Hi everybody,
First, I am not really used to work with LDAP, I am not so familiar with the
terminology, so I apologize if my words don't always make sense to you. I'll
try my best to make it clear.
I recently installed LSC to implement synchronization between a central
openLDAP master server and several other openLDAP servers (let's call these
servers "communities"). On the central LDAP, I have a list of users under
"dmdName=users,dmdName=portal,dmdName=applications,dc=cap,dc=ad,dc=appli,dc=fr".
On my communities openLDAP servers, I have a similar place where users are
stored. Only difference is that on a community LDAP, I only have the users
belonging to that community, whereas on the central server, every user of any
community is listed.
On the central openLDAP, I also have
"dmdName=communities,dmdName=groups,dmdName=portal,dmdName=applications,dc=cap,dc=ad,dc=appli,dc=fr"
which lists communities. Each community object contains a list of "member"
attributes, which lists the users belonging to a community. For example, I have
an object :"
cn=com1,dmdName=communities,dmdName=groups,dmdName=portal,dmdName=applications,dc=cap,dc=ad,dc=appli,dc=fr"
which is my community n°1, this object contains 10 "member" attributes, each
value being a reference to a user object, for instance :
"uid=fr.admin.nistrateur,dmdName=users,dmdName=portal,dmdName=applications,dc=cap,dc=ad".
Now, what I did with LSC so far, is to get all the users from the central
openLDAP server to be sent to one destination LDAP server.
I did that by creating 2 LDAP connections, one ldapSourceService with one pivot
attribute (uid), one ldapDestinationService with nearly the same settings as
the ldapSourceService and inside propertiesBasedSyncOptions I have :
<mainIdentifier>"uid=" + srcBean.getDatasetFirstValueById("uid") +
",dmdName=users,
dmdName=portal,dmdName=applications,dc=cap,dc=da"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<conditions>
<create>true</create>
<update>true</update>
<delete>true</delete>
<changeId>false</changeId>
</conditions>
I would like to create some filtering so that I don't synchronize all the
users, but only the ones being mentioned as "member" inside the corresponding
community object.
1- How could I do that ? I have tried to use getAllFilter, getOneFilter
and cleanFilter but I didn't really get how to effectively use them.
2- With the settings I have now, the synchronization seems to be working
for objects not already existing on the destination LDAP. Users are correctly
created on the destination services, but they are never updated or deleted. How
could I be doing that ? As stated above, inside "conditions", create update and
delete are all on true but no update or delete operation seem to be
synchronized.
3- I tried to use "datasets" to force the update of attributes, for
instance :
<dataset>
<name>givenName</name>
<policy>FORCE</policy>
<defaultValues></defaultValues>
<forceValues><string>srcBean.getAttributeFirstValueById("givenName")</string></forceValues>
<createValues></createValues>
<delimiter>,</delimiter>
</dataset>
If my value of the "givenName" attribute from a user object on
the central server is different than the value of the same attribute on the
same user object on the dest LDAP, I would expect it to update the value of the
attribute on the dest. I am wrong on how datasets work ?
4- I noticed there is an executable plugin which allows to replace beans
with scripts. The website mentions example bash scripts in the source RPM. I
could not find those scripts, anyone knows where to find them ? I found a
script called lsc-executable-add-modify-delete-modrdn.pl in the source RPM, but
it was nearly empty (was just functions definitions). Do I need to write
scripts or create my own bean to be able to update / delete users ?
Any help would be greatly appreciated !
_______________________________________________________________________
[Email_CBE.gif]Alexandre FOUCHET
Capgemini Application Services France - Division Aérospatiale & Défense
Rennes Atalante Champs Blancs
7 rue Claude Chappe - CS 67746 - 35577 CESSON SEVIGNE CEDEX
Tel.: +33 2 99 27 98 39
www.capgemini.com<http://www.capgemini.com/>
People matter, results count.
This message contains information that may be privileged or confidential and is
the property of the Capgemini Group. It is intended only for the person to whom
it is addressed. If you are not the intended recipient, you are not authorized
to read, print, retain, copy, disseminate, distribute, or use this message or
any part thereof. If you receive this message in error, please notify the
sender immediately and delete all copies of this message.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
