Hi Sébastien and thank you
I was about to post a reply, to mention how I solved the problem.
You got it right :)
Here is my new sql map :
http://pastebin.com/r4qwTgUx
I also had to do a type cast on gidNumber to make getPosixGroup
compatible with, as the value is processed as a string within LSC :
CAST(g.group_id+1000 AS CHAR) AS gidNumber
And it was 'g' table, not 'ug'
info: SQL tables are those from Tuleap software (http://tuleap.net)
To inject comma separated group members list resulting from the SQL
query to memberUid in the LDAP directory, I also had to specify the
following dataset:
<propertiesBasedSyncOptions>
...
<dataset>
<name>memberUid</name>
<delimiter>,</delimiter>
</dataset>
Thanks again !!
Le 21/01/2014 00:08, Sébastien Bahloul a écrit :
HI Martin,
I think that you may have in issue because you add 1000 to your
group_id before returning it while listing objects (getPosixGroupList)
but you try and search for this value inside the original table in the
getPosixGroup request (WHERE ug.group_id = #gidnumber# ...
AND g.group_id = #gidnumber#)
Maybe you should try WHERE ug.group_id + 1000 = #gidnumber# ...
AND g.group_id + 1000 = #gidnumber#
Regards,
Sebastien BAHLOUL
IAM / Security specialist
Ldap Synchronization Connector : http://lsc-project.org
Blog : http://sbahloul.wordpress.com/
2014/1/16 Martin Hamant <[email protected] <mailto:[email protected]>>
Hi there !
I need to synchronize users and groups from a set of MySQL tables
to an LDAP directory.
users sync works well. Then I tried to replicate the thing for
groups but it seems I miss something (I get an empty "cn" field).
Also I am not sure if I have to use "cn" or "gidNumber" as a pivot
attribute... Originally I wanted to use gidNumber everywhere so
the distinction is guaranteed.
Once I'll have the above solved I'll need to inject the memberUid
field to the LDAP directory , so I wrote an SQL query that returns
memberUid as a comma separated membership list. Would it be
sufficient enough ?
Here is my GroupSync LSC task :
http://pastebin.com/QtqPcNca
And the SQL map :
http://pastebin.com/yZhiFtpm
And LSC debug output (you can see 'In object "cn=,ou' than cn
field gets empty !?) :
Jan 16 08:21:46 - DEBUG - Loading XML configuration from:
/home/lsc/sql2ldap/etc/lsc.xml
Jan 16 08:21:46 - INFO - Reflections took 254 ms to scan 1 urls,
producing 51 keys and 103 values
Jan 16 08:21:46 - DEBUG - Importing XML schema file:
schemas/lsc-core-2.0.xsd
Jan 16 08:21:46 - INFO - Logging configuration successfully
loaded from /home/lsc/sql2ldap/etc/logback.xml
Jan 16 08:21:46 - INFO - LSC configuration successfully loaded
from /home/lsc/sql2ldap/etc/
Jan 16 08:21:46 - INFO - Connecting to LDAP server
ldap://localhost:389/dc=my,dc=domain,dc=ltd as
cn=admin,dc=my,dc=domain,dc=ltd
Jan 16 08:21:46 - DEBUG - Reading sql-map-config.xml from
file:/home/lsc/sql2ldap/etc/sql-map-config.xml
Jan 16 08:21:47 - INFO - Starting sync for GroupSync
Jan 16 08:21:47 - DEBUG - Synchronizing GroupSync for
{gidnumber=1001, cn=admin}
Jan 16 08:21:47 - DEBUG - Synchronizing GroupSync for
{gidnumber=1046, cn=sitenews}
Jan 16 08:21:47 - DEBUG - Synchronizing GroupSync for
{gidnumber=1100, cn=none}
Jan 16 08:21:47 - DEBUG - Synchronizing GroupSync for
{gidnumber=1101, cn=stest}
Jan 16 08:21:47 - DEBUG - Synchronizing GroupSync for
{gidnumber=1099, cn=imadmingroup}
Jan 16 08:21:47 - DEBUG - In object
"cn=,ou=groups,dc=my,dc=domain,dc=ltd": List of attributes
considered for writing in destination: [cn, description,
memberUid, gidNumber, objectClass]
Jan 16 08:21:47 - DEBUG - In object
"cn=,ou=groups,dc=my,dc=domain,dc=ltd": Attribute "cn" is in
FORCE status
Jan 16 08:21:47 - DEBUG - In object
"cn=,ou=groups,dc=my,dc=domain,dc=ltd": Attribute "cn" will not
be written to the destination
Jan 16 08:21:47 - DEBUG - In object
"cn=,ou=groups,dc=my,dc=domain,dc=ltd": Attribute "description"
is in FORCE status
Jan 16 08:21:47 - DEBUG - In object
"cn=,ou=groups,dc=my,dc=domain,dc=ltd": List of attributes
considered for writing in destination: [cn, description,
memberUid, gidNumber, objectClass]
(...)
Thanks for your help !
--
Martin
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
<mailto:[email protected]>
http://lists.lsc-project.org/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
