hey, I recreated a groups file that contians two groups just to understand how it works but it didnt work either this is the ldif file :
dn: ou=groups,dc=meyclub,dc=net objectclass:organizationalunit ou: groups description: generic groups branch # create a group dn: cn=group1,ou=groups,dc=meyclub,dc=net objectclass: groupofnames cn: group1 member: cn=alichir,ou=people,dc=meyclub,dc=net member: cn=user2,ou=people,dc=meyclub,dc=net dn: CN=GG_STAGE,OU=groups,dc=meyclub,dc=net objectclass: groupofnames cn: GG_STAGE member: CN=Jean-Philippe MUCK,OU=STRASBOURG,OU=Utilisateurs,dc=meyclub,dc=net member: CN=Olivia TESSARO,OU=STRASBOURG,OU=Utilisateurs,dc=meyclub,dc=net member: CN=Julien FONTAINE,OU=STRASBOURG,OU=Utilisateurs,dc=meyclub,dc=net and this is my xmml file : <?xml version="1.0" ?> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; revision="0"> <connections> <ldapConnection> <name>dst-ldap</name> <url>ldap://localhost:389/dc=meyclub,dc=net</url> <username>cn=root,dc=meyclub,dc=net</username> <password>Proweb</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>-1</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> <saslMutualAuthentication>false</saslMutualAuthentication> </ldapConnection> <ldapConnection> <name>src-ad</name> <url>ldap://srv-ad-06.meyclub.net:389/dc=meyclub,dc=net</url> <username>cn=Aziza LICHIR,ou=Informatique,ou=SMH,ou=Utilisateurs,dc=meyclub,dc=net</username> <password>Proweb38</password> <authentication>SIMPLE</authentication> <pageSize>1000</pageSize> </ldapConnection> </connections> <audits/> <tasks> <task> <name>MySyncTask</name> <bean>org.lsc.beans.SimpleBean</bean> <ldapSourceService> <name>MySyncTask-src</name> <connection reference="src-ad" /> <baseDn>ou=STRASBOURG,ou=Utilisateurs,dc=meyclub,dc=net</baseDn> <pivotAttributes> <string>mail</string> </pivotAttributes> <fetchedAttributes> <string>cn</string> <string>sn</string> <string>givenName</string> <string>mail</string> <string>sAMAccountName</string> </fetchedAttributes> <getAllFilter>(&(mail=*)(objectClass=user))</getAllFilter> <getOneFilter>(&(objectClass=organizationalPerson)(mail={mail}))</getOneFilter> <cleanFilter>(&(objectClass=organizationalPerson)(mail={mail}))</cleanFilter> <interval>6</interval> </ldapSourceService> <ldapDestinationService> <name>MySyncTask-dst</name> <connection reference="dst-ldap"/> <baseDn>ou=people,dc=meyclub,dc=net</baseDn> <pivotAttributes> <string>mail</string> </pivotAttributes> <fetchedAttributes> <string>cn</string> <string>sn</string> <string>objectClass</string> <string>givenName</string> <string>mail</string> <string>uid</string> </fetchedAttributes> <getAllFilter>(objectClass=inetOrgPerson)</getAllFilter> <getOneFilter>(&(objectClass=inetOrgPerson)(mail={mail}))</getOneFilter> </ldapDestinationService> <propertiesBasedSyncOptions> <mainIdentifier>"mail=" + srcBean.getDatasetFirstValueById("mail") + ",ou=people,dc=meyclub,dc=net"</mainIdentifier> <defaultDelimiter>;</defaultDelimiter> <defaultPolicy>FORCE</defaultPolicy> <dataset> <name>objectClass</name> <policy>FORCE</policy> <forceValues> <string>"inetOrgPerson"</string> <string>"organizationalPerson"</string> <string>"person"</string> <string>"top"</string> </forceValues> <delimiter>,</delimiter> </dataset> <dataset> <name>uid</name> <policy>FORCE</policy> <forceValues> <string> srcBean.getDatasetFirstValueById("sAMAccountName")</string> </forceValues> </dataset> <dataset> <name>default</name> <policy>FORCE</policy> </dataset> </propertiesBasedSyncOptions> </task> <task> <name>GroupSyncTask</name> <bean>org.lsc.beans.SimpleBean</bean> <ldapSourceService> <name>GroupSyncTask-src</name> <connection reference="src-ad" /> <baseDn>ou=STAGE,ou=Groupe_Securite,dc=meyclub,dc=net</baseDn> <pivotAttributes> <string>cn</string> </pivotAttributes> <fetchedAttributes> <string>cn</string> <string>member</string> <string>objectClass</string> </fetchedAttributes> <getAllFilter>(&(cn=*)(objectClass=group))</getAllFilter> <getOneFilter>(&(objectClass=group)(cn={cn}))</getOneFilter> <!