Re: [lsc-users] Cleaning task for groups members

Wed, 01 Apr 2015 04:52:57 -0700 

Thanks for the prompt reply.
Unfortunately the sync task is not able to delete members in my destination 
group (which is OpenLDAP in my case, the sync is going that way
AD-->OpenLDAP) if they are not present anymore in the source group. Please 
don't hesitate to reply if you have an idea, I will be very grateful.
Thanks in advance.

Best,


Arthur

De : Jon C Kidder [mailto:[email protected]]
Envoyé : mardi 31 mars 2015 14:23
À : Arthur TEBOUL; [email protected]
Objet : RE: Cleaning task for groups members

The clean task is not needed to manage group membership. A clean task will only 
manage the existence of the group itself.  The sync task will always perform a 
replace on the group membership attribute which would explicitly remove group 
members that no longer exist in the source.

-Jon C. Kidder
American Electric Power
Middleware Services
Email: [email protected]<mailto:[email protected]>
Phone: 614-716-4970

From: 
[email protected]<mailto:[email protected]>
 [mailto:[email protected]] On Behalf Of Arthur TEBOUL
Sent: Tuesday, March 31, 2015 7:43 AM
To: [email protected]<mailto:[email protected]>
Subject: [lsc-users] Cleaning task for groups members

This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN 
attachments.
________________________________
Dear all,

It is amazing how powerful LSC is and I would like to thank you about it.
I am facing a little issue, here is the context:
I have a group sync task between AD-->OpenLDAP, my groups are synchronized 
successfully with its members. However, I am not able to set the cleaning task 
properly in order to delete OpenLDAP group members if they are not present 
anymore in AD one, I have no error messages but it does nothing. Please could 
you help me setting the cleaning task properly ?
Here is my lsc.xml content:

<?xml version="1.0" ?>
<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0">
        <connections>
                <ldapConnection>
                        <name>ldap-src-conn</name>
                        <url>ldap://80.15.1.185:389/dc=test,dc=local</url>
                        
<username>cn=Administrateur,cn=Users,dc=ad-poc,dc=test,dc=local</username>
                        <password>Server2012!</password>
                        <authentication>SIMPLE</authentication>
                        <referral>IGNORE</referral>
                        <derefAliases>NEVER</derefAliases>
                        <version>VERSION_3</version>
                        <pageSize>-1</pageSize>
                        <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
                        <tlsActivated>false</tlsActivated>
                </ldapConnection>
                <ldapConnection>
                        <name>ldap-dst-conn</name>
                        <url>ldap://127.0.0.1:389/dc=test,dc=local</url>
                        <username>cn=admin,dc=test,dc=local</username>
                        <password>xxxxxxxxx </password>
                        <authentication>SIMPLE</authentication>
                        <referral>IGNORE</referral>
                        <derefAliases>NEVER</derefAliases>
                        <version>VERSION_3</version>
                        <pageSize>-1</pageSize>
                        <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
                        <tlsActivated>false</tlsActivated>
                </ldapConnection>
        </connections>
        <tasks>
                <task>
                        <name>People</name>
                        <bean>org.lsc.beans.SimpleBean</bean>
                        <ldapSourceService>
                                <name>ad-source-service</name>
                                <connection reference="ldap-src-conn" />
                                
<baseDn>cn=Users,dc=ad-poc,dc=test,dc=local</baseDn>
                                <pivotAttributes>
                                        <string>samAccountName</string>
                                </pivotAttributes>
                                <fetchedAttributes>
                                        <string>description</string>
                                        <string>cn</string>
                                        <string>sn</string>
                                        <string>givenName</string>
                                        <string>samAccountName</string>
                                        <string>userPrincipalName</string>
                                        <string>mail</string>
                                        <string>objectClass</string>
                                </fetchedAttributes>
                                <getAllFilter>(objectClass=user)</getAllFilter>
                                
