OK, so please change the following parameter <baseDn>ou=people,dc=mycompany</baseDn>
to <baseDn>dc=mycompany</baseDn> Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2014-08-07 15:12 GMT+02:00 Gaetan Slongo <[email protected]>: > Re, > > Many many entries... > > For example : > > uid=test1,ou=People,ou=non-human,dc=mycompany > > Thank you > > > Le 07/08/14 15:06, Sébastien Bahloul a écrit : > > Hi Gaetan, > > It looks good. What are the DN of the entry you are expected to be > synchronized and that is not ? > > Regards, > > Sebastien BAHLOUL > IAM / Security specialist > Ldap Synchronization Connector : http://lsc-project.org > Blog : http://sbahloul.wordpress.com/ > > > 2014-08-07 14:58 GMT+02:00 Gaetan Slongo <[email protected]>: > >> Hi ! >> >> Thanks for answer. Here is the config made by my colleague: This is a >> test config, >> >> Thank you ! >> >> <?xml version="1.0" ?> >> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; >> <http://lsc-project.org/XSD/lsc-core-2.1.xsd> revision="0"> >> <connections> >> <ldapConnection> >> <name>ldap-src-conn</name> >> <url>ldap://172.18.0.102:389/dc=mycompany??sub</url> >> <username></username> >> <password></password> >> <authentication>SIMPLE</authentication> >> <referral>IGNORE</referral> >> <derefAliases>NEVER</derefAliases> >> <version>VERSION_3</version> >> <pageSize>-1</pageSize> >> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >> <tlsActivated>false</tlsActivated> >> </ldapConnection> >> <ldapConnection> >> <name>ldap-dst-conn</name> >> <url>ldap://172.16.37.64:389/dc=ads,dc=mycompany??sub</url> >> >> <username>CN=Administrator,CN=Users,DC=ADS,dc=mycompany</username> >> <password>MyPassword</password> >> <authentication>SIMPLE</authentication> >> <referral>IGNORE</referral> >> <derefAliases>NEVER</derefAliases> >> <version>VERSION_3</version> >> <pageSize>-1</pageSize> >> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >> <tlsActivated>false</tlsActivated> >> </ldapConnection> >> </connections> >> <tasks> >> <task> >> <name>People</name> >> <bean>org.lsc.beans.SimpleBean</bean> >> <ldapSourceService> >> <name>ldap-source-service</name> >> <connection reference="ldap-src-conn" /> >> <baseDn>ou=people,dc=mycompany</baseDn> >> <pivotAttributes> >> <string>uid</string> >> </pivotAttributes> >> <fetchedAttributes> >> <string>description</string> >> <string>cn</string> >> <string>sn</string> >> <string>userPassword</string> >> <string>givenName</string> >> <string>uid</string> >> <string>mail</string> >> <string>uidNumber</string> >> <string>gidNumber</string> >> <string>homeDirectory</string> >> <string>gecos</string> >> </fetchedAttributes> >> >> <getAllFilter>(&(objectClass=posixAccount)(!(uid=template)))</getAllFilter> >> >> <getOneFilter>(&(objectClass=posixAccount)(uid={uid}))</getOneFilter> >> >> <cleanFilter>(&(objectClass=posixAccount)(uid={uid}))</cleanFilter> >> </ldapSourceService> >> <ldapDestinationService> >> <name>ad-dst-service</name> >> <connection reference="ldap-dst-conn" /> >> <baseDn>cn=users,dc=ads,dc=mycompany</baseDn> >> <pivotAttributes> >> <string>samAccountName</string> >> </pivotAttributes> >> <fetchedAttributes> >> <string>description</string> >> <string>cn</string> >> <string>sn</string> >> <string>samAccountName</string> >> <string>userPrincipalName</string> >> <string>name</string> >> <string>givenName</string> >> <string>objectClass</string> >> <string>displayName</string> >> <string>unicodePwd</string> >> <string>userAccountControl</string> >> </fetchedAttributes> >> >> <getAllFilter>(&(objectClass=user)(!(objectClass=computer)))</getAllFilter> >> >> <getOneFilter>(&(objectClass=user)(!