Le 27/08/2015 11:51, Armando Martins a écrit :
Hi,
I'm trying to configure a synchronization between my active directory
and my openldap.
The problem that i have is : if i use sAMAccountName as pivot
attribute the add, delete, update operations works fine but not the
modrdn because i use the sAMAccountName in the
destination mainIdentifier ("uid=" +
srcBean.getDatasetFirstValueById("sAMAccountName") +
",ou=users,dc=test,dc=fr")
So i've find the binary objectsid attribute on active directory to use
it as the pivot attribute but that doesn't work. he says
"Synchronization aborted because no source object has been found !"
i also try to put as pivot another attribute to see if the modrdn work
and i don't have any problem it works fine. The problem is for my
production environment, i only have the objectsid as unique identifier.
Here is my test configuration :
<tasks>
<task>
<name>adUser</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>AD-source-service</name>
<connection reference="AD-source" />
<baseDn>dc=exemple,dc=fr</baseDn>
<pivotAttributes>
<string>objectsid</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>givenName</string>
<string>mail</string>
<string>sn</string>
<string>objectsid</string>
<string>sAMAccountName</string>
</fetchedAttributes>
<getAllFilter><![CDATA[(&(objectClass=user)(objectsid=*))]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=user)(objectsid={objectsid}))]]></getOneFilter>
<cleanFilter><![CDATA[(&(objectClass=user)(objectsid={userSMIMECertificate}))]]></cleanFilter>
</ldapSourceService>
<ldapDestinationService>
<name>openldap-dst-service</name>
<connection reference="openldap-destination" />
<baseDn>ou=users,dc=test,dc=fr</baseDn>
<pivotAttributes>
<string>userSMIMECertificate</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>givenName</string>
<string>mail</string>
<string>sn</string>
<string>uid</string>
<string>userSMIMECertificate</string>
<string>objectclass</string>
<string>mailHost</string>
<string>mailLocalAddress</string>
<string>userPassword</string>
</fetchedAttributes>
<getAllFilter><![CDATA[(objectClass=inetOrgPerson)]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(userSMIMECertificate={objectsid}))]]></getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>"uid=" +
srcBean.getDatasetFirstValueById("sAMAccountName") +
",ou=users,dc=test,dc=fr"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<conditions>
<create>true</create>
<update>true</update>
<delete>true</delete>
<changeId>true</changeId>
</conditions>
<dataset>
<name>objectclass</name>
<policy>KEEP</policy>
<createValues>
<string>"inetOrgPerson"</string>
<string>"organizationalPerson"</string>
<string>"inetLocalMailRecipient"</string>
<string>"person"</string>
<string>"top"</string>
</createValues>
</dataset>
<dataset>
<name>uid</name>
<policy>KEEP</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("sAMAccountName")</string>
</createValues>
</dataset>
<dataset>
<name>userSMIMECertificate</name>
<policy>KEEP</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("objectsid")</string>
</createValues>
<delimiter></delimiter>
</dataset>
<!-- userPassword -->
<dataset>
<name>userPassword</name>
<policy>FORCE</policy>
<createValues>
<string>"{SASL}" +
srcBean.getDatasetFirstValueById("sAMAccountName") + "@test.fr
<http://test.fr>"</string>
</createValues>
</dataset>
<dataset>
<name>mailhost</name>
<policy>FORCE</policy>
<createValues>
<string>"127.0.0.1"</string>
</createValues>
</dataset>
</propertiesBasedSyncOptions>
</task>
I know the objectsid is a binary attribute is that the problem?
Hi,
you need to declare objectSid as binary attribute in the LDAP
connection:
http://lsc-project.org/wiki/documentation/latest/configuration/connections/ldap
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
