Ive attached the lsc config.
Regards, - Ben From: Clément OUDOT [mailto:[email protected]] Sent: 07 November 2013 09:38 To: Benjamin Vogt Cc: Sébastien Bahloul; lsc-users Subject: Re: [lsc-users] unicodePwd :: double colon 2013/11/7 Benjamin Vogt <[email protected]> I have the correct hash, I need to push the hash. (It is not SHA1 or MD5). If I can set the hash with ldapmodify and it works, why is it too difficult for lsc to do it? Perhaps I need to use setDataset for binary, but as it is so well documented, I do not know Could you send us your LSC configuration? I have no problem pushing a password into AD. Clément.
<?xml version="1.0" ?> <!-- In the following file, comments are describing each node. Elements are referenced through XPath expression, whereas attributes are prefixed with '@' //lsc Root node of the XML configuration file @xmlns XML Schema validation is not ready yet (Reserved for futur use) @id optional, added by XML API @revision mandatory, used by the Web Administration Interface to version this file --> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; revision="0"> <!-- ./connections Connections list node, must contain at least two connections --> <connections> <ldapConnection> <name>ad</name> <url>ldaps://ldap.example.com:636/dc=example,dc=com</url> <username>[email protected]</username> <password>XXXXXX</password> <authentication>SIMPLE</authentication> <pageSize>1000</pageSize> <tlsActivated>true</tlsActivated> <binaryAttributes> <string>unicodePwd</string> </binaryAttributes> </ldapConnection> <ldapConnection> <name>openldap</name> <url>ldaps://ldap.example.com:6636/dc=example,dc=com</url> <username>cn=Manager,dc=example,dc=com</username> <password>XXXXXX</password> <authentication>SIMPLE</authentication> <tlsActivated>true</tlsActivated> </ldapConnection> </connections> <tasks> <task> <name>sync</name> <bean>org.lsc.beans.SimpleBean</bean> <ldapSourceService> <name>openldap-src-service</name> <connection reference="openldap" /> <baseDn>ou=people,dc=example,dc=com</baseDn> <pivotAttributes><string>uid</string></pivotAttributes> <fetchedAttributes> <string>objectClass</string> <string>sn</string> <string>givenName</string> <string>cn</string> <string>ADHash</string> <string>mail</string> <string>uid</string> </fetchedAttributes> <getAllFilter>(objectClass=inetOrgPerson)</getAllFilter> <getOneFilter>(&(objectClass=inetOrgPerson)(uid={uid}))</getOneFilter> <cleanFilter>(&(objectClass=inetOrgPerson)(uid={samAccountName}))</cleanFilter> </ldapSourceService> <ldapDestinationService> <name>ad-dst-service</name> <connection reference="ad" /> <baseDn>cn=Users,dc=example,dc=com</baseDn> <pivotAttributes><string>sAMAccountName</string></pivotAttributes> <fetchedAttributes> <string>objectClass</string> <string>sn</string> <string>givenName</string> <string>cn</string> <string>mail</string> <string>uid</string> <string>sAMAccountName</string> <string>userPrincipalName</string> <string>userAccountControl</string> <string>pwdLastSet</string> <string>unicodePwd</string> </fetchedAttributes> <getAllFilter>(&(objectClass=user)(sAMAccountName=*)(!(isCriticalSystemObject=*)))</getAllFilter> <getOneFilter>(&(objectClass=user)(sAMAccountName={uid}))</getOneFilter> </ldapDestinationService> <propertiesBasedSyncOptions> <mainIdentifier>"CN=" + srcBean.getDatasetFirstValueById("cn") + ",CN=Users,DC=example,DC=com"</mainIdentifier> <defaultDelimiter>;</defaultDelimiter> <defaultPolicy>FORCE</defaultPolicy> <dataset> <name>sAMAccountName</name> <policy>KEEP</policy> <createValues> <string>srcBean.getDatasetFirstValueById("uid")</string> </createValues> </dataset> <dataset> <name>userPrincipalName</name> <policy>KEEP</policy> <createValues> <string>srcBean.getDatasetFirstValueById("uid") + "@example.com"</string> </createValues> </dataset> <dataset> <name>userAccountControl</name> <policy>KEEP</policy> <createValues> <string>AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT])</string> </createValues> </dataset> <dataset> <name>pwdLastSet</name> <policy>KEEP</policy> <createValues> <string>"0"</string> </createValues> </dataset> <dataset> <name>unicodePwd</name> <policy>FORCE</policy> <forceValues> <string>srcBean.getDatasetFirstValueById("ADHash")</string> </forceValues> </dataset> </propertiesBasedSyncOptions> </task> </tasks> </lsc>
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
