2013/4/10 Aziza Lichir <[email protected]> > hey, > > I recreated a groups file that contians two groups just to understand how > it works but it didnt work either this is the ldif file : > > dn: ou=groups,dc=meyclub,dc=net > objectclass:organizationalunit > ou: groups > description: generic groups branch > > # create a group > > dn: cn=group1,ou=groups,dc=meyclub,dc=net > objectclass: groupofnames > cn: group1 > member: cn=alichir,ou=people,dc=meyclub,dc=net > member: cn=user2,ou=people,dc=meyclub,dc=net > > dn: CN=GG_STAGE,OU=groups,dc=meyclub,dc=net > objectclass: groupofnames > cn: GG_STAGE > member: CN=Jean-Philippe > MUCK,OU=STRASBOURG,OU=Utilisateurs,dc=meyclub,dc=net > member: CN=Olivia TESSARO,OU=STRASBOURG,OU=Utilisateurs,dc=meyclub,dc=net > member: CN=Julien FONTAINE,OU=STRASBOURG,OU=Utilisateurs,dc=meyclub,dc=net > > and this is my xmml file : > > > <?xml version="1.0" ?> > <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; revision="0"> > <connections> > <ldapConnection> > <name>dst-ldap</name> > <url>ldap://localhost:389/dc=meyclub,dc=net</url> > <username>cn=root,dc=meyclub,dc=net</username> > <password>Proweb</password> > <authentication>SIMPLE</authentication> > <referral>IGNORE</referral> > <derefAliases>NEVER</derefAliases> > <version>VERSION_3</version> > <pageSize>-1</pageSize> > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > <tlsActivated>false</tlsActivated> > <saslMutualAuthentication>false</saslMutualAuthentication> > </ldapConnection> > > <ldapConnection> > <name>src-ad</name> > <url>ldap://srv-ad-06.meyclub.net:389/dc=meyclub,dc=net</url> > <username>cn=Aziza > LICHIR,ou=Informatique,ou=SMH,ou=Utilisateurs,dc=meyclub,dc=net</username> > <password>Proweb38</password> > <authentication>SIMPLE</authentication> > <pageSize>1000</pageSize> > </ldapConnection> > > </connections> > <audits/> > <tasks> > <task> > <name>MySyncTask</name> > <bean>org.lsc.beans.SimpleBean</bean> > > <ldapSourceService> > <name>MySyncTask-src</name> > <connection reference="src-ad" /> > <baseDn>ou=STRASBOURG,ou=Utilisateurs,dc=meyclub,dc=net</baseDn> > <pivotAttributes> > <string>mail</string> > </pivotAttributes> > <fetchedAttributes> > <string>cn</string> > <string>sn</string> > <string>givenName</string> > <string>mail</string> > <string>sAMAccountName</string> > </fetchedAttributes> > <getAllFilter>(&(mail=*)(objectClass=user))</getAllFilter> > > <getOneFilter>(&(objectClass=organizationalPerson)(mail={mail}))</getOneFilter> > > <cleanFilter>(&(objectClass=organizationalPerson)(mail={mail}))</cleanFilter> > <interval>6</interval> > </ldapSourceService> > <ldapDestinationService> > <name>MySyncTask-dst</name> > <connection reference="dst-ldap"/> > <baseDn>ou=people,dc=meyclub,dc=net</baseDn> > <pivotAttributes> > <string>mail</string> > </pivotAttributes> > <fetchedAttributes> > <string>cn</string> > <string>sn</string> > <string>objectClass</string> > <string>givenName</string> > <string>mail</string> > <string>uid</string> > </fetchedAttributes> > <getAllFilter>(objectClass=inetOrgPerson)</getAllFilter> > > <getOneFilter>(&(objectClass=inetOrgPerson)(mail={mail}))</getOneFilter> > </ldapDestinationService> > <propertiesBasedSyncOptions> > <mainIdentifier>"mail=" + srcBean.getDatasetFirstValueById("mail") > + ",ou=people,dc=meyclub,dc=net"</mainIdentifier> > <defaultDelimiter>;</defaultDelimiter> > <defaultPolicy>FORCE</defaultPolicy> > <dataset> > <name>objectClass</name> > <policy>FORCE</policy> > <forceValues> > <string>"inetOrgPerson"</string> > <string>"organizationalPerson"</string> > <string>"person"</string> > <string>"top"</string> > </forceValues> > <delimiter>,</delimiter> > </dataset> > <dataset> > <name>uid</name> > <policy>FORCE</policy> > <forceValues> > <string> > srcBean.getDatasetFirstValueById("sAMAccountName")</string> > </forceValues> > </dataset> > <dataset> > <name>default</name> > <policy>FORCE</policy> > </dataset> > </propertiesBasedSyncOptions> > </task> > <task> > <name>GroupSyncTask</name> > <bean>org.lsc.beans.SimpleBean</bean> > > <ldapSourceService> > <name>GroupSyncTask-src</name> > <connection reference="src-ad" /> > <baseDn>ou=STAGE,ou=Groupe_Securite,dc=meyclub,dc=net</baseDn> > > <pivotAttributes> > <string>cn</string> > </pivotAttributes> > <fetchedAttributes> > <string>cn</string> > <string>member</string> > <string>objectClass</string> > </fetchedAttributes> > <getAllFilter>(&(cn=*)(objectClass=group))</getAllFilter> > <getOneFilter>(&(objectClass=group)(cn={cn}))</getOneFilter> > <!-- <cleanFilter>(&(objectClass=group)(cn={cn}))</cleanFilter> > --> > > <interval>100</interval> > </ldapSourceService> > > <ldapDestinationService> > <name>GroupSyncTask-dst</name> > <connection reference="dst-ldap"/> > <baseDn>ou=groups,dc=meyclub,dc=net</baseDn> > > <pivotAttributes> > <string>cn</string> > </pivotAttributes> > <fetchedAttributes> > <string>cn</string> > <string>member</string> > </fetchedAttributes> > <getAllFilter>(objectClass=groupOfNames)</getAllFilter> > > <getOneFilter>(&(objectClass=groupOfNames)(cn={cn}))</getOneFilter> > </ldapDestinationService> > <propertiesBasedSyncOptions> > <mainIdentifier>"cn=" + srcBean.getDatasetValuesById("cn")+ > ",ou=groups,dc=meyclub,dc=net" </mainIdentifier> > <!-- <mainIdentifier>srcBean.getMainIdentifier()</mainIdentifier> --> > > <defaultDelimiter>;</defaultDelimiter> > <defaultPolicy>FORCE</defaultPolicy> > <dataset> > <name>objectClass</name> > <policy>FORCE</policy> > <forceValues> > <string>"groupOfNames"</string> > <!-- <string>"top"</string> --> > > </forceValues> > <delimiter>,</delimiter> > </dataset> > <dataset> > <name>default</name> > <policy>FORCE</policy> > </dataset> > </propertiesBasedSyncOptions> > </task> > </tasks> > </lsc> > > > thanks for your help > > >
First, add objectClass in fetchedAttributes in destination service. Then, you will have to write javascript code to map the member value from your AD to OpenLDAP. Indeed, the DN of the user is not the same in AD and OpenLDAP. A sample of code is in this page: http://lsc-project.org/wiki/documentation/1.1/tutorials/synchronizegroups Clément.
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