-- <cleanFilter>(&(objectClass=group)(cn={cn}))</cleanFilter> --> <interval>100</interval> </ldapSourceService> <ldapDestinationService> <name>GroupSyncTask-dst</name> <connection reference="dst-ldap"/> <baseDn>ou=groups,dc=meyclub,dc=net</baseDn> <pivotAttributes> <string>cn</string> </pivotAttributes> <fetchedAttributes> <string>cn</string> <string>member</string> </fetchedAttributes> <getAllFilter>(objectClass=groupOfNames)</getAllFilter> <getOneFilter>(&(objectClass=groupOfNames)(cn={cn}))</getOneFilter> </ldapDestinationService> <propertiesBasedSyncOptions> <mainIdentifier>"cn=" + srcBean.getDatasetValuesById("cn")+ ",ou=groups,dc=meyclub,dc=net" </mainIdentifier> <!-- <mainIdentifier>srcBean.getMainIdentifier()</mainIdentifier> --> <defaultDelimiter>;</defaultDelimiter> <defaultPolicy>FORCE</defaultPolicy> <dataset> <name>objectClass</name> <policy>FORCE</policy> <forceValues> <string>"groupOfNames"</string> <!-- <string>"top"</string> --> </forceValues> <delimiter>,</delimiter> </dataset> <dataset> <name>default</name> <policy>FORCE</policy> </dataset> </propertiesBasedSyncOptions> </task> </tasks> </lsc> thanks for your help 2013/4/9 Clément OUDOT <[email protected]> > > > 2013/4/9 Aziza Lichir <[email protected]> > >> I have an Openldap server 2.4 on Centos 6 and this is the config file >> slapd.conf: >> >> # allows anyone and everyone to read anything but restricts >> # updates to rootdn. (e.g., "access to * by * read") >> # >> # rootdn can always read and write EVERYTHING! >> >> # enable on-the-fly configuration (cn=config) >> database config >> access to * >> by >> dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage >> by * none >> >> # enable server status monitoring (cn=monitor) >> database monitor >> access to * >> by >> dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read >> by dn.exact="cn=root,dc=meyclub,dc=net" read >> by * none >> >> ####################################################################### >> # database definitions >> ####################################################################### >> >> database bdb >> suffix "dc=meyclub,dc=net" >> checkpoint 1024 15 >> rootdn "cn=root,dc=meyclub,dc=net" >> # Cleartext passwords, especially for the rootdn, should >> # be avoided. See slappasswd(8) and slapd.conf(5) for details. >> # Use of strong authentication encouraged. >> # rootpw secret >> # rootpw {crypt}ijFYNcSNctBYg >> rootpw {SSHA}ymkqc5nI9efKS1H2V3i47W+zAARg/naL >> # The database directory MUST exist prior to running slapd AND >> # should only be accessible by the slapd and slap tools. >> # Mode 700 recommended. >> directory /var/lib/ldap >> >> # Indices to maintain for this database >> index objectClass eq,pres >> index ou,cn,mail,surname,givenname eq,pres,sub >> index uidNumber,gidNumber,loginShell eq,pres >> index uid,memberUid eq,pres,sub >> index nisMapName,nisMapEntry eq,pres,sub >> >> # Replicas of this database >> #replogfile /var/lib/ldap/openldap-master-replog >> #replica host=ldap-1.example.com:389 starttls=critical >> # bindmethod=sasl saslmech=GSSAPI >> # authcId=host/[email protected] >> >> and this is the xml file that i'm using : its the same one of tutorila >> (the Sample): >> >> >> <?xml version="1.0" ?> >> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; revision="0"> >> <connections> >> <ldapConnection> >> <name>dst-ldap</name> >> <url>ldap://localhost:389/dc=meyclub,dc=net</url> >> <username>cn=root,dc=meyclub,dc=net</username> >> <password>Proweb</password> >> <authentication>SIMPLE</authentication> >> <referral>IGNORE</referral> >> <derefAliases>NEVER</derefAliases> >> <version>VERSION_3</version> >> <pageSize>-1</pageSize> >> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >> <tlsActivated>false</tlsActivated> >> <saslMutualAuthentication>false</saslMutualAuthentication> >> </ldapConnection> >> >> <ldapConnection> >> <name>src-ad</name> >> <url>ldap://srv-ad-06.meyclub.net:389/dc=meyclub,dc=net</url> >> <username>cn=Aziza >> LICHIR,ou=Informatique,ou=SMH,ou=Utilisateurs,dc=meyclub,dc=net</username> >> <password>Proweb38</password> >> <authentication>SIMPLE</authentication> >> <pageSize>1000</pageSize> >> </ldapConnection> >> >> </connections> >> <audits/> >> <tasks> >> <task> >> <name>MySyncTask</name> >> <bean>org.lsc.beans.SimpleBean</bean> >> >> <ldapSourceService> >> <name>MySyncTask-src</name> >> <connection