(objectClass=computer))(sAMAccountName={uid}))</getOneFilter> >> </ldapDestinationService> >> <propertiesBasedSyncOptions> >> <mainIdentifier>"cn=" + >> srcBean.getDatasetFirstValueById("cn") + >> ",cn=users,dc=ads,dc=mycompany"</mainIdentifier> >> <defaultDelimiter>;</defaultDelimiter> >> <defaultPolicy>FORCE</defaultPolicy> >> <conditions> >> <create>true</create> >> <update>true</update> >> <delete>false</delete> >> <changeId>true</changeId> >> </conditions> >> <dataset> >> <name>cn</name> >> <policy>KEEP</policy> >> <createValues> >> >> <string>srcBean.getDatasetFirstValueById("uid")</string> >> </createValues> >> </dataset> >> <dataset> >> <name>sn</name> >> <policy>FORCE</policy> >> <forceValues> >> >> <string>srcBean.getDatasetFirstValueById("sn")</string> >> </forceValues> >> </dataset> >> <dataset> <!-- gvds OK --> >> <name>name</name> >> <policy>KEEP</policy> >> <createValues> >> >> <string>srcBean.getDatasetFirstValueById("givenName")</string> >> </createValues> >> </dataset> >> <dataset> >> <name>givenName</name> >> <policy>FORCE</policy> >> <forceValues> >> >> <string>srcBean.getDatasetFirstValueById("givenName")</string> >> </forceValues> >> </dataset> >> >> <dataset> <!-- gvds OK --> >> <name>sAMAccountName</name> >> <policy>KEEP</policy> >> <createValues> >> >> <string>srcBean.getDatasetFirstValueById("uid")</string> >> </createValues> >> </dataset> >> <dataset> >> <name>objectClass</name> >> <policy>KEEP</policy> >> <createValues> >> <string>"user"</string> >> <string>"person"</string> >> <string>"organizationalPerson"</string> >> </createValues> >> </dataset> >> <dataset> >> <name>displayName</name> >> <policy>FORCE</policy> >> <forceValues> >> >> <string>srcBean.getDatasetFirstValueById("gecos")</string> >> </forceValues> >> </dataset> >> <dataset> >> <name>userPrincipalName</name> >> <policy>FORCE</policy> >> <forceValues> >> >> <string>srcBean.getDatasetFirstValueById("uid") + "@ads.mycompany.com >> "</string> >> </forceValues> >> </dataset> >> >> <dataset> >> <name>unicodePwd</name> >> <policy>KEEP</policy> >> <createValues> >> <string> >> java.lang.System.out.println("Password" + >> (new java.text.SimpleDateFormat("yyyyMMdd")).format(new java.util.Date()) ); >> AD.getUnicodePwd("Password" + (new >> java.text.SimpleDateFormat("yyyyMMdd")).format(new java.util.Date()) >> )</string> >> </createValues> >> </dataset> >> <dataset> >> <name>userAccountControl</name> >> <policy>KEEP</policy> >> <createValues> >> >> <string>AD.userAccountControlSet( "0", [ AD.UAC_SET_NORMAL_ACCOUNT, >> AD.UAC_SET_PASSWORD_EXPIRED])</string> >> </createValues> >> </dataset> >> >> </propertiesBasedSyncOptions> >> </task> >> <task> >> <name>Groups</name> >> <bean>org.lsc.beans.SimpleBean</bean> >> <ldapSourceService> >> <name>ldap-source-service-grp</name> >> <connection reference="ldap-src-conn" /> >> <baseDn>ou=Groups,dc=mycompany</baseDn> >> <pivotAttributes> >> <string>cn</string> >> </pivotAttributes> >> <fetchedAttributes> >> <string>description</string> >> <string>gidNumber</string> >> <string>memberUid</string> >> <string>cn</string> >> <string>sambaSID</string> >> </fetchedAttributes> >> >> <getAllFilter>(&(objectClass=posixGroup)(!(cn=template))(!(cn=administrators)))</getAllFilter> >> >> <getOneFilter>(&(objectClass=posixGroup)(cn={cn}))</getOneFilter> >> >> <cleanFilter>(&(objectClass=posixGroup)(cn={samAccountName}))</cleanFilter> >> </ldapSourceService> >> <ldapDestinationService> >> <name>ad-dst-service-grp</name> >> <connection reference="ldap-dst-conn" /> >> >> <baseDn>ou=Groups,dc=ads,dc=mycompany</baseDn> >> <pivotAttributes> >> <string>samAccountName</string> >> </pivotAttributes> >> <fetchedAttributes> >> <string>cn</string> >> <string>sAMAccountName</string> >> <string>objectClass</string> >> <string>member</string> >> </fetchedAttributes> >> >> <getAllFilter>(&(objectClass=group)(!(objectClass=computer)))</getAllFilter> >> >> <getOneFilter>(&(objectClass=group)(!