Damn, I missed this ! We have only a few OpenLDAP servers, and this one is a ... 2.2.19 !
So we now know how LSC performs with such a legacy version : File descriptors are slowly eaten, but it syncs ! Thanks for your help ! 2013/2/20 David Coutadeur <[email protected]> > > Hi, > > I see nothing wrong in your configuration. > As mentionned here : > > http://lsc-project.org/wiki/documentation/2.0/configuration/service/sourceasyncldap > async services can only work with a 2.4+ OpenLDAP server, since the > synchronization mechanism is different for older versions... > What is your OpenLDAP version ? > > David > > > Le 20/02/2013 14:39, SB MK a écrit : > > 2013/2/20 David Coutadeur <[email protected]> > > > >> > >> Hi, > >> > >> Could you give us : > >> > >> 1. your configuration > >> > >> > > I've just removed users, password and other infos : > > > > > > <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; revision="1"> > > <connections> > > <ldapConnection> > > <name>annuaire</name> > > <url>ldap://url</url> > > <username>USER</username> > > <password>PWD</password> > > <authentication>SIMPLE</authentication> > > <referral>IGNORE</referral> > > <derefAliases>NEVER</derefAliases> > > <version>VERSION_3</version> > > <pageSize>-1</pageSize> > > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > > <tlsActivated>false</tlsActivated> > > </ldapConnection> > > > > <ldapConnection> > > <name>bureautique</name> > > <url>ldap://url</url> > > <username>cn=USER</username> > > <password>PWD</password> > > <authentication>SIMPLE</authentication> > > <referral>IGNORE</referral> > > <derefAliases>NEVER</derefAliases> > > <version>VERSION_3</version> > > <pageSize>-1</pageSize> > > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > > <tlsActivated>false</tlsActivated> > > </ldapConnection> > > </connections> > > > > <audits> > > </audits> > > > > <tasks> > > > > <task> > > <name>groupesOpenLDAPOracle</name> > > <bean>org.lsc.beans.SimpleBean</bean> > > <asyncLdapSourceService> > > <name>openldap-source-service-groupes</name> > > <connection reference="bureautique" /> > > <baseDn>BASE_DN</baseDn> > > <pivotAttributes> > > <string>cn</string> > > </pivotAttributes> > > <fetchedAttributes> > > <string>cn</string> > > <string>description</string> > > <string>gidNumber</string> > > <string>memberUid</string> > > </fetchedAttributes> > > > <getAllFilter>(&(objectClass=posixgroup)(!(cn=Administrateurs)))</getAllFilter> > > <getOneFilter>(&(objectClass=posixgroup)(cn={cn}))</getOneFilter> > > <cleanFilter>(&(objectClass=posixgroup)(cn={cn}))</cleanFilter> > > <serverType>OpenLDAP</serverType> > > </asyncLdapSourceService> > > > > <ldapDestinationService> > > <name>oracle-dst-service-groupes</name> > > <connection reference="annuaire"/> > > <baseDn>ou=groupes,ou=,ou=AD,ou=Groupes Techniques,ou=....</baseDn> > > <pivotAttributes> > > <string>cn</string> > > </pivotAttributes> > > <fetchedAttributes> > > <string>cn</string> > > <string>description</string> > > <string>gidNumber</string> > > <string>objectClass</string> > > <string>uniqueMember</string> > > </fetchedAttributes> > > <getAllFilter>(&(objectClass=groupOfUniqueNames))</getAllFilter> > > > <getOneFilter>(&(objectClass=groupOfUniqueNames)(cn={cn}))</getOneFilter> > > </ldapDestinationService> > > > > <propertiesBasedSyncOptions> > > <mainIdentifier>"cn=" + srcBean.getDatasetFirstValueById("cn") + > > ",ou=groupes,ou=......"</mainIdentifier> > > <defaultDelimiter>;</defaultDelimiter> > > <defaultPolicy>FORCE</defaultPolicy> > > > > <dataset> > > <name>cn</name> > > <policy>FORCE</policy> > > <forceValues> > > <string>js:srcBean.getDatasetFirstValueById("cn")</string> > > </forceValues> > > </dataset> > > > > <dataset> > > <name>description</name> > > <policy>FORCE</policy> > > <forceValues> > > <string>js:srcBean.getDatasetFirstValueById("description")</string> > > </forceValues> > > </dataset> > > > > <dataset> > > <name>gidNumber</name> > > <policy>FORCE</policy> > > <forceValues> > > <string>js:srcBean.getDatasetFirstValueById("gidNumber")</string> > > </forceValues> > > </dataset> > > > > <dataset> > > <name>objectClass</name> > > <policy>FORCE</policy> > > <forceValues> > > <string>"top"</string> > > <string>"posixgroup"</string> > > <string>"groupOfUniqueNames"</string> > > </forceValues> > > </dataset> > > > > > > <!