reference="src-ad" /> >> <baseDn>ou=STRASBOURG,ou=Utilisateurs,dc=meyclub,dc=net</baseDn> >> <pivotAttributes> >> <string>mail</string> >> </pivotAttributes> >> <fetchedAttributes> >> <string>cn</string> >> <string>sn</string> >> <string>givenName</string> >> <string>mail</string> >> <string>sAMAccountName</string> >> </fetchedAttributes> >> >> <getAllFilter>(&(mail=*)(objectClass=user))</getAllFilter> >> >> <getOneFilter>(&(objectClass=organizationalPerson)(mail={mail}))</getOneFilter> >> >> <cleanFilter>(&(objectClass=organizationalPerson)(mail={mail}))</cleanFilter> >> <interval>6</interval> >> </ldapSourceService> >> <ldapDestinationService> >> <name>MySyncTask-dst</name> >> <connection reference="dst-ldap"/> >> <baseDn>ou=people,dc=meyclub,dc=net</baseDn> >> <pivotAttributes> >> <string>mail</string> >> </pivotAttributes> >> <fetchedAttributes> >> <string>cn</string> >> <string>sn</string> >> <string>objectClass</string> >> <string>givenName</string> >> <string>mail</string> >> <string>uid</string> >> </fetchedAttributes> >> <getAllFilter>(objectClass=inetOrgPerson)</getAllFilter> >> >> <getOneFilter>(&(objectClass=inetOrgPerson)(mail={mail}))</getOneFilter> >> </ldapDestinationService> >> <propertiesBasedSyncOptions> >> <mainIdentifier>"mail=" + >> srcBean.getDatasetFirstValueById("mail") + >> ",ou=people,dc=meyclub,dc=net"</mainIdentifier> >> <defaultDelimiter>;</defaultDelimiter> >> <defaultPolicy>FORCE</defaultPolicy> >> <dataset> >> <name>objectClass</name> >> <policy>FORCE</policy> >> <forceValues> >> <string>"inetOrgPerson"</string> >> <string>"organizationalPerson"</string> >> <string>"person"</string> >> <string>"top"</string> >> </forceValues> >> <delimiter>,</delimiter> >> </dataset> >> <dataset> >> <name>uid</name> >> <policy>FORCE</policy> >> <forceValues> >> <string> >> srcBean.getDatasetFirstValueById("sAMAccountName")</string> >> </forceValues> >> </dataset> >> <dataset> >> <name>default</name> >> <policy>FORCE</policy> >> </dataset> >> </propertiesBasedSyncOptions> >> </task> >> <task> >> <name>GroupSyncTask</name> >> <bean>org.lsc.beans.SimpleBean</bean> >> >> <ldapSourceService> >> <name>GroupSyncTask-src</name> >> <connection reference="src-ad" /> >> <baseDn>OU=Groupe_Securite,DC=meyclub,DC=net</baseDn> >> <pivotAttributes> >> <string>cn</string> >> </pivotAttributes> >> <fetchedAttributes> >> <string>cn</string> >> <string>member</string> >> </fetchedAttributes> >> >> <getAllFilter>(&(member=*)(objectClass=group))</getAllFilter> >> <getOneFilter>(&(objectClass=group)(cn={cn}))</getOneFilter> >> <cleanFilter>(&(objectClass=group)(cn={cn}))</cleanFilter> >> <interval>100</interval> >> </ldapSourceService> >> >> <ldapDestinationService> >> <name>GroupSyncTask-dst</name> >> <connection reference="dst-ldap"/> >> <baseDn>ou=group,dc=meyclub,dc=net</baseDn> >> >> <pivotAttributes> >> <string>cn</string> >> </pivotAttributes> >> <fetchedAttributes> >> <string>cn</string> >> <string>member</string> >> </fetchedAttributes> >> <getAllFilter>(objectClass=groupOfNames)</getAllFilter> >> >> <getOneFilter>(&(objectClass=groupOfNames)(cn={cn}))</getOneFilter> >> </ldapDestinationService> >> <propertiesBasedSyncOptions> >> <mainIdentifier>"cn=" + srcBean.getDatasetValuesById("cn")+ >> ",ou=group,dc=meyclub,dc=net" </mainIdentifier> >> <defaultDelimiter>;</defaultDelimiter> >> <defaultPolicy>FORCE</defaultPolicy> >> <dataset> >> <name>objectClass</name> >> <policy>FORCE</policy> >> <forceValues> >> <string>"groupOfNames"</string> >> >> <string>"top"</string> >> </forceValues> >> <delimiter>$</delimiter> >> </dataset> >> <dataset> >> <name>default</name> >> <policy>FORCE</policy> >> </dataset> >> </propertiesBasedSyncOptions> >> </task> >> </tasks> >> </lsc> >> >> >> >> > > Are you sure that ou=group,dc=meyclub,dc=net entry exists in your OpenLDAP > directory? > > > Clément. > -- *___________________________________________________________* ** *Aziza Lichir* * *
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
