Hi Christian,
Indeed, there is no problem for having the same source and destination
in a job.
However, I don't think it is possible to delete the accounts in the same
job.
What you could do is a pair of jobs. Here is an example of idea you
could test.
Hypothesis: you want to move users from branch ou=src_branch to
ou=dst_branch, but only those who have the attribute: criteria=true.
1. The first job copy the accounts from ou=src_branch who have
criteria=true, to the destination branch: ou=dst_branch, with a dn
rewriting, for example:
uid=user1,ou=src_branch,dc=domain ->
uid=deleted_user1,ou=dst_branch,dc=domain
2. The second job considers ou=dst_branch as a source, and ou=src_branch
as a destination. It is a delete task: <delete>true</delete>
It deletes every account who doesn't have criteria=true in destination
(ie in ou=src_branch)
David
Le 02/01/2013 11:36, Christian Bösch a écrit :
> hi and happy new year,
>
> i have a working config for syncing openldap to active directory and also
> disabling users that were deleted from openldap.
> now i want to move the disabled users in AD to another subcontainer.
> therefore i think about adding a task for that with
> the same source and destination.
> would this work or are my thoughts complete nonsense?
>
> regards,
> chris
>
> <task>
> <name>move-disabled</name>
> <bean>org.lsc.beans.SimpleBean</bean>
>
> <asyncLdapSourceService>
> <name>src-ad-disabled</name>
> <connection reference="active-directory" />
> <baseDn>OU=FHusers,DC=ad,DC=abc,DC=net</baseDn>
> <pivotAttributes>
> <string>sAMAccountName</string>
> </pivotAttributes>
> <fetchedAttributes>
> <string>sAMAccountName</string>
> </fetchedAttributes>
>
> <getAllFilter>(&(userAccountControl=66050)(objectClass=user))</getAllFilter>
> <getOneFilter>(sAMAccountName={sAMAccountName})</getOneFilter>
>
> <cleanFilter>(&(objectClass=inetorgperson)(sAMAccountName={samAccountName}))</cleanFilter>
> <serverType>ActiveDirectory</serverType>
> </asyncLdapSourceService>
>
> <ldapDestinationService>
> <name>dst-ad-disabled</name>
> <connection reference="active-directory" />
> <baseDn>OU=FHusers,DC=ad,DC=abc,DC=net</baseDn>
> <pivotAttributes>
> <string>sAMAccountName</string>
> </pivotAttributes>
> <fetchedAttributes>
> <string>sAMAccountName</string>
> </fetchedAttributes>
>
> <getAllFilter>(&(sAMAccountName=*)(objectClass=user))</getAllFilter>
> <getOneFilter>(sAMAccountName={sAMAccountName})</getOneFilter>
> </ldapDestinationService>
>
> <propertiesBasedSyncOptions>
> <mainIdentifier><![CDATA[
> var mainident = "";
> mainident = "CN=" +
> srcBean.getDatasetFirstValueById("sAMAccountName") +
> ",OU=FHusersDisabled,DC=ad,DC=abc,DC=net";
> mainident
> ]]></mainIdentifier>
> <defaultDelimiter>;</defaultDelimiter>
> <defaultPolicy>KEEP</defaultPolicy>
> <conditions>
> <create>false</create>
> <update>false</update>
> <delete>false</delete>
> <changeId>true</changeId>
> </conditions>
> </propertiesBasedSyncOptions>
> </task>
>
>
>
>
> _______________________________________________________________
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>
> lsc-users mailing list
> [email protected]
> http://lists.lsc-project.org/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