--<dataset> > > <name>uniqueMember</name> > > <policy>FORCE</policy> > > <forceValues> > > <string> > > var fromMembers = srcBean.getAttributeValuesById("memberUid").toArray() ; > > var sourceUserDn; > > var sourceUserId; > > var destUserDn; > > for (var i=0; i < fromMembers.length; i++ ) { > > try { > > sourceUserDn = srcLdap.search( "", "(uid=" + fromMembers[i] + ")" > ).get(0); > > sourceUserId = srcLdap.attribute(sourceUserDn , "uid").get(0); > > destUserDn = ldap.search("", "(uid=" + > > > ExternalJSFileHelper.invoke("/usr/local/lsc/etc/conf.d/scripts/mappings.js","users", > > new Array(sourceUserId)) + ")" ).get(0) + "," + ldap.getContextDn(); > > fromMembers[i] = destUserDn > > } catch (e) { > > fromMembers[i]=null; > > } > > } > > var toMembers = new Array(); > > var j=0; > > for (var i=0; i < fromMembers.length; i++) { > > if (fromMembers[i]!=null) { > > toMembers[j++]=fromMembers[i]; > > } > > } > > toMembers > > </string> > > </forceValues> > > </dataset>--> > > </propertiesBasedSyncOptions> > > </task> > > </tasks> > > </lsc> > > > > > > When running it sync, it's working as expected. > > > > > >> 2. an example of entry it synchronizes each time. If possible give us > >> the entry calculated in the log file (ie the entry to be written in the > >> destination) AND the real entry already in the destination. > >> > >> > > Maybe I wasn't clear enough : it doesn't synchronize entries each time, > as > > it would do with incorrect get*Filter. With my other directories, when I > > launch that kind of tasks async, it runs a first "scan", syncs if needed > > and waits quietly, until some change in the source directory triggers it. > > Here, it runs the first scan, and runs it again when it's over, and > again, > > ... syncing correctly what needs to be synced (or just scanning if there > is > > nothing to sync). > > It loops, even if nothing has changed on the source, instead of waiting. > > > > > > > >> Thank you, > >> > >> David > >> > >> > >> Le 20/02/2013 14:09, SB MK a écrit : > >>> Hi, > >>> > >>> I'm trying to sync an old OpenLDAP directory to a new OracleDS. I'm > using > >>> LSC for several other synchro tasks (sync and async) , so my > >> configuration > >>> directives are mostly the same, except for connection parameters, and > >>> everything works flawlessy. > >>> > >>> But with this one, I have a situation : if i run an async task (even in > >> dry > >>> run mode), it works great but when the first sync is over, it tries to > >> sync > >>> again, and again, even if there is no change on the source that should > >>> trigger it (but of course, it syncs correctly when needed). > >>> > >>> It's just like I was running the synchronous task in a loop ! So I'm > >> using > >>> a cron to run it often, but it's not a clean solution. > >>> > >>> I'am using the Manager account on the OpenLDAP side, time is correctly > >> set > >>> on both servers. > >>> > >>> What could this behaviour be due to ? > >>> > >>> Regards > >>> > >>> > >>> > >>> > >>> _______________________________________________________________ > >>> Ldap Synchronization Connector (LSC) - http://lsc-project.org > >>> > >>> lsc-users mailing list > >>> [email protected] > >>> http://lists.lsc-project.org/listinfo/lsc-users > >> > >> > > > > > > > > _______________________________________________________________ > > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > > > lsc-users mailing list > > [email protected] > > http://lists.lsc-project.org/listinfo/lsc-users > > > -- > David Coutadeur - intégrateur LinID > Groupe LINAGORA - BU LGS > +33 1 46 96 63 63 / poste 601 > +33 6 42 00 63 19 > 80 rue Roque de Fillol > 92800 PUTEAUX > > "/La présente transmission contient des informations confidentielles > appartenant à Linagora, exclusivement destinées au(x) destinataire(s) > identifié(s) ci-dessus. Si vous n'en faites pas partie, toute > reproduction, distribution ou divulgation de tout ou partie des > informations de cette transmission, ou toute action effectuée sur la > base de celles-ci vous sont formellement interdites. > Si vous avez reçu cette transmission par erreur, nous vous remercions de > nous en avertir et de la détruire de votre système d'information. > > The present transmission contains privileged and confidential > information belonging to Linagora, exclusively intended for the > recipient(s) thereabove identified. If you are not one of these > aforementioned recipients, any reproduction, distribution, disclosure of > said information in whole or in part, as well as any action undertaken > on the basis of said information are strictly prohibited. If you > received the present transmission by mistake, please inform us and > destroy it from your messenging and information systems./" >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
