Re: [lsc-users] AD to Openldap

[Clément OUDOT]

2013/4/9 Aziza Lichir <aziza.lic...@gmail.com>

> I have an Openldap server 2.4 on Centos 6 and this is the config file
> slapd.conf:
>
> # allows anyone and everyone to read anything but restricts
> # updates to rootdn.  (e.g., "access to * by * read")
> #
> # rootdn can always read and write EVERYTHING!
>
> # enable on-the-fly configuration (cn=config)
> database config
> access to *
>         by
> dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
>         by * none
>
> # enable server status monitoring (cn=monitor)
> database monitor
> access to *
>         by
> dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
>         by dn.exact="cn=root,dc=meyclub,dc=net" read
>         by * none
>
> #######################################################################
> # database definitions
> #######################################################################
>
> database        bdb
> suffix          "dc=meyclub,dc=net"
> checkpoint      1024 15
> rootdn          "cn=root,dc=meyclub,dc=net"
> # Cleartext passwords, especially for the rootdn, should
> # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> # rootpw                secret
> # rootpw                {crypt}ijFYNcSNctBYg
> rootpw                  {SSHA}ymkqc5nI9efKS1H2V3i47W+zAARg/naL
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd and slap tools.
> # Mode 700 recommended.
> directory       /var/lib/ldap
>
> # Indices to maintain for this database
> index objectClass                       eq,pres
> index ou,cn,mail,surname,givenname      eq,pres,sub
> index uidNumber,gidNumber,loginShell    eq,pres
> index uid,memberUid                     eq,pres,sub
> index nisMapName,nisMapEntry            eq,pres,sub
>
> # Replicas of this database
> #replogfile /var/lib/ldap/openldap-master-replog
> #replica host=ldap-1.example.com:389 starttls=critical
> #     bindmethod=sasl saslmech=GSSAPI
> #     authcId=host/ldap-master.example....@example.com
>
> and this is the xml file that i'm using : its the same one of tutorila
> (the Sample):
>
>
> <?xml version="1.0" ?>
> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; revision="0">
>   <connections>
>     <ldapConnection>
>       <name>dst-ldap</name>
>       <url>ldap://localhost:389/dc=meyclub,dc=net</url>
>       <username>cn=root,dc=meyclub,dc=net</username>
>       <password>Proweb</password>
>       <authentication>SIMPLE</authentication>
>       <referral>IGNORE</referral>
>       <derefAliases>NEVER</derefAliases>
>       <version>VERSION_3</version>
>       <pageSize>-1</pageSize>
>       <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
>       <tlsActivated>false</tlsActivated>
>       <saslMutualAuthentication>false</saslMutualAuthentication>
>     </ldapConnection>
>
>     <ldapConnection>
>       <name>src-ad</name>
>       <url>ldap://srv-ad-06.meyclub.net:389/dc=meyclub,dc=net</url>
>       <username>cn=Aziza
> LICHIR,ou=Informatique,ou=SMH,ou=Utilisateurs,dc=meyclub,dc=net</username>
>       <password>Proweb38</password>
>       <authentication>SIMPLE</authentication>
>       <pageSize>1000</pageSize>
>     </ldapConnection>
>
>   </connections>
>   <audits/>
>   <tasks>
>     <task>
>       <name>MySyncTask</name>
>       <bean>org.lsc.beans.SimpleBean</bean>
>
>       <ldapSourceService>
>         <name>MySyncTask-src</name>
>         <connection reference="src-ad" />
>         <baseDn>ou=STRASBOURG,ou=Utilisateurs,dc=meyclub,dc=net</baseDn>
>         <pivotAttributes>
>           <string>mail</string>
>         </pivotAttributes>
>         <fetchedAttributes>
>           <string>cn</string>
>           <string>sn</string>
>           <string>givenName</string>
>           <string>mail</string>
>           <string>sAMAccountName</string>
>         </fetchedAttributes>
>         <getAllFilter>(&amp;(mail=*)(objectClass=user))</getAllFilter>
>
> <getOneFilter>(&amp;(objectClass=organizationalPerson)(mail={mail}))</getOneFilter>
>
> <cleanFilter>(&amp;(objectClass=organizationalPerson)(mail={mail}))</cleanFilter>
