Hi, Thanks a lot for your readiness! Actually my JS code is the same that the one provided in the documentation except the fact that I have reversed OpenLDAP and AD sync. Please advise.
Best, Arthur -----Message d'origine----- De : Clément OUDOT [mailto:[email protected]] Envoyé : jeudi 2 avril 2015 16:58 À : Arthur TEBOUL Cc : lsc-userslsc-users Objet : Re: [lsc-users] Cleaning task for groups members 2015-04-02 16:03 GMT+02:00 Arthur TEBOUL <[email protected]>: > Dear Clement, > > Thanks a lot for your reply! > I have changed the dataset name to be uniqueMember, but I am now facing the > following error messages: > Apr 02 15:57:03 - INFO - Starting sync for adGroup Apr 02 15:57:03 - > ERROR - Error while adding entry cn=Berlitz,ou=Groupes,dc=test,dc=local in > directory :javax.naming.directory.SchemaViolationException: [LDAP: error code > 65 - object class 'groupOfUniqueNames' requires attribute 'uniqueMember']; > remaining name 'cn=Berlitz,ou=Groupes' > Apr 02 15:57:03 - ERROR - Error while adding entry cn=ETS Global > BV,ou=Groupes,dc=test,dc=local in directory > :javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - > object class 'groupOfUniqueNames' requires attribute 'uniqueMember']; > remaining name 'cn=ETS Global BV,ou=Groupes' > Apr 02 15:57:03 - ERROR - Error while synchronizing ID > cn=Berlitz,ou=Groupes,dc=test,dc=local: java.lang.Exception: Technical > problem while applying modifications to the destination Apr 02 > 15:57:03 - ERROR - Error while synchronizing ID cn=ETS Global > BV,ou=Groupes,dc=test,dc=local: java.lang.Exception: Technical problem > while applying modifications to the destination # Thu Apr 02 15:57:03 > CEST 2015 > dn: cn=Berlitz,ou=Groupes,dc=test,dc=local > changetype: add > cn: Berlitz > objectClass: top > objectClass: groupOfUniqueNames > > # Thu Apr 02 15:57:03 CEST 2015 > dn: cn=ETS Global BV,ou=Groupes,dc=test,dc=local > changetype: add > cn: ETS Global BV > objectClass: top > objectClass: groupOfUniqueNames > > Apr 02 15:57:03 - ERROR - All entries: 2, to modify entries: 2, > successfully modified entries: 0, errors: 2 > > Hi, please keep the list in copy. The error comes from the absence of uniqueMember attribute. Your code seems to return no value, so no attribute is created by LSC. Try to debug your JS code to see why no value is returned. Clément. > Here is my lsc.xml content: > > > <?xml version="1.0" ?> > <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0"> > <connections> > <ldapConnection> > <name>ldap-src-conn</name> > <url>ldap://80.15.1.185:389/dc=test,dc=local</url> > > <username>cn=Administrateur,cn=Users,dc=ad-poc,dc=test,dc=local</username> > <password>Server2012!</password> > <authentication>SIMPLE</authentication> > <referral>IGNORE</referral> > <derefAliases>NEVER</derefAliases> > <version>VERSION_3</version> > <pageSize>-1</pageSize> > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > <tlsActivated>false</tlsActivated> > </ldapConnection> > <ldapConnection> > <name>ldap-dst-conn</name> > <url>ldap://127.0.0.1:389/dc=test,dc=local</url> > <username>cn=admin,dc=test,dc=local</username> > <password>Rhum@grip759477!