Hi
I try to configure LSC to synchronize AD to an existing OpenLDAP.
But I am having some difficulties.
The accounts do not exist are created, but existing accounts are not
updated.
Also I would like that the existing account on OpenLDAP keep their UID
number
Thanks for your help.
RenaudM
------------ CONFIGURATION ---------------
<tasks>
<task>
<name>SyncADtoLDAPusers</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>AD-SRC-USERS-LABO</name>
<connection reference="src-ad" />
<baseDn>ou=LABO,ou=SERVICE,ou=DIR,ou=Utilisateurs et
Groupes,ou=REGION,dc=intra,dc=societe,dc=fr</baseDn>
<pivotAttributes>
<string>sAMAccountName</string>
</pivotAttributes>
<fetchedAttributes>
<string>sAMAccountName</string>
<string>userPrincipalName</string>
<string>cn</string>
<string>givenName</string>
<string>sn</string>
<string>displayName</string>
<string>employeeID</string>
<string>primaryGroupID</string>
<string>sAMAccountType</string>
<string>objectGUID</string>
<string>objectSid</string>
<string>description</string>
<string>department</string>
<string>mail</string>
<string>company</string>
<string>physicalDeliveryOffice</string>
<string>telephoneNumber</string>
</fetchedAttributes>
<!--
<getAllFilter>(&(objectClass=User)(objectCategory=Person))</getAllFilter>
-->
<getAllFilter>(&(objectClass=User)(objectCategory=Person)(|(sAMAccountName=sophiek)))</getAllFilter>
<getOneFilter>(&(objectClass=User)(objectCategory=Person)(sAMAccountName={sAMAccountName}))</getOneFilter>
</ldapSourceService>
<ldapDestinationService>
<name>LDAP-DST-USERS-LABO</name>
<connection reference="dest-openldap" />
<baseDn>ou=LABO,ou=SERVICE,ou=SOCIETE,ou=People,dc=nix,dc=intra,dc=societe,dc=fr</baseDn>
<pivotAttributes>
<string>uid</string>
</pivotAttributes>
<fetchedAttributes>
<string>dn</string>
<string>sn</string>
<string>uid</string>
<string>givenName</string>
<string>ObjectClass</string>
<string>uidNumber</string>
<string>gidNumber</string>
<string>employeenumber</string>
<string>loginshell</string>
<string>host</string>
<string>mail</string>
<string>description</string>
<string>gecos</string>
<string>o</string>
<string>physicaldeliveryofficename</string>
<string>telephonenumber</string>
<string>homeDirectory</string>
<string>userPassword</string>
<string>departmentnumber</string>
<string>shadowexpire</string>
<string>shadowflag</string>
<string>shadowinactive</string>
<string>shadowlastchange</string>
<string>shadowmin</string>
<string>shadowwarning</string>
</fetchedAttributes>
<getAllFilter>(&(uid=*)(objectClass=inetOrgPerson))</getAllFilter>
<getOneFilter>(&(objectClass=inetOrgPerson)(uid={uid}))</getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<!-- choose UID as DN in OpenLDAP -->
<mainIdentifier>"cn=" +
srcBean.getDatasetFirstValueById("givenName").toUpperCase().trim() + " "
+ srcBean.getDatasetFirstValueById("sn").toUpperCase().trim() +
",ou=LABO,ou=SERVICE,ou=SOCIETE,ou=People,dc=nix,dc=intra,dc=societe,dc=fr"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<!-- ObjectClass -->
<dataset>
<name>objectClass</name>
<policy>FORCE</policy>
<forceValues>
<string>"top"</string>
<string>"inetOrgPerson"</string>
<string>"posixAccount"</string>
<string>"shadowAccount"</string>
<string>"emiAccount"</string>
<string>"ibm-auxAccount"</string>
</forceValues>
</dataset>
<!-- sAMAccountName == UID -->
<dataset>
<name>uid</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("sAMAccountName").toLowerCase().trim()</string>
</createValues>
</dataset>
<!-- count up the uidNumber for every user
created, for this we have a cn with serialNumber attribute for count up
in the LDAP -->
<dataset>
<name>uidNumber</name>
<policy>KEEP</policy>
<createValues>
<string>SequencesFactory.getInstance(ldap.getJndiServices()).getNextValue("cn=uidNumberSequenceUnix,ou=LSC,dc=nix,dc=intra,dc=societe,dc=fr","serialNumber")</string>
