Re: [lsc-users] FW: AD Group Sync to OpenLDAP with Java 8

Mon, 02 Feb 2015 08:04:50 -0800 

Hi,

Le 2015-01-21 22:36, W. Ho a écrit :

Hi,

I have come across an issue to sync AD groups to OpenLDAP when
invoking Java 8.

I am using lsc core 2.1.2 with CentOS 6.5 and CentOS 7. Everything
works fine when I use Java 7. However, when switching to Java 8 it
fails. The error message is "invalid attribute syntax", followed by
"member: value #0 invalid per syntax".

I performed the packet sniffing over the wire to see what breaks the
transaction. I discovered that when running Java 7 I could see group
members (full list with dn) were passing to the client and the sync
went through. When running Java 8, instead of pulling all members from
the group the group attribute shew as "[object array]". No group
member was available.


You don't need packet sniffing to see this, just activate DEBUG logs.


The code I use to sync group is listed below. Appreciate any help to
address this issue.
It seems LSC don't use Rhino when invoked by Java 8. I don't know why, but here is a workaround: 



Thanks,

 <dataset>
 <name>member</name>
 <policy>FORCE</policy>
 <forceValues>
 <string>
 <![CDATA[rjs:
 var membersSrcDn = srcBean.getDatasetValuesById("member");
 var membersDstDn = [];


Use instead :
var membersDstDn = new java.util.ArrayList();


 for (var i=0; i<membersSrcDn.size(); i++) {
 var memberSrcDn = membersSrcDn.get(i);
 var sAMAccountName = "";
 try {
 sAMAccountName = srcLdap.attribute(memberSrcDn,
"sAMAccountName").get(0);
 } catch(e) {
 continue;
 }
 var destDn = ldap.search("ou=Users,ou=HQ", "(uid=" + sAMAccountName +
")");
 if (destDn.size() == 0 || destDn.size() > 1) {
 continue;
 }
 var destMemberDn = destDn.get(0) + "," + ldap.getContextDn();
 membersDstDn.push(destMemberDn);


And here:
membersDstDn.add(destMemberDn);


 }
 membersDstDn
 ]]>
 </string>
 </forceValues>
 </dataset>


This would allow to use ArrayList instead of native arrays.

Regards,
Raphaël ouazana.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to