Re: [lsc-users] another lsc.xml example for 2.0

Plumel Louis-Marie Tue, 25 Feb 2014 07:15:13 -0800

A great thank you, it works very well.
Now i'm going to test lsbproject...

Cheers


LMP

On 25/02/14 13:52, Clément OUDOT wrote:
>
>
>
> 2014-02-25 12:00 GMT+01:00 Plumel Louis-Marie
> <[email protected] <mailto:[email protected]>>:
>
>     Hi,
>
>     Sorry to disturb you , but i still have problem to put a password
>     to my
>     users in AD. As it was said i use LDAPS and put the certificate as
>     it is
>     said in your web file.
>
>     May i ask you to confirm that my lsc.xml file is good or not ?
>
>     <?xml version="1.0" ?>
>     <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; revision="0">
>             <connections>
>                     <ldapConnection>
>                             <name>ldap-src-conn</name>
>
>     <url>ldap://ldap.yyyyy.ch:389/ou=users,dc=yyyyy,dc=ch
>     <http://ldap.yyyyy.ch:389/ou=users,dc=yyyyy,dc=ch></url>
>                            
>     <username>cn=syncrepl,dc=yyyyy,dc=ch</username>
>                             <password>=xxxxxxxxxxx</password>
>                             <authentication>SIMPLE</authentication>
>                             <referral>IGNORE</referral>
>                             <derefAliases>NEVER</derefAliases>
>                             <version>VERSION_3</version>
>                             <pageSize>-1</pageSize>
>                            
>     <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
>                             <tlsActivated>false</tlsActivated>
>                     </ldapConnection>
>                     <ldapConnection>
>                             <name>ldap-dst-conn</name>
>
>     <url>ldaps://dc01.ad.yyyyyy.ch:636/OU=users,OU=LDAP,DC=ad,DC=yyyyyy,DC=ch
>     
> <http://dc01.ad.yyyyyy.ch:636/OU=users,OU=LDAP,DC=ad,DC=yyyyyy,DC=ch></url>
>
>
>     <username>CN=Administrator,CN=Users,DC=ad,DC=yyyyyyy,DC=ch</username>
>                             <password>=zzzzzzzzzzz</password>
>                             <authentication>SIMPLE</authentication>
>                             <referral>IGNORE</referral>
>                             <derefAliases>NEVER</derefAliases>
>                             <version>VERSION_3</version>
>                             <pageSize>-1</pageSize>
>                            
>     <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
>                             <tlsActivated>true</tlsActivated>
>                     </ldapConnection>
>             </connections>
>             <audits>
>                     <csvAudit>
>                             <name>csv</name>
>                             <append>true</append>
>                             <operations>create, delete</operations>
>                             <file>/tmp/audit.csv</file>
>                             <datasets>cn, dn</datasets>
>                             <separator>;</separator>
>                     </csvAudit>
>                     <ldifAudit>
>                             <name>ldif</name>
>                             <append>true</append>
>                             <file>/tmp/audit.ldif</file>
>                     </ldifAudit>
>             </audits>
>             <tasks>
>                     <task>
>                             <name>People</name>
>                             <bean>org.lsc.beans.SimpleBean</bean>
>                             <ldapSourceService>
>                                     <name>openldap-source-service</name>
>                                     <connection
>     reference="ldap-src-conn" />
>                                    
>     <baseDn>ou=users,dc=yyyyy,dc=ch</baseDn>
>                                     <pivotAttributes>
>                                             <string>uid</string>
>                                     </pivotAttributes>
>                                     <fetchedAttributes>
>                                             <string>cn</string>
>                                             <string>sn</string>
>                                             <string>givenName</string>
>                                             <string>objectClass</string>
>                                             <string>uid</string>
>                                             <string>mail</string>
>                                     </fetchedAttributes>
>
>     <getAllFilter>(objectClass=inetOrgPerson)</getAllFilter>
>
>     <getOneFilter>(&amp;(objectClass=inetOrgPerson)(uid={uid}))</getOneFilter>
>                             </ldapSourceService>
>                             <ldapDestinationService>
>                                     <name>ad-dst-service</name>
>                                     <connection
>     reference="ldap-dst-conn" />
>
>     <baseDn>OU=users,OU=LDAP,DC=ad,DC=yyyyy,DC=ch</baseDn>
>                                     <pivotAttributes>
>                                            
>     <string>samAccountName</string>
>                                     </pivotAttributes>
>                                     <fetchedAttributes>
>                                             <string>cn</string>
>                                             <string>sn</string>
>                                             <string>givenName</string>
>                                             <string>objectClass</string>
>                                            
>     <string>samAccountName</string>
>                                             <string>mail</string>
>                                            
>     <string>userPrincipalName</string>
>                                     </fetchedAttributes>
>
>     <getAllFilter>(objectClass=user)</getAllFilter>
>
>     
> <getOneFilter>(&amp;(objectClass=user)(samAccountName={uid}))</getOneFilter>
>                             </ldapDestinationService>
>                             <propertiesBasedSyncOptions>
>                                     <mainIdentifier>"CN=" +
>     srcBean.getDatasetFirstValueById("cn") +
>
>     ",OU=users,OU=LDAP,DC=ad,DC=yyyyy,DC=ch"</mainIdentifier>
>                                     <defaultDelimiter>;</defaultDelimiter>
>                                     <defaultPolicy>FORCE</defaultPolicy>
>                                     <dataset>
>                                             <name>objectClass</name>
>                                             <policy>FORCE</policy>
>                                             <forceValues>
>                                                     <string>"top"</string>
>                                                    
>     <string>"user"</string>
>                                                    
>     <string>"Person"</string>
>
>     <string>"OrganizationalPerson"</string>
>                                             </forceValues>
>                                             <delimiter>;</delimiter>
>                                     </dataset>
>                                     <dataset>
>                                             <name>samAccountName</name>
>                                             <policy>KEEP</policy>
>                                             <createValues>
>
>     <string>js:srcBean.getDatasetFirstValueById("uid")</string>
>                                             </createValues>
>                                     </dataset>
>                                     <dataset>
>                                             <name>userPrincipalName</name>
>                                             <policy>FORCE</policy>
>                                             <forceValues>
>
>     <string>js:srcBean.getDatasetFirstValueById("uid") + "@idiap.ch
>     <http://idiap.ch>"</string>
>                                             </forceValues>
>                                     </dataset>
>                                     <dataset>
>                                            
>     <name>userAccountControl</name>
>                                             <policy>KEEP</policy>
>                                             <createValues>
>
>     <string>AD.userAccountControlSet( "0",AD.UAC_SET_NORMAL_ACCOUNT])
>                                             </string>
>                                             </createValues>
>                                     </dataset>
>                                     <dataset>
>                                             <name>pwdLastSet</name>
>                                             <policy>KEEP</policy>
>                                             <createValues>
>                                                     <string>"0"</string>
>                                             </createValues>
>                                     </dataset>
>                                     <dataset>
>                                             <name>userPassword</name>
>                                             <policy>KEEP</policy>
>                                             <createValues>
>
>     <string>AD.getuserPassword("changethis")</string>
>                                             </createValues>
>                                     </dataset>
>                             </propertiesBasedSyncOptions>
>                     </task>
>             </tasks>
>     </lsc>
>
>
>
>
> Hi,
>
> two points:
> * Password attribute in AD is not userPassword but unicodePwd
> * All attributes in dataset must be declared in fetchedAttributes,
> else LSC will ignore them.
>
> Clément.

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Re: [lsc-users] another lsc.xml example for 2.0

Reply via email to