Hi Clément, Thanks a lot for your answer that seems to work, but if i do the update operation 2 times, i have this message : :javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - Entry Already Exists];
And i see in my ldap log that the request of the objectsid stocked in my ldap userSMIMECertificate send no results conn=1029 op=1 SRCH base="ou=users,dc=test,dc=fr" scope=2 deref=0 filter="(&(objectClass=inetOrgPerson)(?userSMIMECertificate=\01\05\00\00\00\00\00\05\15\00\00\00\CE;2y\C5U\C2Q\1D\03jf\ED\FB\00\00))" conn=1029 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Also if i use lsc with -s all -d all the user is inserted and deleted... Is it possible to take the objectsid in active directory and put it in a ldap attribute not coded in binary? Thanks 2015-08-27 13:38 GMT+02:00 Clément OUDOT <[email protected] >: > > > Le 27/08/2015 11:51, Armando Martins a écrit : > > Hi, > > I'm trying to configure a synchronization between my active directory and > my openldap. > > The problem that i have is : if i use sAMAccountName as pivot attribute > the add, delete, update operations works fine but not the modrdn because i > use the sAMAccountName in the destination mainIdentifier ("uid=" + > srcBean.getDatasetFirstValueById("sAMAccountName") + > ",ou=users,dc=test,dc=fr") > > So i've find the binary objectsid attribute on active directory to use it > as the pivot attribute but that doesn't work. he says "Synchronization > aborted because no source object has been found !" > > i also try to put as pivot another attribute to see if the modrdn work and > i don't have any problem it works fine. The problem is for my production > environment, i only have the objectsid as unique identifier. > > Here is my test configuration : > > <tasks> > <task> > <name>adUser</name> > <bean>org.lsc.beans.SimpleBean</bean> > <ldapSourceService> > <name>AD-source-service</name> > <connection reference="AD-source" /> > <baseDn>dc=exemple,dc=fr</baseDn> > <pivotAttributes> > <string>objectsid</string> > </pivotAttributes> > <fetchedAttributes> > <string>cn</string> > <string>givenName</string> > <string>mail</string> > <string>sn</string> > <string>objectsid</string> > <string>sAMAccountName</string> > </fetchedAttributes> > > <getAllFilter><![CDATA[(&(objectClass=user)(objectsid=*))]]></getAllFilter> > > <getOneFilter><![CDATA[(&(objectClass=user)(objectsid={objectsid}))]]></getOneFilter> > > <cleanFilter><![CDATA[(&(objectClass=user)(objectsid={userSMIMECertificate}))]]></cleanFilter> > </ldapSourceService> > > <ldapDestinationService> > <name>openldap-dst-service</name> > <connection reference="openldap-destination" /> > <baseDn>ou=users,dc=test,dc=fr</baseDn> > <pivotAttributes> > <string>userSMIMECertificate</string> > </pivotAttributes> > <fetchedAttributes> > <string>cn</string> > <string>givenName</string> > <string>mail</string> > <string>sn</string> > <string>uid</string> > <string>userSMIMECertificate</string> > <string>objectclass</string> > <string>mailHost</string> > <string>mailLocalAddress</string> > <string>userPassword</string> > </fetchedAttributes> > > <getAllFilter><![CDATA[(objectClass=inetOrgPerson)]]></getAllFilter> > > <getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(userSMIMECertificate={objectsid}))]]></getOneFilter> > </ldapDestinationService> > > <propertiesBasedSyncOptions> > <mainIdentifier>"uid=" + > srcBean.getDatasetFirstValueById("sAMAccountName") + > ",ou=users,dc=test,dc=fr"</mainIdentifier> > <defaultDelimiter>;</defaultDelimiter> > <defaultPolicy>FORCE</defaultPolicy> > <conditions> > <create>true</create> > <update>true</update> > <delete>true</delete> > <changeId>true</changeId> > </conditions> > <dataset> > <name>objectclass</name> > <policy>KEEP</policy> > <createValues> > <string>"inetOrgPerson"</string> > <string>"organizationalPerson"</string> > <string>"inetLocalMailRecipient"</string> > <string>"person"</string> > <string>"top"</string> > </createValues> > </dataset> > <dataset> > <name>uid</name> > <policy>KEEP</policy> > <createValues> > <string>srcBean.getDatasetFirstValueById("sAMAccountName")</string> > </createValues> > </dataset> > <dataset> > <name>userSMIMECertificate</name> > <policy>KEEP</policy> > <createValues> > <string>srcBean.getDatasetFirstValueById("objectsid")</string> > </createValues> > <delimiter></delimiter> > </dataset> > <!-- userPassword --> > <dataset> > <name>userPassword</name> > <policy>FORCE</policy> > <createValues> > <string>"{SASL}" + > srcBean.getDatasetFirstValueById("sAMAccountName") + "@test.fr"</string> > </createValues> > </dataset> > <dataset> > <name>mailhost</name> > <policy>FORCE</policy> > <createValues> > <string>"127.0.0.1"</string> > </createValues> > </dataset> > </propertiesBasedSyncOptions> > > </task> > > I know the objectsid is a binary attribute is that the problem? > > > > Hi, > > you need to declare objectSid as binary attribute in the LDAP connection: > http://lsc-project.org/wiki/documentation/latest/configuration/connections/ldap > > > -- > Clément OUDOT > Consultant en logiciels libres, Expert infrastructure et sécurité > Savoir-faire Linux > 87, rue de Turbigo - 75003 PARIS > > > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] > http://lists.lsc-project.org/listinfo/lsc-users > -- Armando Martins
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
