2014-03-10 15:58 GMT+01:00 Plumel Louis-Marie <[email protected]>:
> Hello everybody,
>
> Since few days i try to synchronize my posix group with AD.
> I use lsc 2.0
>
> I don't see where my error is, if you can have a look at this, it should
> be good.
>
> <!-- POSIXGROUPS SYNCHRONIZATION TASK -->
>
> <name>group</name>
> <bean>org.lsc.beans.SimpleBean</bean>
> <ldapSourceService>
> <name>openldap-srce-service</name>
> <connection reference="ldap-src-conn" />
> <baseDn>ou=posixgroups,dc=idiap,dc=ch</baseDn>
> <pivotAttributes>
> <string>cn</string>
> </pivotAttributes>
> <fetchedAttributes>
> <string>cn</string>
> <string>description</string>
> <string>memberUid</string>
> <string>member</string>
> </fetchedAttributes>
> <getAllFilter><![CDATA[(objectClass=top)]]></getAllFilter>
> <getOneFilter><![CDATA[(&(objectClass=top)(cn={cn}))]]></getOneFilter>
> </ldapSourceService>
> <ldapDestinationService>
> <name>ad-dest-service</name>
> <connection reference="ldap-dst-conn" />
> <baseDn>OU=groups,OU=LDAP,DC=ad,DC=idiap,DC=ch</baseDn>
> <pivotAttributes>
> <string>cn</string>
> </pivotAttributes>
> <fetchedAttributes>
> <string>cn</string>
> <string>distinguishedName</string>
> <string>description</string>
> <string>sAMAccountName</string>
> <string>objectClass</string>
> <string>member</string>
> </fetchedAttributes>
> <getAllFilter><![CDATA[(objectClass=groups)]]></getAllFilter>
> <getOneFilter><![CDATA[(&(objectClass=groups)(cn={cn}))]]></getOneFilter>
> </ldapDestinationService>
>
> <!-- ###########################################
> # Syncoptions configuration for Task group#
> ########################################### -->
>
> <propertiesBasedSyncOptions>
> <mainIdentifier>"CN=" + srcBean.getDataSetFirstValueById("cn")
> + ",OU=groups,OU=LDAP,DC=ad,DC=idiap,DC=ch"</mainIdentifier>
> <defaultDelimiter>$</defaultDelimiter>
> <defaultPolicy>FORCE</defaultPolicy>
> <dataset>
> <name>sAMAccountName</name>
> <policy>FORCE</policy>
> <createValues>
> <string>js:srcBean.getDataSetFirstValueById("cn")</string>
> </createValues>
> </dataset>
> <dataset>
> <name>objectClass</name>
> <policy>FORCE</policy>
> <forceValues>
> <string>"top"</string>
> <string>"group"</string>
> </forceValues>
> </dataset>
>
> <dataset>
> <name>member</name>
> <policy>FORCE</policy>
> <forceValues>
> <string><![CDATA[js:
> var umembers = srcBean.getDataSetFirstValueById("
> memberUid").toArray();
>
> for (var i=0; i<umembers.length; i++)
> {
> try {umembers[i] = ldap.attribute(ldap.list(
> "OU=groups", "(sAMAccountName=" + (umembers[i]) + ")").get(0),
> 'distinguishedname').get(0)
> }
> catch (e) {
> { umembers[i]=null }
> }
> var members = new Array(); var j=0;
> for (var i=0; i<umembers.length; i++)
> { if (umembers[i]!=null) members[j++]=umembers[i] }
> members
> ]]>
> </string>
> </forceValues>
> </dataset>
> </propertiesBasedSyncOptions>
>
> the error is :
> ERROR - Error while synchronizing ID {cn=tecno}:
> java.lang.RuntimeException: No DN set ! Read it from the source or set
> lsc.tasks.NAME.dn
>
>
>
Hi,
I don't understand why you are using a filter (sAMAccountName=xxx) on
ou=groups.
Clément.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
