Hi Gaetan, It looks good. What are the DN of the entry you are expected to be synchronized and that is not ?
Regards, Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2014-08-07 14:58 GMT+02:00 Gaetan Slongo <[email protected]>: > Hi ! > > Thanks for answer. Here is the config made by my colleague: This is a test > config, > > Thank you ! > > <?xml version="1.0" ?> > <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; > <http://lsc-project.org/XSD/lsc-core-2.1.xsd> revision="0"> > <connections> > <ldapConnection> > <name>ldap-src-conn</name> > <url>ldap://172.18.0.102:389/dc=mycompany??sub</url> > <username></username> > <password></password> > <authentication>SIMPLE</authentication> > <referral>IGNORE</referral> > <derefAliases>NEVER</derefAliases> > <version>VERSION_3</version> > <pageSize>-1</pageSize> > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > <tlsActivated>false</tlsActivated> > </ldapConnection> > <ldapConnection> > <name>ldap-dst-conn</name> > <url>ldap://172.16.37.64:389/dc=ads,dc=mycompany??sub</url> > > <username>CN=Administrator,CN=Users,DC=ADS,dc=mycompany</username> > <password>MyPassword</password> > <authentication>SIMPLE</authentication> > <referral>IGNORE</referral> > <derefAliases>NEVER</derefAliases> > <version>VERSION_3</version> > <pageSize>-1</pageSize> > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > <tlsActivated>false</tlsActivated> > </ldapConnection> > </connections> > <tasks> > <task> > <name>People</name> > <bean>org.lsc.beans.SimpleBean</bean> > <ldapSourceService> > <name>ldap-source-service</name> > <connection reference="ldap-src-conn" /> > <baseDn>ou=people,dc=mycompany</baseDn> > <pivotAttributes> > <string>uid</string> > </pivotAttributes> > <fetchedAttributes> > <string>description</string> > <string>cn</string> > <string>sn</string> > <string>userPassword</string> > <string>givenName</string> > <string>uid</string> > <string>mail</string> > <string>uidNumber</string> > <string>gidNumber</string> > <string>homeDirectory</string> > <string>gecos</string> > </fetchedAttributes> > > <getAllFilter>(&(objectClass=posixAccount)(!(uid=template)))</getAllFilter> > > <getOneFilter>(&(objectClass=posixAccount)(uid={uid}))</getOneFilter> > > <cleanFilter>(&(objectClass=posixAccount)(uid={uid}))</cleanFilter> > </ldapSourceService> > <ldapDestinationService> > <name>ad-dst-service</name> > <connection reference="ldap-dst-conn" /> > <baseDn>cn=users,dc=ads,dc=mycompany</baseDn> > <pivotAttributes> > <string>samAccountName</string> > </pivotAttributes> > <fetchedAttributes> > <string>description</string> > <string>cn</string> > <string>sn</string> > <string>samAccountName</string> > <string>userPrincipalName</string> > <string>name</string> > <string>givenName</string> > <string>objectClass</string> > <string>displayName</string> > <string>unicodePwd</string> > <string>userAccountControl</string> > </fetchedAttributes> > > <getAllFilter>(&(objectClass=user)(!(objectClass=computer)))</getAllFilter> > > <getOneFilter>(&(objectClass=user)(!(objectClass=computer))(sAMAccountName={uid}))</getOneFilter> > </ldapDestinationService> > <propertiesBasedSyncOptions> > <mainIdentifier>"cn=" + > srcBean.getDatasetFirstValueById("cn") + > ",cn=users,dc=ads,dc=mycompany"</mainIdentifier> > <defaultDelimiter>;</defaultDelimiter> > <defaultPolicy>FORCE</defaultPolicy> > <conditions> > <create>true</create> > <update>true</update> > <delete>false</delete> > <changeId>true</changeId> > </conditions> > <dataset> > <name>cn</name> > <policy>KEEP</policy> > <createValues> > > <string>srcBean.getDatasetFirstValueById("uid")</string> > </createValues> > </dataset> > <dataset> > <name>sn</name> > <policy>FORCE</policy> > <forceValues> > > <string>srcBean.getDatasetFirstValueById("sn")</string> > </forceValues> > </dataset> > <dataset> <!-- gvds OK --> > <name>name</name> > <policy>KEEP</policy> > <createValues> > > <string>srcBean.getDatasetFirstValueById("givenName")</string> > </createValues> > </dataset> > <dataset> > <name>givenName</name> > <policy>FORCE</policy> > <forceValues> > > <string>srcBean.getDatasetFirstValueById("givenName")</string> > </forceValues> > </dataset> > > <dataset> <!-- gvds OK --> > <name>sAMAccountName</name> > <policy>KEEP</policy> > <createValues> > > <string>srcBean.getDatasetFirstValueById("uid")</string> > </createValues> > </dataset> > <dataset> > <name>objectClass</name> > <policy>KEEP</policy> > <createValues> > <string>"user"</string> > <string>"person"</string> > <string>"organizationalPerson"</string> > </createValues> > </dataset> > <dataset> > <name>displayName</name> > <policy>FORCE</policy> > <forceValues> > > <string>srcBean.getDatasetFirstValueById("gecos")</string> > </forceValues> > </dataset> > <dataset> > <name>userPrincipalName</name> > <policy>FORCE</policy> > <forceValues> > > <string>srcBean.getDatasetFirstValueById("uid") + "@ads.mycompany.com > "</string> > </forceValues> > </dataset> > > <dataset> > <name>unicodePwd</name> > <policy>KEEP</policy> > <createValues> > <string> > java.lang.System.out.println("Password" + (new > java.text.SimpleDateFormat("yyyyMMdd")).format(new java.util.Date()) ); > AD.getUnicodePwd("Password" + (new > java.text.SimpleDateFormat("yyyyMMdd")).format(new java.util.Date()) > )</string> > </createValues> > </dataset> > <dataset> > <name>userAccountControl</name> > <policy>KEEP</policy> > <createValues> > > <string>AD.userAccountControlSet( "0", [ AD.UAC_SET_NORMAL_ACCOUNT, > AD.UAC_SET_PASSWORD_EXPIRED])</string> > </createValues> > </dataset> > > </propertiesBasedSyncOptions> > </task> > <task> > <name>Groups</name> > <bean>org.lsc.beans.SimpleBean</bean> > <ldapSourceService> > <name>ldap-source-service-grp</name> > <connection reference="ldap-src-conn" /> > <baseDn>ou=Groups,dc=mycompany</baseDn> > <pivotAttributes> > <string>cn</string> > </pivotAttributes> > <fetchedAttributes> > <string>description</string> > <string>gidNumber</string> > <string>memberUid</string> > <string>cn</string> > <string>sambaSID</string> > </fetchedAttributes> > > <getAllFilter>(&(objectClass=posixGroup)(!(cn=template))(!(cn=administrators)))</getAllFilter> > > <getOneFilter>(&(objectClass=posixGroup)(cn={cn}))</getOneFilter> > > <cleanFilter>(&(objectClass=posixGroup)(cn={samAccountName}))</cleanFilter> > </ldapSourceService> > <ldapDestinationService> > <name>ad-dst-service-grp</name> > <connection reference="ldap-dst-conn" /> > > <baseDn>ou=Groups,dc=ads,dc=mycompany</baseDn> > <pivotAttributes> > <string>samAccountName</string> > </pivotAttributes> > <fetchedAttributes> > <string>cn</string> > <string>sAMAccountName</string> > <string>objectClass</string> > <string>member</string> > </fetchedAttributes> > > <getAllFilter>(&(objectClass=group)(!(objectClass=computer)))</getAllFilter> > > <getOneFilter>(&(objectClass=group)(!(objectClass=computer))(sAMAccountName={cn}))</getOneFilter> > </ldapDestinationService> > <propertiesBasedSyncOptions> > <mainIdentifier>"cn=" + > > srcBean.getDatasetFirstValueById("cn") + > > ",ou=Groups,dc=ads,dc=mycompany"</mainIdentifier> > <defaultDelimiter>;</defaultDelimiter> > <defaultPolicy>FORCE</defaultPolicy> > <conditions> > <create>true</create> > <update>true</update> > <delete>false</delete> > <changeId>true</changeId> > </conditions> > <dataset> > <name>cn</name> > <policy>KEEP</policy> > <createValues> > > <string>srcBean.getDatasetFirstValueById("cn")</string> > </createValues> > </dataset> > <dataset> > <name>sAMAccountName</name> > <policy>KEEP</policy> > <createValues> > > <string>srcBean.getDatasetFirstValueById("cn")</string> > </createValues> > </dataset> > <dataset> > <name>member</name> > <policy>FORCE</policy> > <forceValues> > <string><![CDATA[ > var srcMembers = > srcBean.getAttributeValuesById("memberUid").toArray(); > var returnGroups = new Array(); > for (i in srcMembers) { > // TODO pour chaque uid, obtenir le gecos > java.lang.System.out.println("srcMember : > "+srcMembers[i]); > var usr = > ldap.search("","(&(samaccountname="+srcMembers[i]+")(objectClass=user))").toArray(); > for (j in usr) { > java.lang.System.out.println("pushing > - "+""+usr[j]+",DC=ads,dc=mycompany"); > > returnGroups.push(""+usr[j]+",DC=ads,dc=mycompany"); > } > } > returnGroups; > ]]></string> > </forceValues> > </dataset> > <dataset> > <name>objectClass</name> > <policy>KEEP</policy> > <createValues> > <string>"group"</string> > </createValues> > </dataset> > > </propertiesBasedSyncOptions> > </task> > </tasks> > </lsc> > > > > Le 07/08/14 12:58, Sébastien Bahloul a écrit : > > Hi Gaetan, > > LSC is using a SUBTREE scope (LdapSourceService) so it should do the > job. Can you provide some details and configuration extract ? > > Regards, > > Sebastien BAHLOUL > IAM / Security specialist > Ldap Synchronization Connector : http://lsc-project.org > Blog : http://sbahloul.wordpress.com/ > > > 2014-08-07 10:32 GMT+02:00 Gaetan Slongo <[email protected]>: > >> Hi ! >> >> Someone has an idea about this ? >> >> Thank you >> >> Gaëtan >> >> >> Le 04/08/14 15:10, Gaetan Slongo a écrit : >> > Hi ! >> > >> > We currently are trying to integrate LSC in our infrastructure. We are >> > facing to some issues but here is one here on which we cannot find a >> > "real" answer : >> > >> > LSC do not seems to allow us to recursivly sync our OpenLDAP to AD. I >> > mean it do not sync other OU under the base...? >> > >> > If the base is : ou=MyUsers,dc=company,dc=com it will not sync users in >> > ou=MyOtherUsers,ou=MyUsers,dc=company,dc=com >> > >> > This is a normal behavior ? >> > >> > Thank you for advance >> > >> > _______________________________________________________________ >> > Ldap Synchronization Connector (LSC) - http://lsc-project.org >> > >> > lsc-users mailing list >> > [email protected] >> > http://lists.lsc-project.org/listinfo/lsc-users >> >> >> >> _______________________________________________________________ >> Ldap Synchronization Connector (LSC) - http://lsc-project.org >> >> lsc-users mailing list >> [email protected] >> http://lists.lsc-project.org/listinfo/lsc-users >> >> > >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
