Hi,
I'm fairly new to LSC and openLdap and I'm trying to do the following:
I do have an application (I'm not the vendor) that can authenticate
users via ldap and I have an AD of which I'm not responsible for.
Currently this app is configured to do authentication against a local
password-file.
I'd like to change this so users can utilize their AD password.
BUT every person has 2 accounts: "username" and "usernameSuffix"
AD does not know about usernameSuffix but the users should be able to
login with both accounts by using the same password.
The ldap-noop I am I asked if this is feasible at all in irc
#ltb-project and got an anwer by KPTN:
"a solution is to install an OpenLDAP server, synchronize it withAD with
LSC, use sasldelagation for passwords, and register the 2 logins in
OpenLDAP user entry"
So here I am, having my openldap running, lsc installed lsc.xml assebled
and only getting
Jul 17 12:52:37 - INFO - Starting sync for MySyncTask
Jul 17 12:52:38 - ERROR - Synchronization aborted because no source
object has been found !
...
I tried to turn on debug logging to get a hint what I might have
configured wrong but failed.
Here is my logback.xml
<configuration debug="true">
<!-- Standard output to console -->
<appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
<encoder
class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
<layout class="org.lsc.utils.output.LdifLayout">
<Pattern>%date{MMM dd HH:mm:ss} - %-5level -
%message%n</Pattern>
</layout>
</encoder>
</appender>
<!-- Main LSC messages -->
<logger name="org.lsc" level="DEBUG">
<appender-ref ref="CONSOLE"/>
<appender-ref ref="CONSOLE"/>
</logger>
<!-- Messages for LDIF output -->
<logger name="lsc" level="DEBUG">
<appender-ref ref="CONSOLE"/>
</logger>
<!-- Other messages -->
<logger name="communicationLogger" level="DEBUG">
<appender-ref ref="CONSOLE"/>
</logger>
<logger name="org.apache" level="DEBUG">
<appender-ref ref="CONSOLE"/>
</logger>
<logger name="poolLogger" level="DEBUG">
<appender-ref ref="CONSOLE"/>
</logger>
<!-- Root logger -->
<root level="DEBUG">
<appender-ref ref="CONSOLE"/>
</root>
</configuration>
my lsc.xml is this:
<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0">
<connections>
<ldapConnection>
<name>ldap-src-conn</name>
<url>ldap://adserver.local:389/OU=Standard,OU=company,OU=DEP-Benutzerkonten,DC=de,DC=local,DC=lan</url>
<username>ude\ALGOLDAP</username>
<password>Taippub6</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>-1</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
</ldapConnection>
<ldapConnection>
<name>ldap-dst-conn</name>
<url>ldap://127.0.0.1:9389/DC=de,DC=local,DC=lan</url>
<username>cn=Manager,DC=de,DC=local,DC=lan</username>
<password>secret</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>-1</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
</ldapConnection>
</connections>
<audits>
<csvAudit>
<name>csv</name>
<append>true</append>
<operations>create, delete</operations>
<file>/tmp/dump.csv</file>
<datasets>cn, dn</datasets>
<separator>,</separator>
</csvAudit>
</audits>
<tasks>
<task>
<name>MySyncTask</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>ldap-src-service</name>
<connection reference="ldap-src-conn"></connection>
<baseDn>OU=Standard,OU=company,OU=DEP-Benutzerkonten,DC=de,DC=local,DC=lan</baseDn>
<pivotAttributes>
<string>sAMAccountName</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>sn</string>
<string>givenName</string>
<string>name</string>
<string>mail</string>
<string>sAMAccountName</string>
<string>userPrincipalName</string>
</fetchedAttributes>
<getAllFilter>(&(objectClass=organizationalPerson))</getAllFilter>
<getOneFilter>(&(objectClass=organizationalPerson)(uid={samAccountName}))</getOneFilter>
<interval>6</interval>
</ldapSourceService>
<ldapDestinationService>
<name>ldap-dst-service</name>
<connection reference="ldap-dst-conn"></connection>
<baseDn>DC=de,DC=local,DC=lan</baseDn>
<pivotAttributes>
<string>mail</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>sn</string>
<string>givenName</string>
<string>name</string>
<string>mail</string>
<string>sAMAccountName</string>
<string>userPrincipalName</string>
</fetchedAttributes>
<getAllFilter>(&(objectClass=organizationalPerson))</getAllFilter>
<getOneFilter>(&(objectClass=organizationalPerson)(uid={samAccountName}))</getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>"cn=" + srcBean.getDatasetValueById("cn") +
",ou=People,DC=de,DC=local,DC=lan"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<conditions>
<create>true</create>
<update>true</update>
<delete>true</delete>
<changeId>false</changeId>
</conditions>
<dataset>
<name>objectClass</name>
<policy>KEEP</policy>
<defaultValues></defaultValues>
<forceValues></forceValues>
<createValues>
<string>"user"</string>
<string>"top"</string>
</createValues>
<delimiter>,</delimiter>
</dataset>
</propertiesBasedSyncOptions>
</task>
</tasks>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
