Hello,
I have the following javascript to translate AD groups into OpenLDAP groups:
<dataset>
<name>member</name>
<policy>FORCE</policy>
<forceValues>
<string>
<![CDATA[
var members = new Array();
var query =
'(&(!(objectClass=group))(memberOf:1.2.840.113556.1.4.1941:=' +
srcBean.getDN()+'))';
var member_list = srcLdap.search('', query).toArray();
for ( var i = 0; i < member_list.length; i++ ) {
var uid = srcLdap.attribute(member_list[i],
'sAMAccountName').get(0);
try {
var user = ldap.list('ou=people', '(uid=' + uid +
')').get(0);
members.push(user + ',' + ldap.getContextDn());
} catch(e) {
continue;
}
}
// Need to convert to a java array if using OpenJDK
membersJava =
java.lang.reflect.Array.newInstance(java.lang.String, members.length);
for ( var i = 0; i < members.length; i++ ) {
membersJava[i] = members[i];
}
membersJava
]]>
</string>
</forceValues>
</dataset>
But because I am only syncing only a selection of users some of these
groups may not contain members after the javascript manipulation has
been performed, which results in errors like:
ERROR - Error while adding entry cn=Example
Users,ou=groups,dc=example,dc=com in directory
:javax.naming.directory.SchemaViolationException: [LDAP: error code 65 -
object class 'groupOfNames' requires attribute 'member']; remaining name
'cn=Distributed COM Users,ou=groups'
Is there anyway to skip a group if it would contain no members instead
of generating these errors? There will be potentially lots of them and
there is a high likelihood that "real" errors will be lost in the noise
of these "false" errors.
Thanks,
John.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