</password> > <authentication>SIMPLE</authentication> > <referral>IGNORE</referral> > <derefAliases>NEVER</derefAliases> > <version>VERSION_3</version> > <pageSize>-1</pageSize> > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > <tlsActivated>false</tlsActivated> > </ldapConnection> > </connections> > <tasks> > <task> > <name>People</name> > <bean>org.lsc.beans.SimpleBean</bean> > <ldapSourceService> > <name>ad-source-service</name> > <connection reference="ldap-src-conn" /> > > <baseDn>cn=Users,dc=ad-poc,dc=test,dc=local</baseDn> > <pivotAttributes> > <string>samAccountName</string> > </pivotAttributes> > <fetchedAttributes> > <string>description</string> > <string>cn</string> > <string>sn</string> > <string>givenName</string> > <string>samAccountName</string> > <string>userPrincipalName</string> > <string>mail</string> > <string>objectClass</string> > </fetchedAttributes> > > <getAllFilter>(objectClass=user)</getAllFilter> > > <getOneFilter>(&(objectClass=user)(samAccountName={samAccountName}))</getOneFilter> > > <cleanFilter>(&(objectClass=user)(samAccountName={uid}))</cleanFilter> > </ldapSourceService> > <ldapDestinationService> > <name>openldap-dst-service</name> > <connection reference="ldap-dst-conn" /> > <baseDn>ou=People,dc=test,dc=local</baseDn> > <pivotAttributes> > <string>uid</string> > </pivotAttributes> > <fetchedAttributes> > <string>description</string> > <string>cn</string> > <string>sn</string> > <string>userPassword</string> > <string>objectClass</string> > <string>uid</string> > <string>mail</string> > <string>givenName</string> > </fetchedAttributes> > > <getAllFilter>(objectClass=inetorgperson)</getAllFilter> > > <getOneFilter>(&(objectClass=inetorgperson)(uid={samAccountName}))</getOneFilter> > </ldapDestinationService> > <propertiesBasedSyncOptions> > <mainIdentifier>"uid=" + > > srcBean.getDatasetFirstValueById("samAccountName") + > > ",ou=People,dc=test,dc=local"</mainIdentifier> > <defaultDelimiter>;</defaultDelimiter> > <defaultPolicy>FORCE</defaultPolicy> > <dataset> > <name>description</name> > <policy>FORCE</policy> > <forceValues> > > <string>js:(srcBean.getDatasetFirstValueById("sn") != null ? > srcBean.getDatasetFirstValueById("sn").toUpperCase() : null )</string> > </forceValues> > </dataset> > <dataset> > <name>userPassword</name> > <policy>KEEP</policy> > <createValues> > <string>js:"{SASL}" + > > srcBean.getDatasetFirstValueById("userPrincipalName")</string> > </createValues> > </dataset> > <dataset> > <name>sn</name> > <policy>FORCE</policy> > <createValues> > > <string>js:(srcBean.getDatasetFirstValueById("sn") != null ? > srcBean.getDatasetFirstValueById("sn").toUpperCase() : > srcBean.getDatasetFirstValueById("cn") )</string> > </createValues> > </dataset> > <dataset> > <name>description</name> > <policy>FORCE</policy> > <forceValues> > > <string>js:(srcBean.getDatasetFirstValueById("sn") != null ? > srcBean.getDatasetFirstValueById("sn").toUpperCase() : null )</string> > </forceValues> > </dataset> > <dataset> > <name>uid</name> > <policy>KEEP</policy> > <createValues> > > <string>js:srcBean.getDatasetFirstValueById("samAcccountName")</string> > </createValues> > </dataset> > <dataset> > <name>objectClass</name> > <policy>KEEP</policy> > <createValues> > > <string>"inetOrgPerson"</string> > </createValues> > </dataset> > <dataset> > <name>userPassword</name> > <policy>KEEP</policy> > <createValues> > <string>"changethis"</string> > </createValues> > </dataset> > <dataset> > <name>givenName</name> > <policy>FORCE</policy> > <createValues> > > <string>js:srcBean.getDatasetFirstValueById("givenName")</string> > </createValues> > </dataset> > <dataset> > <name>mail</name> > <policy>FORCE</policy> > <createValues> > > <string>js:srcBean.getDatasetFirstValueById("mail")</string> > </createValues> > </dataset> > </propertiesBasedSyncOptions> > </task> > <task> > <name>adGroup</name> > <bean>org.lsc.beans.SimpleBean</bean> > <ldapSourceService> > <name>group-source-service</name> > <connection