Hello all
I recently started using lsc and found it one of the best tools to feed
data into an LDAP server. In the project I'm working now, I had to
import all the users from AD into an OpenDJ.
I noticed that there are very few published examples of config files as
"ready to use" as one can so, in the hopes this will be usefull to
anyone, here's an examle of an lsc.xml for version 2.0
I'm sending this to the mailing list since it's archives was my starting
point in searching for config examples so I thought others would do the
same path.
What does it do?
- Reads all the users from AD; The users in this case are spread in
multiple subtrees.
- Writes in OpenDJ the user with it's DN: cn=<user from AD>, ou=people,
dc=opendj,dc=pt
- The attributes cn, sn, givenName, mail, description and displayName
are simple copies from AD
- The attribute uid is a copy from sAMAccountname from AD
(The following requires schema changes in OpenDJ)
- The attribute sAMAccountname is also added to the user's entry in
OpenDJ with the value copied from AD (so, sAMAccountname = uid)
- Added my custom ObjectClass ad-ldap-hack-oid to every user created by
this sync task
- Added the attribute ds-pwp-password-policy-dn with the value cn=AD
corpdom policy,cn=Password Policies,cn=config to every user created by
this sync task
Groups: Not working, if you need to sync groups, this file isn't for you
Needed changes:
This file should work with a simple copy / paste into /etc/lsc/lsc.xml
provided you change the following to suite your needs:
In both connections, change the url, username and password
In the task change the baseDN of both servers
<?xml version="1.0" ?>
<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; revision="0">
<connections>
<ldapConnection>
<name>dst-ldap</name>
<url>ldap://localhost:389/dc=opendj,dc=pt</url>
<username>cn=Directory Manager</username>
<password>passwordldap</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>-1</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
<saslMutualAuthentication>false</saslMutualAuthentication>
</ldapConnection>
<ldapConnection>
<name>src-ad1</name>
<url>ldap://10.154.51.35:3268/dc=ad,dc=local</url>
<username>CN=user,ou=test,dc=ad,dc=local</username>
<password>passwordad</password>
<authentication>SIMPLE</authentication>
<pageSize>1000</pageSize>
</ldapConnection>
</connections>
<audits/>
<tasks>
<task>
<name>MySyncTask</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>MySyncTask-src</name>
<connection reference="src-ad1" />
<baseDn>dc=ad,dc=local</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>sn</string>
<string>givenName</string>
<string>mail</string>
<string>sAMAccountName</string>
<string>description</string>
<string>displayName</string>
</fetchedAttributes>
<getAllFilter>(&(cn=*)(objectClass=user))</getAllFilter>
<getOneFilter>(&(objectClass=organizationalPerson)(cn={cn}))</getOneFilter>
<cleanFilter>(&(objectClass=organizationalPerson)(cn={cn}))</cleanFilter>
<interval>6</interval>
</ldapSourceService>
<ldapDestinationService>
<name>MySyncTask-dst</name>
<connection reference="dst-ldap"/>
<baseDn>ou=people,dc=opendj,dc=pt</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>sn</string>
<string>objectClass</string>
<string>givenName</string>
<string>mail</string>
<string>uid</string>
<string>samaccountname</string>
<string>description</string>
<string>displayName</string>
<string>ds-pwp-password-policy-dn</string>
</fetchedAttributes>
<getAllFilter>(objectClass=inetOrgPerson)</getAllFilter>
<getOneFilter>(&(objectClass=inetOrgPerson)(cn={cn}))</getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>"cn=" + srcBean.getDatasetFirstValueById("cn")
+ ",ou=people"
</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<dataset>
<name>objectClass</name>
<policy>FORCE</policy>
<forceValues>
<string>"inetOrgPerson"</string>
<string>"organizationalPerson"</string>
<string>"person"</string>
<string>"top"</string>
<string>"ad-ldap-hack-oid"</string>
</forceValues>
<delimiter>,</delimiter>
</dataset>
<dataset>
<name>uid</name>
<policy>FORCE</policy>
<forceValues>
<string>
srcBean.getDatasetFirstValueById("sAMAccountName")</string>
</forceValues>
</dataset>
<dataset>
<name>ds-pwp-password-policy-dn</name>
<policy>FORCE</policy>
<forceValues>
<string>"cn=AD corpdom policy,cn=Password
Policies,cn=config"</string>
</forceValues>
</dataset>
<dataset>
<name>default</name>
<policy>FORCE</policy>
</dataset>
</propertiesBasedSyncOptions>
</task>
<task>
<name>GroupSyncTask</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>GroupSyncTask-src</name>
<connection reference="src-ad1" />
<baseDn>DC=corpdom,DC=local</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>member</string>
</fetchedAttributes>
<getAllFilter>(&(member=*)(objectClass=group))</getAllFilter>
<getOneFilter>(&(objectClass=group)(cn={cn}))</getOneFilter>
<cleanFilter>(&(objectClass=group)(cn={cn}))</cleanFilter>
<interval>100</interval>
</ldapSourceService>
<ldapDestinationService>
<name>GroupSyncTask-dst</name>
<connection reference="dst-ldap"/>
<baseDn>ou=Groups,dc=opendj,dc=pt</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>member</string>
<string>objectClass</string>
</fetchedAttributes>
<getAllFilter>(objectClass=groupOfNames)</getAllFilter>
<getOneFilter>(&(objectClass=groupOfNames)(cn={cn}))</getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>"cn=" + srcBean.getDatasetValuesById("cn")+
",ou=groups,dc=opendj,dc=pt" </mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<dataset>
<name>objectClass</name>
<policy>FORCE</policy>
<forceValues>
<string>"groupOfNames"</string>
<string>"top"</string>
</forceValues>
<delimiter>$</delimiter>
</dataset>
<dataset>
<name>default</name>
<policy>FORCE</policy>
</dataset>
</propertiesBasedSyncOptions>
</task>
</tasks>
</lsc>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