</createValues>
</dataset>
<dataset>
<name>gidnumber</name>
<policy>FORCE</policy>
<createValues>
<string>
<![CDATA[js:
var gidNumber ;
var company =
srcBean.getDatasetFirstValueById("company").toUpperCase().trim();
if ( company == "SOCIETE" ) {
gidNumber = "8888";
} else {
gidNumber = "5555";
}
gidNumber
]]>
</string>
</createValues>
</dataset>
<!-- set users home -->
<dataset>
<name>homeDirectory</name>
<policy>FORCE</policy>
<createValues>
<string>"/home/" +
srcBean.getDatasetFirstValueById("sAMAccountName").toLowerCase().trim()</string>
</createValues>
</dataset>
<dataset>
<name>givenName</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("givenName")</string>
</createValues>
</dataset>
<dataset>
<name>sn</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("sn")</string>
</createValues>
</dataset>
<dataset>
<name>description</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("description")</string>
</createValues>
</dataset>
<dataset>
<name>departmentnumber</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("department")</string>
</createValues>
</dataset>
<dataset>
<name>employeenumber</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("employeeID")</string>
</createValues>
</dataset>
<dataset>
<name>gecos</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("displayName")</string>
</createValues>
</dataset>
<dataset>
<name>loginshell</name>
<policy>FORCE</policy>
<createValues>
<string>"/bin/bash"</string>
</createValues>
</dataset>
<dataset>
<name>mail</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("mail")</string>
</createValues>
</dataset>
<dataset>
<name>o</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("company")</string>
</createValues>
</dataset>
<dataset>
<name>telephonenumber</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("telephoneNumber")</string>
</createValues>
</dataset>
<dataset>
<name>physicaldeliveryofficename</name>
<policy>FORCE</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("physicalDeliveryOffice")</string>
</createValues>
</dataset>
<dataset>
<name>host</name>
<policy>FORCE</policy>
<createValues>
<string>"mezel.intra.societe.fr"</string>
</createValues>
</dataset>
<dataset>
<name>shadowexpire</name>
<policy>FORCE</policy>
<createValues>
<string>"-1"</string>
</createValues>
</dataset>
<dataset>
<name>shadowflag</name>
<policy>FORCE</policy>
<createValues>
<string>"10000"</string>
</createValues>
</dataset>
<dataset>
<name>shadowinactive</name>
<policy>FORCE</policy>
<createValues>
<string>"-1"</string>
</createValues>
</dataset>
<dataset>
<name>shadowlastchange</name>
<policy>FORCE</policy>
<createValues>
<string>"10000"</string>
</createValues>
</dataset>
<dataset>
<name>shadowmin</name>
<policy>FORCE</policy>
<createValues>
<string>"0"</string>
</createValues>
</dataset>
<dataset>
<name>shadowwarning</name>
<policy>FORCE</policy>
<createValues>
<string>"7"</string>
</createValues>
</dataset>
<!-- create userPassword as SASL auth -->
<dataset>
<name>userPassword</name>
<policy>FORCE</policy>
<createValues>
<string>"{SASL}" +
srcBean.getDatasetFirstValueById("userPrincipalName").toLowerCase().trim()</string>
</createValues>
</dataset>
</propertiesBasedSyncOptions>
</task>
</tasks>
------------ ERROR ---------------
oct. 15 14:19:26 - ERROR - Error while adding entry
**********************************************************************************
in directory :javax.naming.NameAlreadyBoundException: [LDAP: error code
68 - Entry Already Exists]; remaining name 'cn=***************************''
oct. 15 14:19:26 - ERROR - Error while synchronizing ID
**********************************************************************************
: java.lang.Exception: Technical problem while applying modifications to
the destination
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