(objectClass=computer))(sAMAccountName={cn}))</getOneFilter> >> </ldapDestinationService> >> <propertiesBasedSyncOptions> >> <mainIdentifier>"cn=" + >> >> srcBean.getDatasetFirstValueById("cn") + >> >> ",ou=Groups,dc=ads,dc=mycompany"</mainIdentifier> >> <defaultDelimiter>;</defaultDelimiter> >> <defaultPolicy>FORCE</defaultPolicy> >> <conditions> >> <create>true</create> >> <update>true</update> >> <delete>false</delete> >> <changeId>true</changeId> >> </conditions> >> <dataset> >> <name>cn</name> >> <policy>KEEP</policy> >> <createValues> >> >> <string>srcBean.getDatasetFirstValueById("cn")</string> >> </createValues> >> </dataset> >> <dataset> >> <name>sAMAccountName</name> >> <policy>KEEP</policy> >> <createValues> >> >> <string>srcBean.getDatasetFirstValueById("cn")</string> >> </createValues> >> </dataset> >> <dataset> >> <name>member</name> >> <policy>FORCE</policy> >> <forceValues> >> <string><![CDATA[ >> var srcMembers = >> srcBean.getAttributeValuesById("memberUid").toArray(); >> var returnGroups = new Array(); >> for (i in srcMembers) { >> // TODO pour chaque uid, obtenir le gecos >> java.lang.System.out.println("srcMember : >> "+srcMembers[i]); >> var usr = >> ldap.search("","(&(samaccountname="+srcMembers[i]+")(objectClass=user))").toArray(); >> for (j in usr) { >> java.lang.System.out.println("pushing >> - "+""+usr[j]+",DC=ads,dc=mycompany"); >> >> returnGroups.push(""+usr[j]+",DC=ads,dc=mycompany"); >> } >> } >> returnGroups; >> ]]></string> >> </forceValues> >> </dataset> >> <dataset> >> <name>objectClass</name> >> <policy>KEEP</policy> >> <createValues> >> <string>"group"</string> >> </createValues> >> </dataset> >> >> </propertiesBasedSyncOptions> >> </task> >> </tasks> >> </lsc> >> >> >> >> Le 07/08/14 12:58, Sébastien Bahloul a écrit : >> >> Hi Gaetan, >> >> LSC is using a SUBTREE scope (LdapSourceService) so it should do the >> job. Can you provide some details and configuration extract ? >> >> Regards, >> >> Sebastien BAHLOUL >> IAM / Security specialist >> Ldap Synchronization Connector : http://lsc-project.org >> Blog : http://sbahloul.wordpress.com/ >> >> >> 2014-08-07 10:32 GMT+02:00 Gaetan Slongo <[email protected]>: >> >>> Hi ! >>> >>> Someone has an idea about this ? >>> >>> Thank you >>> >>> Gaëtan >>> >>> >>> Le 04/08/14 15:10, Gaetan Slongo a écrit : >>> > Hi ! >>> > >>> > We currently are trying to integrate LSC in our infrastructure. We are >>> > facing to some issues but here is one here on which we cannot find a >>> > "real" answer : >>> > >>> > LSC do not seems to allow us to recursivly sync our OpenLDAP to AD. I >>> > mean it do not sync other OU under the base...? >>> > >>> > If the base is : ou=MyUsers,dc=company,dc=com it will not sync users in >>> > ou=MyOtherUsers,ou=MyUsers,dc=company,dc=com >>> > >>> > This is a normal behavior ? >>> > >>> > Thank you for advance >>> > >>> > _______________________________________________________________ >>> > Ldap Synchronization Connector (LSC) - http://lsc-project.org >>> > >>> > lsc-users mailing list >>> > [email protected] >>> > http://lists.lsc-project.org/listinfo/lsc-users >>> >>> >>> >>> _______________________________________________________________ >>> Ldap Synchronization Connector (LSC) - http://lsc-project.org >>> >>> lsc-users mailing list >>> [email protected] >>> http://lists.lsc-project.org/listinfo/lsc-users >>> >>> >> >> > > -- > > www.it-optics.com > Gaëtan SLONGO | IT & Project Manager > Boulevard Initialis, 28 - 7000 Mons > Company : +32 (0)65 84 23 85 Direct : +32 (0)65 32 85 88 Fax : +32 > (0)65 84 66 76 GPG Key : gslongo-gpg_key.asc > <http://www.it-optics.com/gslongo/gslongo.pub.asc> > > Please consider your environmental responsibility before printing this > e-mail >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
