Hi Olaf, I've written a sample configuration for this use case and have tested it successfully :
https://lsc-project.org/svn/lsc/trunk/sample/postgresql/etc-postgresql2opendj/lsc.xml You should be able to adapt it to your need. Best regards, -- Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ Twitter: https://twitter.com/SebastienBah 2013/5/13 Olaf Pueschel <[email protected]> > Hi Clément, > > here you are! > > Since this map is also used by the user sync query, it contains a lot > stuff not used in the password sync. > > Best regards > Olaf > > <!DOCTYPE sqlMap PUBLIC "-//iBATIS.com//DTD SQL Map 2.0//EN" " > http://www.ibatis.com/dtd/sql-map-2.dtd";> > > <sqlMap namespace="InetOrgPerson"> > > <resultMap id="InetOrgPersonResult" class="java.util.HashMap"> > <result property="uid" column="userid" nullValue=""/> > <result property="cardIdNumber" column="cardIdNumber" > nullValue=""/> > <result property="businessCategory" > column="businessCategory" nullValue=""/> > <result property="cn" column="cn" nullValue=""/> > <result property="sn" column="sn" nullValue=""/> > <result property="givenName" column="givenName" > nullValue=""/> > <result property="displayName" column="displayName" > nullValue=""/> > <result property="normalizedName" column="normalizedName" > nullValue=""/> > <result property="title" column="title" nullValue=""/> > <result property="employeeNumber" column="employeeNumber" > nullValue=""/> > <result property="employeeType" column="employeeType" > nullValue=""/> > <result property="gender" column="gender" nullValue=""/> > <result property="businessUnit" column="businessUnit" > nullValue=""/> > <result property="o" column="o" nullValue=""/> > <result property="ou" column="ou" nullValue=""/> > <result property="costCenter" column="costCenter" > nullValue=""/> > <result property="c" column="c" nullValue=""/> > <result property="l" column="l" nullValue=""/> > <result property="street" column="street" nullValue=""/> > <result property="postalCode" column="postalCode" > nullValue=""/> > <result property="postOfficeBox" column="postOfficeBox" > nullValue=""/> > <result property="roomNumber" column="roomNumber" > nullValue=""/> > <result property="telephoneNumber" column="userid" > select="selectPhoneByPerson" nullValue=""/> > <result property="facsimileTelephoneNumber" > column="userid" select="selectFaxByPerson" nullValue=""/> > <result property="mobile" column="userid" > select="selectMobileByPerson" nullValue=""/> > <result property="mail" column="userid" > select="selectMailByPerson" nullValue=""/> > <result property="destinationindicator" > column="destinationindicator" nullValue=""/> > <result property="badgeCode" column="badgeCode" > nullValue=""/> > <result property="adsDomain" column="adsDomain" > nullValue=""/> > <result property="homeDir" column="homeDir" nullValue=""/> > <result property="userPrincipalName" > column="userPrincipalName" nullValue=""/> > <result property="registrationAuthority" > column="registrationAuthority" nullValue=""/> > <result property="myidRoles" column="myidRoles" > nullValue=""/> > <result property="manager" column="manager" nullValue=""/> > <result property="userPassword" column="userPassword" > nullValue=""/> > </resultMap> > > <select id="selectPhoneByPerson" resultClass="java.lang.String"> > SELECT TRIM(trailing ';' from agg_concat(fullqualdata || > ';')) AS telephoneNumber > FROM contacts_expanded > WHERE ctype = 'PHONE' AND grptype = 'PBX' > AND ldapid = #userid# > </select> > > <select id="selectFaxByPerson" resultClass="java.lang.String"> > SELECT TRIM(trailing ';' from agg_concat(fullqualdata || > ';')) AS facsimileTelephoneNumber > FROM contacts_expanded > WHERE ctype = 'FAX' AND grptype = 'PBX' > AND ldapid = #userid# > </select> > > <select id="selectMobileByPerson" resultClass="java.lang.String"> > SELECT TRIM(trailing ';' from agg_concat(fullqualdata || > ';')) AS mobile > FROM contacts_expanded > WHERE ctype = 'MOBILE' > AND ldapid = #userid# > AND priority = 1 > </select> > > <select id="selectMailByPerson" resultClass="java.lang.String"> > SELECT TRIM(trailing ';' from agg_concat(fullqualdata || > ';')) AS mail > FROM contacts_expanded > WHERE ctype = 