> > > What is exactly the configuration of your mainIdentifier? Could you send an > anonymized version of your lsc.xml ? > of course!
Francesco
<?xml version="1.0" ?> <!-- In the following file, comments are describing each node. Elements are referenced through XPath expression, whereas attributes are prefixed with '@' //lsc Root node of the XML configuration file @xmlns XML Schema validation is not ready yet (Reserved for futur use) @id optional, added by XML API @revision mandatory, used by the Web Administration Interface to version this file --> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; revision="0"> <!-- ./connections Connections list node, must contain at least two connections --> <connections> <!-- ./connection Connection node, include definition of the required parameters. Depending on the connection type, properties vary. Existing class type are : ldapConnection, databaseConnnection Plugins also provides : nisConnection, jndiExecDstConnection --> <ldapConnection> <name>openldap-conn</name> <url>ldaps://ldap.example.org:636/dc=example,dc=org</url> <username>cn=provisionator,ou=agents,dc=example,dc=org</username> <password>secret</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>-1</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> </ldapConnection> <ldapConnection> <name>ad-conn</name> <url>ldaps://dc1.ateneo.example.org:636/ou=people,dc=ateneo,dc=example,dc=org</url> <username>cn=admin ad,cn=users,dc=ateneo,dc=example,dc=org</username> <password>secret</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>1000</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> </ldapConnection> </connections> <!-- ./audits Audits list node --> <audits> <!--./audit Audit node, here a CSV audit, may also be a LDIF or any contributed audit type --> <csvAudit> <!-- ./name mandatory, audit name --> <name>csv</name> <!-- ./append optional, default to false, specify to create a new log file or to append to the existing one --> <append>true</append> <!-- ./operations optional, comma separated list of operations (create, delete, update or rename) --> <operations>create, delete</operations> <!-- ./file mandatory, define the location of the file where the CSV data will be written --> <file>/opt/lsc/var/async/dump.csv</file> <!-- ./datasets optional, comma separated list of datasets modification to log --> <datasets>cn, dn</datasets> <!-- ./separator optional, default to ";", specify the values separator --> <separator>,</separator> </csvAudit> </audits> <!-- ./tasks Task list node, must contain at least one task --> <tasks> <!-- ./task Task node, this is the main node, in which synchronization is defined --> <task> <!-- ./name mandatory task node this is the main node, in which synchronization is defined --> <name>openldap2ad</name> <!-- ./bean optional bean node, default to org.lsc.beans.SimpleBean, define the pivot object used to store datasets and values --> <bean>org.lsc.beans.SimpleBean</bean> <!-- ./sourceService mandatory node containing definition of the source service settings possible builtin types are : databaseSourceService, ldapSourceService Plugins also provides: syncreplSourceService, nisSourceService --> <ldapSourceService> <!-- A database source service will have to contain at least a name, a connection reference, a request for listing available objects, and a request to get a complete object from its ids --> <name>openldap-service</name> <connection reference="openldap-conn" /> <baseDn>ou=people,dc=example,dc=org</baseDn> <pivotAttributes><string>uid</string></pivotAttributes> <fetchedAttributes> <string>cn</string> <string>gecos</string> <string>sn</string> <string>givenName</string> <string>objectClass</string> <string>uid</string> <string>mail</string> <string>ou</string> </fetchedAttributes> <getAllFilter>(&(ou=people)(objectClass=exampleAccount))</getAllFilter> <getOneFilter>(&(objectClass=exampleAccount)(uid={uid}))</getOneFilter> <cleanFilter>(&(objectClass=exampleAccount)(uid={sAMAccountName}))</cleanFilter> </ldapSourceService> <!-- ./destinationService mandatory node containing definition of the source service settings possible builtin types are : databaseDestinationService, ldapDestinationService Plugins also provides: jndiExecDstService --> <ldapDestinationService> <!-- A ldap destination service will have to contain at least a name, a connection reference, a base DN, a filter to list entries, a filter to get a particular entry, a list of pivot attributes and a list of fetched attributes --> <name>ad-service</name> <connection reference="ad-conn" /> <baseDn>ou=people,dc=ateneo,dc=example,dc=org</baseDn> <pivotAttributes> <string>sAMAccountName</string> </pivotAttributes> <fetchedAttributes> <string>objectclass</string> <string>sn</string> <string>givenName</string> <string>mail</string> <string>sAMAccountName</string> <string>ou</string> <string>userPrincipalName</string> <string>description</string> </fetchedAttributes> <getAllFilter>(&(ou=people)(objectClass=user))</getAllFilter> <getOneFilter>(&(objectClass=user)(sAMAccountName={uid}))</getOneFilter> </ldapDestinationService> <!-- ./syncOptions This mandatory node describes how to handle the various situations encountered while synchronizing datasets. It must contains a main identifier construction rule and a default policy. It may contains synchronization conditions, a default delimiter and datasets synchronization rules (attribute nodes) --> <propertiesBasedSyncOptions> <mainIdentifier>"cn=" + srcBean.getDatasetFirstValueById("uid") + ",ou=people,dc=ateneo,dc=example,dc=org"</mainIdentifier> <defaultDelimiter>;</defaultDelimiter> <defaultPolicy>FORCE</defaultPolicy> <dataset> <name>objectClass</name> <policy>FORCE</policy> <forceValues> <string>"organizationalPerson"</string> <string>"person"</string> <string>"top"</string> <string>"user"</string> </forceValues> </dataset> <dataset> <name>description</name> <policy>FORCE</policy> <createValues> <string>srcBean.getDatasetFirstValueById("gecos")</string> </createValues> </dataset> <dataset> <name>cn</name> <policy>FORCE</policy> <createValues> <string>srcBean.getDatasetFirstValueById("uid")</string> </createValues> </dataset> <dataset> <!-- userPrincipalName = uid + "@lsc-project.org" --> <name>userPrincipalName</name> <policy>FORCE</policy> <forceValues> <string>srcBean.getDatasetFirstValueById("uid") + "@ateneo.example.org"</string> </forceValues> </dataset> <dataset> <name>sAMAccountName</name> <policy>FORCE</policy> <createValues> <string>srcBean.getDatasetFirstValueById("uid")</string> </createValues> </dataset> <dataset> <name>userAccountControl</name> <policy>KEEP</policy> <createValues> <string>AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT])</string> </createValues> </dataset> <dataset> <name>ou</name> <policy>FORCE</policy> <forceValues> <string>gr: <![CDATA[gr: dstOu = [] permittedOu = ["people", "Esterni", "Dipendenti", "studenti", "dottorandi", "alum", "specializzandi"] srcOu = srcBean.getDatasetById("ou") srcOu.each { if (permittedOu.contains(it)) { dstOu << it } } dstOu ]]> </string> </forceValues> </dataset> <!-- <dataset> <name>pwdLastSet</name> <policy>KEEP</policy> <createValues> <string>"0"</string> </createValues> </dataset> <dataset> <name>unicodePwd</name> <policy>KEEP</policy> <createValues> <string>AD.getUnicodePwd("changeit")</string> </createValues> </dataset> --> </propertiesBasedSyncOptions> </task> </tasks> <!-- ./security This mandatory node contains the security settings used by LSC --> <security> <!-- <encryption> <keyfile>etc/lsc.key</keyfile> <algorithm>AES</algorithm> <strength>128</strength> </encryption> --> </security> </lsc>
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