<getOneFilter>(&amp;(objectClass=user)(samAccountName={samAccountName}))</getOneFilter>
                                
<cleanFilter>(&amp;(objectClass=user)(samAccountName={uid}))</cleanFilter>
                        </ldapSourceService>
                        <ldapDestinationService>
                                <name>openldap-dst-service</name>
                                <connection reference="ldap-dst-conn" />
                                <baseDn>ou=People,dc=test,dc=local</baseDn>
                                <pivotAttributes>
                                        <string>uid</string>
                                </pivotAttributes>
                                <fetchedAttributes>
                                        <string>description</string>
                                        <string>cn</string>
                                        <string>sn</string>
                                        <string>userPassword</string>
                                        <string>objectClass</string>
                                        <string>uid</string>
                                        <string>mail</string>
                                        <string>givenName</string>
                                </fetchedAttributes>
                                
<getAllFilter>(objectClass=inetorgperson)</getAllFilter>
                                
<getOneFilter>(&amp;(objectClass=inetorgperson)(uid={samAccountName}))</getOneFilter>
                        </ldapDestinationService>
                        <propertiesBasedSyncOptions>
                                <mainIdentifier>"uid=" +
                                        
srcBean.getDatasetFirstValueById("samAccountName") +
                                        
",ou=People,dc=test,dc=local"</mainIdentifier>
                                <defaultDelimiter>;</defaultDelimiter>
                                <defaultPolicy>FORCE</defaultPolicy>
                                <dataset>
                                        <name>description</name>
                                        <policy>FORCE</policy>
                                        <forceValues>
                                                
<string>js:(srcBean.getDatasetFirstValueById("sn") != null  ? 
srcBean.getDatasetFirstValueById("sn").toUpperCase() : null )</string>
                                        </forceValues>
                                </dataset>
                                <dataset>
                                        <name>userPassword</name>
                                        <policy>KEEP</policy>
                                        <createValues>
                                                <string>js:"{SASL}" +
                                                        
srcBean.getDatasetFirstValueById("userPrincipalName")</string>
                                        </createValues>
                                </dataset>
                                <dataset>
                                        <name>sn</name>
                                        <policy>FORCE</policy>
                                        <createValues>
                                                
<string>js:(srcBean.getDatasetFirstValueById("sn") != null  ? 
srcBean.getDatasetFirstValueById("sn").toUpperCase() : 
srcBean.getDatasetFirstValueById("cn") )</string>
                                        </createValues>
                                </dataset>
                                <dataset>
                                        <name>description</name>
                                        <policy>FORCE</policy>
                                        <forceValues>
                                                
<string>js:(srcBean.getDatasetFirstValueById("sn") != null  ? 
srcBean.getDatasetFirstValueById("sn").toUpperCase() : null )</string>
                                        </forceValues>
                                </dataset>
                                <dataset>
                                        <name>uid</name>
                                        <policy>KEEP</policy>
                                        <createValues>
                                                
<string>js:srcBean.getDatasetFirstValueById("samAcccountName")</string>
                                        </createValues>
                                </dataset>
                                <dataset>
                                        <name>objectClass</name>
                                        <policy>KEEP</policy>
                                        <createValues>
                                                <string>"inetOrgPerson"</string>
                                        </createValues>
                                </dataset>
                                <dataset>
                                        <name>userPassword</name>
                                        <policy>KEEP</policy>
                                        <createValues>
                                                <string>"changethis"</string>
                                        </createValues>
                                </dataset>
                                <dataset>
                                        <name>givenName</name>
                                        <policy>FORCE</policy>
                                        <createValues>
                                                
<string>js:srcBean.getDatasetFirstValueById("givenName")</string>
                                        </createValues>
                                </dataset>
                                <dataset>
                                        <name>mail</name>
                                        <policy>FORCE</policy>
                                        <createValues>
                                                