'EMAIL' > AND ldapid = #userid# > </select> > > <select id="getInetOrgPersonClean" resultClass="java.util.HashMap" > parameterClass="java.util.Map"> > Select > cn > FROM ldap_user > WHERE cn = #cn# > </select> > > <select id="getInetOrgPerson" resultMap="InetOrgPersonResult" > parameterClass="java.util.Map"> > Select > * > FROM ldap_user > WHERE cn = #cn# > </select> > > <select id="getInetOrgPersonNext" resultClass="java.util.HashMap"> > SELECT 'puescheo' AS cn FROM dual > </select> > > <select id="getInetOrgPersonList" resultClass="java.util.HashMap"> > SELECT cn > FROM ldap_user > WHERE cn IN ('puescheo') -- restrict list for testing > </select> > </sqlMap> > > -- > *Olaf Püschel (ext.)* > Senior Consultant > IS4IT GmbH > externer Dienstleister im Auftrag der > Giesecke & Devrient GmbH, Prinzregentenstr. 159, 81677 München, > Deutschland > http://www.gi-de.com > Tel. +49 89 4119-3283, Fax +49 89 4119-1568 > mailto:[email protected] <[email protected]> > > > > > Von: Clément OUDOT <[email protected]> > An: Olaf Pueschel <[email protected]> > Kopie: [email protected] > Datum: 13.05.2013 18:07 > Betreff: Re: [lsc-users] Problem with running lsc in async mode > from jdbc src > ------------------------------ > > > > 2013/5/13 Olaf Pueschel <[email protected]>: > > Hi lsc community! > > > > I would like to switch our lsc installation (DB to LDAP, c.a. 15000 > entries) > > from synchronous to asynchronous mode. > > For testing I wanted to try to sync just the userpassword field from the > > database (Oracle) to LDAP (OpenDJ). I am using lsc 2.0.2. > > > > First I created and tested a syncronous configuration. Then I modified > the > > lsc.xml config to include > > > > <requestNameForNextId>getInetOrgPersonNext</requestNameForNextId> > > > > and added > > > > <select id="getInetOrgPersonNext" resultClass="java.util.HashMap"> > > SELECT cn > > FROM ldap_sync > > WHERE id = (SELECT MAX(id) FROM ldap_sync) > > </select> > > > > to my InetOrgPerson.xml file (cn being my pivot attribute). The > "ldap_sync" > > view contains the "cn" values for all the changed records in the > database. > > > > There is no complete example for async mode in the documentation, So I > just > > guessed that "requestNameForNextId" should return the value of the > > pivot attribute for the next changed record. Obviously i'm missing out > > something, because it does not work. I tried several modifications but no > > luck. > > > > ****************** > > If anyone can post a full example how to use asynchronous mode with a > jdbc > > source and ldap destination, that would be great > > ***************** > > > > I tried some more... > > > > Switched to a static select for testing > > > > <select id="getInetOrgPersonNext" resultClass="java.util.HashMap"> > > SELECT 'puescheo' AS cn FROM dual > > </select> > > > > but still I get the same errors: > > > > $ bin/lsc-gdldaptestpw -a all -t 1 > > May 13 17:46:31 - DEBUG - Loading XML configuration from: > > /home/puescheo/lsc2/gdldaptestpw/bin/../etc/lsc.xml > > May 13 17:46:32 - INFO - Reflections took 407 ms to scan 1 urls, > producing > > 60 keys and 226 values > > May 13 17:46:32 - DEBUG - Importing XML schema file: > > schemas/lsc-core-2.0.xsd > > May 13 17:46:32 - INFO - Logging configuration successfully loaded from > > /home/puescheo/lsc2/gdldaptestpw/bin/../etc/logback.xml > > May 13 17:46:32 - INFO - LSC configuration successfully loaded from > > /home/puescheo/lsc2/gdldaptestpw/bin/../etc/ > > May 13 17:46:32 - INFO - Connecting to LDAP server > > ldap://gdldaptest1.accounts.intern:389/dc=gi-de,dc=com as cn=Directory > > Manager > > May 13 17:46:32 - DEBUG - Reading sql-map-config.xml from > > file:/home/puescheo/lsc2/gdldaptestpw/bin/../etc/sql-map-config.xml > > May 13 17:46:33 - INFO - Starting async for PasswordSyncTask > > May 13 17:46:33 - DEBUG - Asynchronous synchronize PasswordSyncTask > > May 13 17:46:33 - ERROR - Error while synchronizing ID puescheo: > > java.util.NoSuchElementException > > May 13 17:46:33 - DEBUG - java.util.NoSuchElementException > > java.util.NoSuchElementException: null > > at java.util.HashMap$HashIterator.nextEntry(HashMap.java:897) > > ~[na:1.7.0_17] > > at