Thank you very much for your quick response.
Please see my reply below. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Raphaël Ouazana-Sustowski Sent: 03 June 2014 10:49 To: [email protected] Subject: Re: [lsc-users] ldap to solr using lsc Hi, Le 03/06/2014 10:45, Prasad Bodapati a écrit : > Hi, > > We are using lsc to sync users from ldap to solr. We have configured > lsc.xml and written a plugin implementation to store data in solr. > > CURRENT APPROACH : We need a GUID for every record to store in solr so > we convert the DN to some sort of UUID and attach to the record and > store in solr. > > PROBLEM : The GUID needs to be updated when DN changes, we can't do > that as there is chance that those GUIDs already stored in an external > system. > > SOLUTION : ? Why do you need to update the GUID? If needed you can store it in the LDAP server, so changing a DN will have no impact. When DN changes it comes to apply method in the destination service, at that particular point we don't know the GUID for the record. So we can't update it. If we can get hold of the GUID at that point we are good to go. > CURRENT APPROACH : For AD when synchronize users, each user have DN, > memberOf with DN of the group so we simply hash the all the DNs to > GUIDs and store it. We do the same for groups. > > So the solr have relationship of users and groups in terms of GUIDs > not the DNs. We also store DNs in order to refer back to original > record in source ldap at the time of update. > > PROBLEM : It works fine if we just use AD. It becomes a problem when > we try to switch to openLDAP because it does not store DN in member > attribute, it stores UID. > > SOLUTION: ? If by LDAP you mean OpenLDAP (or any decent LDAP implementation), you can store DN in member attribute. Anyway with a little Javascript you can retrieve a DN from an UID. That is great, Is it the case for any other LDAPs. How about the other LDAPs ? We are trying to sync data from most widely used LDAPs. I think my basic question here is if we take use attribute which is used to link to the user for GUId will we face any problem ? > I hope you understand the problem I am trying to solve. > > Please help me to sort it out. Hope it helps. Regards, Raphaël Ouazana. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected]<mailto:[email protected]> http://lists.lsc-project.org/listinfo/lsc-users ________________________________
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
