2014-10-27 19:16 GMT+01:00 Dinesh Babu <[email protected]>: > Thanks Clément. > > > > Based on your suggestion, I am trying to add the correct clean filter that > I need. My requirement is as follows > > > > 1) I have two sync tasks, "sync users" and "sync groups". First "sync > users" is kicked off and followed by "sync groups" > > 2) These sync tasks have the following sync filters > > (a) sync users (objectCategory=Person) > > (b) sync groups (objectCategory=Group) > > > > 3) Now I change the above filters as shown below and do the sync users and > groups again > > (a) sync users (&(objectCategory=Person)(CN=LB*)) > > (b) sync groups (&(objectCategory=Group)(CN=LB*)) > > > > 4) My requirement is that during clean phase I want all users and groups > which does not satisfy my new sync filter as shown in (3) ( CN starting > with "LB") to be removed from my destination. For that I need to use a > clean filter which should say "all users and groups whose CN does not start > with "LB". I am getting error when I use the following clean filter to > achieve the same. Can you email the correct filter please? > > > > !(|(&(objectCategory=Person)(CN=LB*)) (&(objectCategory=Group)(CN=LB*))) >
In this case, you need to restrict the entries that you want to delete by configuring the "getAllFilter" on the destination. This filter is used by LSC to search all entries in the destination, and then to compare each of them with an entry in the source (using "cleanFilter" defined in the source). If you set up the destination "getAllFilter" to not match users and groups starting with LB, these entries will not be deleted, even if they are not present in the source. > > > Also can you point to the LSC document section which gives more info > filter syntax ( > http://lsc-project.org/wiki/documentation/howto/activedirectory#filter_to_find_user_objects > has very little info) > > These are standard LDAP filters, you will not find specific documentation on LSC site. Try for example: https://www.centos.org/docs/5/html/CDS/ag/8.0/Finding_Directory_Entries-LDAP_Search_Filters.html Clément.
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