java.util.HashMap$KeyIterator.next(HashMap.java:928) > > ~[na:1.7.0_17] > > at > org.lsc.LscDatasets.getStringValueAttribute(LscDatasets.java:81) > > ~[lsc-core-2.0.2.jar:na] > > at > > > org.lsc.jndi.AbstractSimpleJndiService.get(AbstractSimpleJndiService.java:247) > > ~[lsc-core-2.0.2.jar:na] > > at > > org.lsc.jndi.SimpleJndiDstService.getBean(SimpleJndiDstService.java:122) > > ~[lsc-core-2.0.2.jar:na] > > at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:714) > > [lsc-core-2.0.2.jar:na] > > at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:673) > > [lsc-core-2.0.2.jar:na] > > at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:652) > > [lsc-core-2.0.2.jar:na] > > at java.lang.Thread.run(Thread.java:722) [na:1.7.0_17] > > > > The lsc.xml used is as follows: > > > > <?xml version="1.0" ?> > > <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; revision="0"> > > <connections> > > <databaseConnection> > > <name>edatadb-src-conn</name> > > <url>jdbc:oracle:thin:@****************************</url> > > <username>**********</username> > > <password>********</password> > > <driver>oracle.jdbc.driver.OracleDriver</driver> > > </databaseConnection> > > > > <ldapConnection> > > <name>gdldap-dst-conn</name> > > <url>ldap://******************/dc=gi-de,dc=com</url> > > <username>cn=Directory Manager</username> > > <password>**************</password> > > <authentication>SIMPLE</authentication> > > <referral>IGNORE</referral> > > <derefAliases>NEVER</derefAliases> > > <version>VERSION_3</version> > > <pageSize>500</pageSize> > > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > > </ldapConnection> > > </connections> > > > > <tasks> > > <task> > > <name>PasswordSyncTask</name> > > <bean>org.lsc.beans.SimpleBean</bean> > > <databaseSourceService> > > <name>pw-edatadb-src-service</name> > > <connection reference="edatadb-src-conn" /> > > <requestNameForList>getInetOrgPersonList</requestNameForList> > > <requestNameForObject>getInetOrgPerson</requestNameForObject> > > <requestNameForNextId>getInetOrgPersonNext</requestNameForNextId> > > <requestNameForClean>getInetOrgPersonClean</requestNameForClean> > > </databaseSourceService> > > <ldapDestinationService> > > <name>pw-gdldap-dst-service</name> > > <connection reference="gdldap-dst-conn" /> > > <baseDn>ou=People,dc=gi-de,dc=com</baseDn> > > <pivotAttributes> > > <string>cn</string> > > </pivotAttributes> > > <fetchedAttributes> > > <string>userpassword</string> > > </fetchedAttributes> > > <getAllFilter>(objectClass=inetorgperson)</getAllFilter> > > > > <getOneFilter>(&(objectClass=inetorgperson)(cn={cn}))</getOneFilter> > > </ldapDestinationService> > > <propertiesBasedSyncOptions> > > <mainIdentifier>"cn=" + srcBean.getDatasetFirstValueById("cn") + > > ",ou=" + srcBean.getDatasetFirstValueById("o") + > > ",ou=People,dc=gi-de,dc=com"</mainIdentifier> > > <defaultDelimiter>;</defaultDelimiter> > > <defaultPolicy>FORCE</defaultPolicy> > > <conditions> > > <create>false</create> > > <update>true</update> > > <delete>false</delete> > > <changeId>false</changeId> > > </conditions> > > <dataset> > > <name>userpassword</name> > > <policy>FORCE</policy> > > <defaultValues></defaultValues> > > <forceValues></forceValues> > > <createValues></createValues> > > </dataset> > > </propertiesBasedSyncOptions> > > </task> > > </tasks> > > <security> > > <encryption> > > <keyfile>etc/lsc.key</keyfile> > > <algorithm>AES</algorithm> > > <strength>128</strength> > > </encryption> > > </security> > > </lsc> > > > > I'll be very happy with any help or advice! > > Could you send us your complete iBastis configuration file? > > Thanks, > > Clément. > > > > Vorsitzender des Aufsichtsrats: Dr. Peter-Alexander Wacker > Geschäftsführer: Dr. Karsten Ottenberg (Vorsitzender, CEO), > Michael Kuemmerle, Hans Wolfgang Kunz, > Dr. Walter Schlebusch, Dr. Peter Zattler (CFO) > Gesellschaftssitz: München, Handelsregister Amtsgericht München HRB 4619. > > Bitte prüfen Sie der Umwelt zuliebe, ob der Ausdruck dieser E-Mail > erforderlich ist. > > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] > http://lists.lsc-project.org/listinfo/lsc-users > >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