>         <interval>6</interval>
>       </ldapSourceService>
>       <ldapDestinationService>
>         <name>MySyncTask-dst</name>
>         <connection reference="dst-ldap"/>
>         <baseDn>ou=people,dc=meyclub,dc=net</baseDn>
>         <pivotAttributes>
>           <string>mail</string>
>           </pivotAttributes>
>         <fetchedAttributes>
>           <string>cn</string>
>           <string>sn</string>
>           <string>objectClass</string>
>           <string>givenName</string>
>           <string>mail</string>
>           <string>uid</string>
>         </fetchedAttributes>
>         <getAllFilter>(objectClass=inetOrgPerson)</getAllFilter>
>
> <getOneFilter>(&amp;(objectClass=inetOrgPerson)(mail={mail}))</getOneFilter>
>       </ldapDestinationService>
>       <propertiesBasedSyncOptions>
>         <mainIdentifier>"mail=" + srcBean.getDatasetFirstValueById("mail")
> + ",ou=people,dc=meyclub,dc=net"</mainIdentifier>
>         <defaultDelimiter>;</defaultDelimiter>
>         <defaultPolicy>FORCE</defaultPolicy>
>         <dataset>
>           <name>objectClass</name>
>           <policy>FORCE</policy>
>           <forceValues>
>             <string>"inetOrgPerson"</string>
>             <string>"organizationalPerson"</string>
>             <string>"person"</string>
>             <string>"top"</string>
>           </forceValues>
>           <delimiter>,</delimiter>
>         </dataset>
>     <dataset>
>          <name>uid</name>
>          <policy>FORCE</policy>
>          <forceValues>
>          <string>
> srcBean.getDatasetFirstValueById("sAMAccountName")</string>
>          </forceValues>
>         </dataset>
>         <dataset>
>           <name>default</name>
>           <policy>FORCE</policy>
>         </dataset>
>         </propertiesBasedSyncOptions>
>     </task>
>     <task>
>       <name>GroupSyncTask</name>
>       <bean>org.lsc.beans.SimpleBean</bean>
>
>       <ldapSourceService>
>         <name>GroupSyncTask-src</name>
>         <connection reference="src-ad" />
>         <baseDn>OU=Groupe_Securite,DC=meyclub,DC=net</baseDn>
>         <pivotAttributes>
>           <string>cn</string>
>         </pivotAttributes>
>     <fetchedAttributes>
>          <string>cn</string>
>          <string>member</string>
>     </fetchedAttributes>
>
> <getAllFilter>(&amp;(member=*)(objectClass=group))</getAllFilter>
>         <getOneFilter>(&amp;(objectClass=group)(cn={cn}))</getOneFilter>
>         <cleanFilter>(&amp;(objectClass=group)(cn={cn}))</cleanFilter>
>         <interval>100</interval>
>       </ldapSourceService>
>
>       <ldapDestinationService>
>         <name>GroupSyncTask-dst</name>
>         <connection reference="dst-ldap"/>
>         <baseDn>ou=group,dc=meyclub,dc=net</baseDn>
>
>         <pivotAttributes>
>           <string>cn</string>
>           </pivotAttributes>
>         <fetchedAttributes>
>             <string>cn</string>
>             <string>member</string>
>         </fetchedAttributes>
>         <getAllFilter>(objectClass=groupOfNames)</getAllFilter>
>
> <getOneFilter>(&amp;(objectClass=groupOfNames)(cn={cn}))</getOneFilter>
>       </ldapDestinationService>
>       <propertiesBasedSyncOptions>
>         <mainIdentifier>"cn=" + srcBean.getDatasetValuesById("cn")+
> ",ou=group,dc=meyclub,dc=net" </mainIdentifier>
>         <defaultDelimiter>;</defaultDelimiter>
>         <defaultPolicy>FORCE</defaultPolicy>
>         <dataset>
>           <name>objectClass</name>
>           <policy>FORCE</policy>
>           <forceValues>
>             <string>"groupOfNames"</string>
>
>         <string>"top"</string>
>           </forceValues>
>           <delimiter>$</delimiter>
>         </dataset>
>         <dataset>
>           <name>default</name>
>          <policy>FORCE</policy>
>         </dataset>
>      </propertiesBasedSyncOptions>
>     </task>
>   </tasks>
> </lsc>
>
>
>
>

Are you sure that ou=group,dc=meyclub,dc=net entry exists in your OpenLDAP
directory?


Clément.

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users