<string>js:srcBean.getDatasetFirstValueById("mail")</string>
                                        </createValues>
                                </dataset>
                        </propertiesBasedSyncOptions>
                </task>
                <task>
    <name>adGroup</name>
    <bean>org.lsc.beans.SimpleBean</bean>
    <ldapSourceService>
        <name>group-source-service</name>
        <connection reference="ldap-src-conn" />
        <baseDn>ou=Groupes,dc=ad-poc,dc=test,dc=local</baseDn>
        <pivotAttributes>
          <string>cn</string>
        </pivotAttributes>
        <fetchedAttributes>
          <string>cn</string>
          <string>description</string>
          <string>member</string>

        </fetchedAttributes>
    <getAllFilter><![CDATA[(objectClass=group)]]></getAllFilter>
        <getOneFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></getOneFilter>
        
<cleanFilter><![CDATA[(&(objectClass=group)(cn={cn}))(member={member})]]></cleanFilter>
      </ldapSourceService>
      <ldapDestinationService>
        <name>group-dst-service</name>
        <connection reference="ldap-dst-conn" />
        <baseDn>ou=Groupes,dc=test,dc=local</baseDn>
        <pivotAttributes>
          <string>cn</string>
       </pivotAttributes>
        <fetchedAttributes>
          <string>cn</string>
          <string>description</string>
          <string>uniqueMember</string>
          <string>objectClass</string>
        </fetchedAttributes>
     <getAllFilter><![CDATA[(objectClass=groupOfNames)]]></getAllFilter>

<getOneFilter><![CDATA[(&(objectClass=groupOfNames)(cn={cn}))]]></getOneFilter>
     </ldapDestinationService>
       <propertiesBasedSyncOptions>
        <mainIdentifier>js:"cn=" +
javax.naming.ldap.Rdn.escapeValue(srcBean.getDatasetFirstValueById("cn")) +
",ou=Groupes,dc=test,dc=local"</mainIdentifier>
        <defaultDelimiter>;</defaultDelimiter>
    <defaultPolicy>FORCE</defaultPolicy>
    <conditions>
      <create>true</create>
      <update>true</update>
      <delete>true</delete>
      <changeId>true</changeId>
    </conditions>
    <dataset>
      <name>objectClass</name>
      <policy>FORCE</policy>
      <forceValues>
        <string>"top"</string>
        <string>"groupOfNames"</string>
      </forceValues>
    </dataset>
    <dataset>
         <name>cn</name>
          <policy>FORCE</policy>
           <forceValues>
            <string>srcBean.getDatasetFirstValueById("cn")</string>
           </forceValues>
        </dataset>
        <dataset>
         <name>dn</name>
          <policy>FORCE</policy>
           <forceValues>
            <string>srcBean.getDatasetFirstValueById("dn")</string>
           </forceValues>
        </dataset>
    <dataset>
         <name>Member</name>
         <policy>FORCE</policy>
         <forceValues>
           <string>
           <![CDATA[rjs:
                var membersSrcDn = srcBean.getDatasetValuesById("member");
                var membersDstDn = [];
                for  (var i=0; i<membersSrcDn.size(); i++) {
                     var memberSrcDn = membersSrcDn.get(i);
                     var sAMAccountName = "";
                     try {
                         sAMAccountName = srcLdap.attribute(memberSrcDn,
"sAMAccountName").get(0);
                        } catch(e) {
                            continue;
                        }
                     var destDn = ldap.search("ou=People", "(uid=" +
sAMAccountName + ")");
                     if (destDn.size() == 0 || destDn.size() > 1) {
                              continue;
                      }
                     var destMemberDn = destDn.get(0) + "," +
ldap.getContextDn();
                     membersDstDn.push(destMemberDn);
                }
                membersDstDn
           ]]>
           </string>
         </forceValues>
      </dataset>
      </propertiesBasedSyncOptions>
    </task>

        </tasks>
</lsc>


Thanks in advance !

Arthur


_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to