS,ou=CORP,o=OR))</getAllFilter> > > > <getOneFilter>(&(&(objectClass=inetorgperson)(entryUUID={entryUUID}))(groupMembership=cn=ReplGroup,ou=GROUPS,ou=CORP,o=OR))</getOneFilter> > > > <cleanFilter>(&(groupMembership=cn=ReplGroup,ou=CORP,o=OR)(&(objectClass=inetorgperson)(entryUUID={entryUUID}))</cleanFilter> > > </ldapSourceService> > > <ldapDestinationService> > > <name>ad-dst-service</name> > > <connection reference="ldap-dst-conn" /> > > > <baseDn>OU=IDVault,DC=testdir,DC=Organization,dc=com</baseDn> > > <pivotAttributes> > > <string>description</string> > > </pivotAttributes> > > <fetchedAttributes> > > <string>description</string> > > <string>cn</string> > > <string>sn</string> > > <string>givenName</string> > > <string>objectClass</string> > > <string>samAccountName</string> > > <string>userPrincipalName</string> > > <string>mail</string> > > <string>displayName</string> > > <string>userAccountControl</string> > > <string>unicodePwd</string> > > <!--<string>userPassword</string>--> > > </fetchedAttributes> > > <getAllFilter>(objectClass=user)</getAllFilter> > > > <getOneFilter>(&(objectClass=user)(description={entryUUID}))</getOneFilter> > > </ldapDestinationService> > > <propertiesBasedSyncOptions> > > <mainIdentifier>"CN=" + > srcBean.getDatasetFirstValueById("cn") + > > > ",OU=IDVault,DC=testdir,DC=Organization,DC=com"</mainIdentifier> > > <defaultDelimiter>;</defaultDelimiter> > > <defaultPolicy>FORCE</defaultPolicy> > > <conditions> > > <create>true</create> > > <delete>true</delete> > > </conditions> > > <dataset> > > <name>description</name> > > <policy>FORCE</policy> > > <forceValues> > > > <string>js:srcBean.getDatasetFirstValueById("entryUUID")</string> > > </forceValues> > > </dataset> > > <dataset> > > <name>samAccountName</name> > > <policy>KEEP</policy> > > <createValues> > > <string><![CDATA[js: > > var result = srcBean.getDatasetFirstValueById("cn"); > > <!-- > java.lang.System.out.println("DEBUG++++++++++++++++:"+result+result.length().toString());--> > > if (result.length() > 20){ > > var result = result.substring(0,19); > > } > > <!-- > java.lang.System.out.println("DEBUG++++++++++++++++++++++++++++++:"+result); > --> > > result > > ]]></string> > > </createValues> > > </dataset> > > <dataset> > > <name>objectClass</name> > > <policy>KEEP</policy> > > <createValues> > > <string>"user"</string> > > </createValues> > > </dataset> > > <dataset> > > <name>unicodePwd</name> > > <policy>KEEP</policy> > > <createValues> > > <string>AD.getUnicodePwd("Changeth1s!")</string> > > </createValues> > > </dataset> > > <dataset> > > <name>userPrincipalName</name> > > <policy>KEEP</policy> > > <forceValues> > > <string><![CDATA[js: > > var result = srcBean.getDatasetFirstValueById("cn"); > > > java.lang.System.out.println("DEBUG++++++++++++++++:"+result+result.length().toString()); > > if (result.length() > 20){ > > var result = result.substring(0,19); > > } > > > java.lang.System.out.println("DEBUG++++++++++++++++++++++++++++++:"+result); > > var result = result + "@testdir.Organization.com"; > > result > > ]]></string> > > </forceValues> > > </dataset> > > <dataset> > > <name>userAccountControl</name> > > <policy>KEEP</policy> > > <createValues> > > <string>AD.userAccountControlSet( "0", > [AD.UAC_SET_NORMAL_ACCOUNT])</string> > > </createValues> > > </dataset> > > </propertiesBasedSyncOptions> > > </task> > > </tasks> > > </lsc> > > > Cloudreach Limited is a limited company registered in England with > registered number 06975407 > > The above terms reflect a potential business arrangement, are provided solely > as a basis for further discussion, > and are not intended to be and do not constitute a legally binding > obligation. No legally binding obligations > will be created, implied, or inferred until an agreement in final form is > executed in writing by all parties involved. > > This email may be confidential or privileged. If you received this > communication by mistake, please don't forward > it to anyone else, please erase all copies and attachments, and please let us > know that it has gone to the wrong person. > > > > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] > http://lists.lsc-project.org/listinfo/lsc-users > >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
