Hi Jaime, Thanks for your example and your feedback :)
Regards, Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2014-02-18 13:43 GMT+01:00 Jaime Cardoso <[email protected]>: > Hello all > > I recently started using lsc and found it one of the best tools to feed > data into an LDAP server. In the project I'm working now, I had to import > all the users from AD into an OpenDJ. > I noticed that there are very few published examples of config files as > "ready to use" as one can so, in the hopes this will be usefull to anyone, > here's an examle of an lsc.xml for version 2.0 > I'm sending this to the mailing list since it's archives was my starting > point in searching for config examples so I thought others would do the > same path. > > What does it do? > - Reads all the users from AD; The users in this case are spread in > multiple subtrees. > - Writes in OpenDJ the user with it's DN: cn=<user from AD>, ou=people, > dc=opendj,dc=pt > - The attributes cn, sn, givenName, mail, description and displayName are > simple copies from AD > - The attribute uid is a copy from sAMAccountname from AD > (The following requires schema changes in OpenDJ) > - The attribute sAMAccountname is also added to the user's entry in OpenDJ > with the value copied from AD (so, sAMAccountname = uid) > - Added my custom ObjectClass ad-ldap-hack-oid to every user created by > this sync task > - Added the attribute ds-pwp-password-policy-dn with the value cn=AD > corpdom policy,cn=Password Policies,cn=config to every user created by this > sync task > > Groups: Not working, if you need to sync groups, this file isn't for you > > Needed changes: > This file should work with a simple copy / paste into /etc/lsc/lsc.xml > provided you change the following to suite your needs: > In both connections, change the url, username and password > In the task change the baseDN of both servers > > > > <?xml version="1.0" ?> > <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; revision="0"> > > <connections> > <ldapConnection> > <name>dst-ldap</name> > <url>ldap://localhost:389/dc=opendj,dc=pt</url> > <username>cn=Directory Manager</username> > <password>passwordldap</password> > <authentication>SIMPLE</authentication> > <referral>IGNORE</referral> > <derefAliases>NEVER</derefAliases> > <version>VERSION_3</version> > <pageSize>-1</pageSize> > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > <tlsActivated>false</tlsActivated> > <saslMutualAuthentication>false</saslMutualAuthentication> > </ldapConnection> > > <ldapConnection> > <name>src-ad1</name> > <url>ldap://10.154.51.35:3268/dc=ad,dc=local</url> > <username>CN=user,ou=test,dc=ad,dc=local</username> > <password>passwordad</password> > <authentication>SIMPLE</authentication> > <pageSize>1000</pageSize> > </ldapConnection> > > </connections> > <audits/> > <tasks> > <task> > <name>MySyncTask</name> > <bean>org.lsc.beans.SimpleBean</bean> > <ldapSourceService> > <name>MySyncTask-src</name> > <connection reference="src-ad1" /> > <baseDn>dc=ad,dc=local</baseDn> > <pivotAttributes> > <string>cn</string> > </pivotAttributes> > <fetchedAttributes> > <string>cn</string> > <string>sn</string> > <string>givenName</string> > <string>mail</string> > <string>sAMAccountName</string> > <string>description</string> > <string>displayName</string> > </fetchedAttributes> > <getAllFilter>(&(cn=*)(objectClass=user))</getAllFilter> > <getOneFilter>(&(objectClass=organizationalPerson)(cn={cn}) > )</getOneFilter> > <cleanFilter>(&(objectClass=organizationalPerson)(cn={cn}) > )</cleanFilter> > <interval>6</interval> > </ldapSourceService> > <ldapDestinationService> > <name>MySyncTask-dst</name> > <connection reference="dst-ldap"/> > <baseDn>ou=people,dc=opendj,dc=pt</baseDn> > <pivotAttributes> > <string>cn</string> > </pivotAttributes> > <fetchedAttributes> > <string>cn</string> > <string>sn</string> > <string>objectClass</string> > <string>givenName</string> > <string>mail</string> > <string>uid</string> > <string>samaccountname</string> > <string>description</string> > <string>displayName</string> > <string>ds-pwp-password-policy-dn</string> > </fetchedAttributes> > <getAllFilter>(objectClass=inetOrgPerson)</getAllFilter> > <getOneFilter>(&(objectClass=inetOrgPerson)(cn={cn}))</getOneFilter> > </ldapDestinationService> > <propertiesBasedSyncOptions> > <mainIdentifier>"cn=" + srcBean.getDatasetFirstValueById("cn") + > ",ou=people" > </mainIdentifier> > <defaultDelimiter>;</defaultDelimiter> > <defaultPolicy>FORCE</defaultPolicy> > <dataset> > <name>objectClass</name> > <policy>FORCE</policy> > <forceValues> > <string>"inetOrgPerson"</string> > <string>"organizationalPerson"</string> > <string>"person"</string> > <string>"top"</string> > <string>"ad-ldap-hack-oid"</string> > </forceValues> > <delimiter>,</delimiter> > </dataset> > <dataset> > <name>uid</name> > <policy>FORCE</policy> > <forceValues> > <string> > srcBean.getDatasetFirstValueById("sAMAccountName")</string> > </forceValues> > </dataset> > <dataset> > <name>ds-pwp-password-policy-dn</name> > <policy>FORCE</policy> > <forceValues> > <string>"cn=AD corpdom policy,cn=Password > Policies,cn=config"</string> > </forceValues> > </dataset> > <dataset> > <name>default</name> > <policy>FORCE</policy> > </dataset> > </propertiesBasedSyncOptions> > </task> > > <task> > <name>GroupSyncTask</name> > <bean>org.lsc.beans.SimpleBean</bean> > <ldapSourceService> > <name>GroupSyncTask-src</name> > <connection reference="src-ad1" /> > <baseDn>DC=corpdom,DC=local</baseDn> > <pivotAttributes> > <string>cn</string> > </pivotAttributes> > <fetchedAttributes> > <string>cn</string> > <string>member</string> > </fetchedAttributes> > > <getAllFilter>(&(member=*)(objectClass=group))</getAllFilter> > <getOneFilter>(&(objectClass=group)(cn={cn}))</getOneFilter> > <cleanFilter>(&(objectClass=group)(cn={cn}))</cleanFilter> > <interval>100</interval> > </ldapSourceService> > > <ldapDestinationService> > <name>GroupSyncTask-dst</name> > <connection reference="dst-ldap"/> > <baseDn>ou=Groups,dc=opendj,dc=pt</baseDn> > <pivotAttributes> > <string>cn</string> > </pivotAttributes> > <fetchedAttributes> > <string>cn</string> > <string>member</string> > <string>objectClass</string> > </fetchedAttributes> > <getAllFilter>(objectClass=groupOfNames)</getAllFilter> > > <getOneFilter>(&(objectClass=groupOfNames)(cn={cn}))</getOneFilter> > </ldapDestinationService> > <propertiesBasedSyncOptions> > <mainIdentifier>"cn=" + srcBean.getDatasetValuesById("cn")+ > ",ou=groups,dc=opendj,dc=pt" </mainIdentifier> > <defaultDelimiter>;</defaultDelimiter> > <defaultPolicy>FORCE</defaultPolicy> > <dataset> > <name>objectClass</name> > <policy>FORCE</policy> > <forceValues> > <string>"groupOfNames"</string> > <string>"top"</string> > </forceValues> > <delimiter>$</delimiter> > </dataset> > <dataset> > <name>default</name> > <policy>FORCE</policy> > </dataset> > </propertiesBasedSyncOptions> > </task> > </tasks> > </lsc> > > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] > http://lists.lsc-project.org/listinfo/lsc-users >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
