Hi guys,
I think it’s „member“ not „memberOf“ attribute. But I have other problem. So – in my OpenLDAP structure there’s no "uniqueMember" attribute, so the script in documentation page is not working for me K Users are listed in group with their memberUid. … what I meanwhile realized is, that during tests I was performing UIDs from source were saved in “memberUid” attribute in AD, but as “member” attribute is still empty it’s not solving my problem J Cheers, Marcin Baluta Systems Administrator tyntec GmbH Semerteichstr. 54 - 56 | 44141 Dortmund, Germany T +49 231 477 90 405 | F +49 231 108 799 2 <http://www.tyntec.com/> www.tyntec.com From: [email protected] [mailto:[email protected]] On Behalf Of Maxime Pelletier Sent: Montag, 24. November 2014 16:45 To: [email protected] Subject: Re: [lsc-users] OpenLDAP 2 LDAP synchronization Clément OUDOT <[email protected]> a écrit : 2014-11-24 13:48 GMT+01:00 Marcin Baluta <[email protected]>: Hello Clement, I still cannot manage to synchronize group membership. Actually – I’m not sure what script should I use to achieve this. Currently I have this taken from your LSC 1.1 tutorial (http://lsc-project.org/wiki/documentation/1.1/tutorials/synchronizegroups): <dataset> <name>member</name> <policy>FORCE</policy> <forceValues> <string><![CDATA[var umembers = srcBean.getAttributeValuesById("uniqueMember").toArray() ; for (var i=0; i<umembers.length; i++ ) { try { umembers[i] = ldap.attribute(ldap.list( "OU=Users,OU=imported,OU=test,DC=xxx,DC=xxx","(sAMAccountName="+(srcLdap.attribute(umembers[i], 'uid').get(0) + ")" )).get(0), 'distinguishedName').get(0) } catch (e) { umembers[i]=null } } var members = new Array(); var j=0; for (var i=0; i<umembers.length; i++) { if (umembers[i]!=null) members[j++]=umembers[i] } members;]]> </string> </forceValues> </dataset> Any help kindly appreciated ;) .. and of course I remember about beer for you J Hi, I just write a new tutorial that works with LSC 2: http://lsc-project.org/wiki/documentation/tutorial/synchronizegroups It should help you to achieve your task. Clément. Hi Clément, I thought that with AD, the liste of "member" in a group had to be kept in sync with the "memberOf" attribute of the user entry. When I tested it a while ago, I had an exception when I tried to add a group to a user by adding it ot its "memberOf" attribute. Is it different when you add a user the "member" attribute of a group instead? Does AD update the "memberOf" attribute of the user automatically? Thanks Max
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
