2014-11-24 16:44 GMT+01:00 Maxime Pelletier <[email protected]>:
> Clément OUDOT <[email protected]> a écrit : > > > > 2014-11-24 13:48 GMT+01:00 Marcin Baluta <[email protected]>: > >> Hello Clement, >> >> >> >> *I still cannot manage to synchronize group membership. Actually – I’m >> not sure what script should I use to achieve this.* >> >> >> >> *Currently I have this taken from your LSC 1.1 tutorial >> (http://lsc-project.org/wiki/documentation/1.1/tutorials/synchronizegroups >> <http://lsc-project.org/wiki/documentation/1.1/tutorials/synchronizegroups>):* >> >> >> >> *<dataset>* >> >> * <name>member</name>* >> >> * <policy>FORCE</policy>* >> >> * <forceValues>* >> >> * <string><![CDATA[var umembers = >> srcBean.getAttributeValuesById("uniqueMember").toArray() ;* >> >> * for (var i=0; i<umembers.length; i++ ) {* >> >> * try {* >> >> * umembers[i] = ldap.attribute(ldap.list( >> "OU=Users,OU=imported,OU=test,DC=xxx,DC=xxx","(sAMAccountName="+(srcLdap.attribute(umembers[i], >> 'uid').get(0)* >> >> * + ")"* >> >> * )).get(0), 'distinguishedName').get(0)* >> >> * } catch (e) {* >> >> * umembers[i]=null* >> >> * }* >> >> * }* >> >> * var members = new Array();* >> >> * var j=0;* >> >> * for (var i=0; i<umembers.length; i++) {* >> >> * if (umembers[i]!=null) members[j++]=umembers[i]* >> >> * }* >> >> * members;]]>* >> >> * </string>* >> >> * </forceValues>* >> >> * </dataset>* >> >> >> >> *Any help kindly appreciated ;)* >> >> *.. and of course I remember about beer for you J* >> >> >> > > > > *Hi,* > > *I just write a new tutorial that works with LSC 2: > http://lsc-project.org/wiki/documentation/tutorial/synchronizegroups > <http://lsc-project.org/wiki/documentation/tutorial/synchronizegroups>* > > > > > > *It should help you to achieve your task. Clément.* > > Hi Clément, > > I thought that with AD, the liste of "member" in a group had to be kept in > sync with the "memberOf" attribute of the user entry. > > When I tested it a while ago, I had an exception when I tried to add a > group to a user by adding it ot its "memberOf" attribute. Is it different > when you add a user the "member" attribute of a group instead? Does AD > update the "memberOf" attribute of the user automatically? > Yes, memberOf is an operational attribute, it is managed by the server. You can't update it directly. Clément.
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
