Re: [lsc-users] another lsc.xml example for 2.0

Tue, 25 Feb 2014 04:53:23 -0800 

2014-02-25 12:00 GMT+01:00 Plumel Louis-Marie <[email protected]>:

> Hi,
>
> Sorry to disturb you , but i still have problem to put a password to my
> users in AD. As it was said i use LDAPS and put the certificate as it is
> said in your web file.
>
> May i ask you to confirm that my lsc.xml file is good or not ?
>
> <?xml version="1.0" ?>
> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; revision="0">
>         <connections>
>                 <ldapConnection>
>                         <name>ldap-src-conn</name>
>
> <url>ldap://ldap.yyyyy.ch:389/ou=users,dc=yyyyy,dc=ch</url>
>                         <username>cn=syncrepl,dc=yyyyy,dc=ch</username>
>                         <password>=xxxxxxxxxxx</password>
>                         <authentication>SIMPLE</authentication>
>                         <referral>IGNORE</referral>
>                         <derefAliases>NEVER</derefAliases>
>                         <version>VERSION_3</version>
>                         <pageSize>-1</pageSize>
>                         <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
>                         <tlsActivated>false</tlsActivated>
>                 </ldapConnection>
>                 <ldapConnection>
>                         <name>ldap-dst-conn</name>
>
> <url>ldaps://dc01.ad.yyyyyy.ch:636/OU=users,OU=LDAP,DC=ad,DC=yyyyyy,DC=ch
> </url>
>
>
> <username>CN=Administrator,CN=Users,DC=ad,DC=yyyyyyy,DC=ch</username>
>                         <password>=zzzzzzzzzzz</password>
>                         <authentication>SIMPLE</authentication>
>                         <referral>IGNORE</referral>
>                         <derefAliases>NEVER</derefAliases>
>                         <version>VERSION_3</version>
>                         <pageSize>-1</pageSize>
>                         <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
>                         <tlsActivated>true</tlsActivated>
>                 </ldapConnection>
>         </connections>
>         <audits>
>                 <csvAudit>
>                         <name>csv</name>
>                         <append>true</append>
>                         <operations>create, delete</operations>
>                         <file>/tmp/audit.csv</file>
>                         <datasets>cn, dn</datasets>
>                         <separator>;</separator>
>                 </csvAudit>
>                 <ldifAudit>
>                         <name>ldif</name>
>                         <append>true</append>
>                         <file>/tmp/audit.ldif</file>
>                 </ldifAudit>
>         </audits>
>         <tasks>
>                 <task>
>                         <name>People</name>
>                         <bean>org.lsc.beans.SimpleBean</bean>
>                         <ldapSourceService>
>                                 <name>openldap-source-service</name>
>                                 <connection reference="ldap-src-conn" />
>                                 <baseDn>ou=users,dc=yyyyy,dc=ch</baseDn>
>                                 <pivotAttributes>
>                                         <string>uid</string>
>                                 </pivotAttributes>
>                                 <fetchedAttributes>
>                                         <string>cn</string>
>                                         <string>sn</string>
>                                         <string>givenName</string>
>                                         <string>objectClass</string>
>                                         <string>uid</string>
>                                         <string>mail</string>
>                                 </fetchedAttributes>
>
> <getAllFilter>(objectClass=inetOrgPerson)</getAllFilter>
>
> <getOneFilter>(&amp;(objectClass=inetOrgPerson)(uid={uid}))</getOneFilter>
>                         </ldapSourceService>
>                         <ldapDestinationService>
>                                 <name>ad-dst-service</name>
>                                 <connection reference="ldap-dst-conn" />
>
> <baseDn>OU=users,OU=LDAP,DC=ad,DC=yyyyy,DC=ch</baseDn>
>                                 <pivotAttributes>
>                                         <string>samAccountName</string>
>                                 </pivotAttributes>
>                                 <fetchedAttributes>
>                                         <string>cn</string>
>                                         <string>sn</string>
>                                         <string>givenName</string>
>                                         <string>objectClass</string>
>                                         <string>samAccountName</string>
>                                         <string>mail</string>
>                                         <string>userPrincipalName</string>
>                                 </fetchedAttributes>
>
> <getAllFilter>(objectClass=user)</getAllFilter>
>
>
> <getOneFilter>(&amp;(objectClass=user)(samAccountName={uid}))</getOneFilter>
>                         </ldapDestinationService>
>                         <propertiesBasedSyncOptions>
>                                 <mainIdentifier>"CN=" +
> srcBean.getDatasetFirstValueById("cn") +
>
> ",OU=users,OU=LDAP,DC=ad,DC=yyyyy,DC=ch"</mainIdentifier>
>                                 <defaultDelimiter>;</defaultDelimiter>
>                                 <defaultPolicy>FORCE</defaultPolicy>
>                                 <dataset>
>                                         <name>objectClass</name>
>                                         <policy>FORCE</policy>
>                                         <forceValues>
>                                                 <string>"top"</string>
>                                                 <string>"user"</string>
>                                                 <string>"Person"</string>
>
> <string>"OrganizationalPerson"</string>
>                                         </forceValues>
>                                         <delimiter>;</delimiter>
>                                 </dataset>
>                                 <dataset>
>                                         <name>samAccountName</name>
>                                         <policy>KEEP</policy>
>                                         <createValues>
>
> <string>js:srcBean.getDatasetFirstValueById("uid")</string>
>                                         </createValues>
>                                 </dataset>
>                                 <dataset>
>                                         <name>userPrincipalName</name>
>                                         <policy>FORCE</policy>
>                                         <forceValues>
>
> <string>js:srcBean.getDatasetFirstValueById("uid") + "@idiap.ch"</string>
>                                         </forceValues>
>                                 </dataset>
>                                 <dataset>
>                                         <name>userAccountControl</name>
>                                         <policy>KEEP</policy>
>                                         <createValues>
>
> <string>AD.userAccountControlSet( "0",AD.UAC_SET_NORMAL_ACCOUNT])
>                                         </string>
>                                         </createValues>
>                                 </dataset>
>                                 <dataset>
>                                         <name>pwdLastSet</name>
>                                         <policy>KEEP</policy>
>                                         <createValues>
>                                                 <string>"0"</string>
>                                         </createValues>
>                                 </dataset>
>                                 <dataset>
>                                         <name>userPassword</name>
>                                         <policy>KEEP</policy>
>                                         <createValues>
>
> <string>AD.getuserPassword("changethis")</string>
>                                         </createValues>
>                                 </dataset>
>                         </propertiesBasedSyncOptions>
>                 </task>
>         </tasks>
> </lsc>
>



Hi,

two points:
* Password attribute in AD is not userPassword but unicodePwd
* All attributes in dataset must be declared in fetchedAttributes, else LSC
will ignore them.

Clément.

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to