Hi,
I'm trying to configure a synchronization between my active directory and
my openldap.
The problem that i have is : if i use sAMAccountName as pivot attribute the
add, delete, update operations works fine but not the modrdn because i use
the sAMAccountName in the destination mainIdentifier ("uid=" +
srcBean.getDatasetFirstValueById("sAMAccountName") +
",ou=users,dc=test,dc=fr")
So i've find the binary objectsid attribute on active directory to use it
as the pivot attribute but that doesn't work. he says "Synchronization
aborted because no source object has been found !"
i also try to put as pivot another attribute to see if the modrdn work and
i don't have any problem it works fine. The problem is for my production
environment, i only have the objectsid as unique identifier.
Here is my test configuration :
<tasks>
<task>
<name>adUser</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>AD-source-service</name>
<connection reference="AD-source" />
<baseDn>dc=exemple,dc=fr</baseDn>
<pivotAttributes>
<string>objectsid</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>givenName</string>
<string>mail</string>
<string>sn</string>
<string>objectsid</string>
<string>sAMAccountName</string>
</fetchedAttributes>
<getAllFilter><![CDATA[(&(objectClass=user)(objectsid=*))]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=user)(objectsid={objectsid}))]]></getOneFilter>
<cleanFilter><![CDATA[(&(objectClass=user)(objectsid={userSMIMECertificate}))]]></cleanFilter>
</ldapSourceService>
<ldapDestinationService>
<name>openldap-dst-service</name>
<connection reference="openldap-destination" />
<baseDn>ou=users,dc=test,dc=fr</baseDn>
<pivotAttributes>
<string>userSMIMECertificate</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>givenName</string>
<string>mail</string>
<string>sn</string>
<string>uid</string>
<string>userSMIMECertificate</string>
<string>objectclass</string>
<string>mailHost</string>
<string>mailLocalAddress</string>
<string>userPassword</string>
</fetchedAttributes>
<getAllFilter><![CDATA[(objectClass=inetOrgPerson)]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(userSMIMECertificate={objectsid}))]]></getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>"uid=" +
srcBean.getDatasetFirstValueById("sAMAccountName") +
",ou=users,dc=test,dc=fr"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<conditions>
<create>true</create>
<update>true</update>
<delete>true</delete>
<changeId>true</changeId>
</conditions>
<dataset>
<name>objectclass</name>
<policy>KEEP</policy>
<createValues>
<string>"inetOrgPerson"</string>
<string>"organizationalPerson"</string>
<string>"inetLocalMailRecipient"</string>
<string>"person"</string>
<string>"top"</string>
</createValues>
</dataset>
<dataset>
<name>uid</name>
<policy>KEEP</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("sAMAccountName")</string>
</createValues>
</dataset>
<dataset>
<name>userSMIMECertificate</name>
<policy>KEEP</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("objectsid")</string>
</createValues>
<delimiter></delimiter>
</dataset>
<!-- userPassword -->
<dataset>
<name>userPassword</name>
<policy>FORCE</policy>
<createValues>
<string>"{SASL}" + srcBean.getDatasetFirstValueById("sAMAccountName")
+ "@test.fr"</string>
</createValues>
</dataset>
<dataset>
<name>mailhost</name>
<policy>FORCE</policy>
<createValues>
<string>"127.0.0.1"</string>
</createValues>
</dataset>
</propertiesBasedSyncOptions>
</task>
I know the objectsid is a binary attribute is that the problem?
Thanks a lot for your help
--
Armando Martins
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
