Le 26/02/2015 16:59, Clément OUDOT a écrit :
2015-02-26 13:21 GMT+01:00 Jephte Clain <[email protected]>:
Le 26/02/2015 12:59, Clément OUDOT a écrit :
2015-02-26 7:38 GMT+01:00 Jephte Clain <[email protected]>:
hello,
I'd like to force the order of the sync tasks, e.g synchronising groups
AFTER synchronising users.
in my lsc.xml, the group task is after the user task.
but, with lsc -s all, the two tasks seems to run in parallel. I thought
it
was because of the number of threads.
so I tried with lsc -s all -t 1
but now, I can see the groups task is run BEFORE the users task.
so I tried with lsc -s users,groups
it's the same: the groups task is run BEFORE the users task.
so I tried with lsc -s users,groups -t 1
still no luck :-(
*** So, how can I order the tasks?
Usually, I run lsc as an asynchronous task. btw, the service is restarted
every morning.
*** is it possible with this method to order the tasks?
When I start the asynchronous service, it would:
- search for the users, synchronize them, then notify the groups task,
then
wait for new modifications on user accounts
- wait for a notify from the users task, search for the groups,
synchronize
then, then wait for new modifications on groups
- from now on, each modification is processed normally in each thread.
Is this possible at all?
The task order is the one of lsc.xml task declaration.
well, I don't understand why it does the groups first then the users... in
lsc.xml user sync comes first 8-|
You can force a task order with for example: lsc -s user && lsc -s group
Yes, evidently
But I'd like to use asynchronous mode.
- Updating the password in AD as soon as it is modified in OpenLDAP is nice.
- Also, because lsc cannot read unicodePwd from AD, running the task
synchronously rewrite the password again and again. Restarting the service
every day ensure it only does that once a day :-)
For this case, we create a "password" task with an update condition
which will check hte authentication. If the authentication fails, then
LSC will push the password.
To do this check, we use this method:
http://lsc-project.org/javadoc/2.0-SNAPSHOT/org/lsc/utils/directory/LDAP.html#canBindSearchRebind(java.lang.String,%20java.lang.String,%20java.lang.String,%20java.lang.String)
Clément.
Hello,
I just tried this method. I have two tasks: user-task to
create/synchronize user info (with conditions create, update, delete,
changeId); password-task to synchronise password infos (with condition
update only)
there are two problems:
- in async mode, only user-task is run when the ldap object is modified.
the password-task is never run. shall I use a different <ldapConnection>
for the password-task?
- I guess there is some sort of connexion rate limiting in AD because
the password-task fails for several accounts with LdapErr: DSID-0C090724
the probleme is not with the password, because when I start the task for
one user, it always succeed. however, trying to validate the connection
for thousands accounts in a row does not work.
In the AD's event viewer, I can see thousands of connexion attempts,
with a lot of failures.
How do you solve this issue? is it possible to limit the lsc's update
rate? Remember, I have to restart the lsc process each morning, so the
issue will arise every day. Also, if I cannot make async mode work, I'll
have to run lsc regularly, say every 5 minutes. I don't want to fill the
logs with rejected connexion attempts
thanks in advance for your help. best regards,
--
Jephté CLAIN | Développeur / Intégrateur d'applications
Service Systèmes d'Information http://dsiun.univ-reunion.fr
Tel: +262 262 93 86 31 || Mobile: +262 692 29 58 24 ||
http://www.univ-reunion.fr
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
