Hi, Sorry to disturb you , but i still have problem to put a password to my users in AD. As it was said i use LDAPS and put the certificate as it is said in your web file.
May i ask you to confirm that my lsc.xml file is good or not ? <?xml version="1.0" ?> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; revision="0"> <connections> <ldapConnection> <name>ldap-src-conn</name> <url>ldap://ldap.yyyyy.ch:389/ou=users,dc=yyyyy,dc=ch</url> <username>cn=syncrepl,dc=yyyyy,dc=ch</username> <password>=xxxxxxxxxxx</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>-1</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> </ldapConnection> <ldapConnection> <name>ldap-dst-conn</name> <url>ldaps://dc01.ad.yyyyyy.ch:636/OU=users,OU=LDAP,DC=ad,DC=yyyyyy,DC=ch</url> <username>CN=Administrator,CN=Users,DC=ad,DC=yyyyyyy,DC=ch</username> <password>=zzzzzzzzzzz</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>-1</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>true</tlsActivated> </ldapConnection> </connections> <audits> <csvAudit> <name>csv</name> <append>true</append> <operations>create, delete</operations> <file>/tmp/audit.csv</file> <datasets>cn, dn</datasets> <separator>;</separator> </csvAudit> <ldifAudit> <name>ldif</name> <append>true</append> <file>/tmp/audit.ldif</file> </ldifAudit> </audits> <tasks> <task> <name>People</name> <bean>org.lsc.beans.SimpleBean</bean> <ldapSourceService> <name>openldap-source-service</name> <connection reference="ldap-src-conn" /> <baseDn>ou=users,dc=yyyyy,dc=ch</baseDn> <pivotAttributes> <string>uid</string> </pivotAttributes> <fetchedAttributes> <string>cn</string> <string>sn</string> <string>givenName</string> <string>objectClass</string> <string>uid</string> <string>mail</string> </fetchedAttributes> <getAllFilter>(objectClass=inetOrgPerson)</getAllFilter> <getOneFilter>(&(objectClass=inetOrgPerson)(uid={uid}))</getOneFilter> </ldapSourceService> <ldapDestinationService> <name>ad-dst-service</name> <connection reference="ldap-dst-conn" /> <baseDn>OU=users,OU=LDAP,DC=ad,DC=yyyyy,DC=ch</baseDn> <pivotAttributes> <string>samAccountName</string> </pivotAttributes> <fetchedAttributes> <string>cn</string> <string>sn</string> <string>givenName</string> <string>objectClass</string> <string>samAccountName</string> <string>mail</string> <string>userPrincipalName</string> </fetchedAttributes> <getAllFilter>(objectClass=user)</getAllFilter> <getOneFilter>(&(objectClass=user)(samAccountName={uid}))</getOneFilter> </ldapDestinationService> <propertiesBasedSyncOptions> <mainIdentifier>"CN=" + srcBean.getDatasetFirstValueById("cn") + ",OU=users,OU=LDAP,DC=ad,DC=yyyyy,DC=ch"</mainIdentifier> <defaultDelimiter>;</defaultDelimiter> <defaultPolicy>FORCE</defaultPolicy> <dataset> <name>objectClass</name> <policy>FORCE</policy> <forceValues> <string>"top"</string> <string>"user"</string> <string>"Person"</string> <string>"OrganizationalPerson"</string> </forceValues> <delimiter>;</delimiter> </dataset> <dataset> <name>samAccountName</name> <policy>KEEP</policy> <createValues> <string>js:srcBean.getDatasetFirstValueById("uid")</string> </createValues> </dataset> <dataset> <name>userPrincipalName</name> <policy>FORCE</policy> <forceValues> <string>js:srcBean.getDatasetFirstValueById("uid") + "@idiap.ch"</string> </forceValues> </dataset> <dataset> <name>userAccountControl</name> <policy>KEEP</policy> <createValues> <string>AD.userAccountControlSet( "0",AD.UAC_SET_NORMAL_ACCOUNT]) </string> </createValues> </dataset> <dataset> <name>pwdLastSet</name> <policy>KEEP</policy> <createValues> <string>"0"</string> </createValues> </dataset> <dataset> <name>userPassword</name> <policy>KEEP</policy> <createValues> <string>AD.getuserPassword("changethis")</string> </createValues> </dataset> </propertiesBasedSyncOptions> </task> </tasks> </lsc> Thank you so much for the time you can use for this little trouble. LMP _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