reference="ldap-src-conn" /> > <baseDn>ou=Groupes,dc=ad-poc,dc=test,dc=local</baseDn> > <pivotAttributes> > <string>cn</string> > </pivotAttributes> > <fetchedAttributes> > <string>cn</string> > <string>description</string> > <string>member</string> > > </fetchedAttributes> > <getAllFilter><![CDATA[(objectClass=group)]]></getAllFilter> > > <getOneFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></getOneFilter> > <cleanFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></cleanFilter> > </ldapSourceService> > <ldapDestinationService> > <name>group-dst-service</name> > <connection reference="ldap-dst-conn" /> > <baseDn>ou=Groupes,dc=test,dc=local</baseDn> > <pivotAttributes> > <string>cn</string> > </pivotAttributes> > <fetchedAttributes> > <string>cn</string> > <string>description</string> > <string>uniqueMember</string> > <string>objectClass</string> > </fetchedAttributes> > > > <getAllFilter><![CDATA[(objectClass=groupOfUniqueNames)]]></getAllFilt > er> > > <getOneFilter><![CDATA[(&(objectClass=groupOfUniqueNames)(cn={cn}))]]></getOneFilter> > </ldapDestinationService> > <propertiesBasedSyncOptions> > <mainIdentifier>js:"cn=" + > javax.naming.ldap.Rdn.escapeValue(srcBean.getDatasetFirstValueById("cn > ")) + ",ou=Groupes,dc=test,dc=local"</mainIdentifier> > <defaultDelimiter>;</defaultDelimiter> > <defaultPolicy>FORCE</defaultPolicy> > <conditions> > <create>true</create> > <update>true</update> > <delete>true</delete> > <changeId>true</changeId> > </conditions> > <dataset> > <name>objectClass</name> > <policy>KEEP</policy> > <createValues> > <string>"top"</string> > <string>"groupOfUniqueNames"</string> > </createValues> > </dataset> > <dataset> > <name>cn</name> > <policy>FORCE</policy> > <forceValues> > <string>srcBean.getDatasetFirstValueById("cn")</string> > </forceValues> > </dataset> > <dataset> > <name>dn</name> > <policy>FORCE</policy> > <forceValues> > <string>srcBean.getDatasetFirstValueById("dn")</string> > </forceValues> > </dataset> > <dataset> > <name>uniqueMember</name> > <policy>FORCE</policy> > <forceValues> > <string> > <![CDATA[rjs: > var membersSrcDn = srcBean.getDatasetValuesById("member"); > var membersDstDn = []; > for (var i=0; i<membersSrcDn.size(); i++) { > var memberSrcDn = membersSrcDn.get(i); > var sAMAccountName = ""; > try { > sAMAccountName = > srcLdap.attribute(memberSrcDn, "sAMAccountName").get(0); > } catch(e) { > continue; > } > var destDn = ldap.search("ou=People", "(uid=" + > sAMAccountName + ")"); > if (destDn.size() == 0 || destDn.size() > 1) { > continue; > } > var destMemberDn = destDn.get(0) + "," + > ldap.getContextDn(); > membersDstDn.push(destMemberDn); > } > membersDstDn > ]]> > </string> > </forceValues> > </dataset> > </propertiesBasedSyncOptions> > </task> > > </tasks> > </lsc> > > > > Thanks a lot in advance for your assistance. > Best, > > Arthur > > -----Message d'origine----- > De : Clément OUDOT [mailto:[email protected]] Envoyé : mercredi 1 > avril 2015 14:26 À : Arthur TEBOUL Cc : > [email protected] Objet : Re: [lsc-users] Cleaning task > for groups members > > 2015-04-01 13:52 GMT+02:00 Arthur TEBOUL <[email protected]>: >> Thanks for the prompt reply. >> Unfortunately the sync task is not able to delete members in my >> destination group (which is OpenLDAP in my case, the sync is going >> that way >> AD-->OpenLDAP) if they are not present anymore in the source group. >> AD-->Please >> don’t hesitate to reply if you have an idea, I will be very grateful. >> Thanks in advance. >> > > The dataset name should be uniqueMember and not Member. > > > Clément. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
