I think i've found something. The userSMIMECertificate not seems to be a binary attribute so i've replaced it by userCertificate attribute. But now i've this error :
javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error code 17 - userCertificate: requires ;binary transfer]; How can i do a binary transfer of the value in the attribute? 2015-08-27 15:12 GMT+02:00 Armando Martins <[email protected]>: > That's exactly what i've done. > > In source ldap connection i have this : > > <ldapConnection> > <name>AD-source</name> > <url>ldap://ad.exemple.fr:389/dc=exemple,dc=fr</url> > <username>cn=readaccount,cn=users,dc=exemple,dc=fr</username> > <password>secret</password> > <authentication>SIMPLE</authentication> > <referral>IGNORE</referral> > <derefAliases>NEVER</derefAliases> > <version>VERSION_3</version> > <pageSize>10</pageSize> > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > <tlsActivated>false</tlsActivated> > <binaryAttributes> > <string>objectsid</string> > </binaryAttributes> > </ldapConnection> > > And in destination i have this : > > <ldapConnection> > <name>openldap-destination</name> > <url>ldap://localhost:389/dc=test,dc=fr</url> > <username>cn=root,dc=test,dc=fr</username> > <password>secret</password> > <authentication>SIMPLE</authentication> > <referral>IGNORE</referral> > <derefAliases>NEVER</derefAliases> > <version>VERSION_3</version> > <pageSize>10</pageSize> > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > <tlsActivated>false</tlsActivated> > <binaryAttributes> > <string>userSMIMECertificate</string> > </binaryAttributes> > </ldapConnection> > </connections> > > i also have my dataset like this : > <dataset> > <name>userSMIMECertificate</name> > <policy>KEEP</policy> > <createValues> > <string>srcBean.getDatasetFirstValueById("objectsid")</string> > </createValues> > <delimiter></delimiter> > </dataset> > > And the problem is still the same : the user is added and deleted in the > same process. > > Also when i do a ldap query in my active directory with this filter > : > objectsid="\01\05\00\00\00\00\00\05\15\00\00\00\CE;2y\C5U\C2Q\1D\03jf\ED\FB\00\00" > > I have the good result > > But in ldap with this filter > : > userSMIMECertificate="\01\05\00\00\00\00\00\05\15\00\00\00\CE;2y\C5U\C2Q\1D\03jf\ED\FB\00\00" > > No result is returned. > > Thanks > > 2015-08-27 14:56 GMT+02:00 Clément OUDOT < > [email protected]>: > >> >> >> Le 27/08/2015 14:42, Armando Martins a écrit : >> >>> Hi Clément, >>> >>> Thanks a lot for your answer that seems to work, but if i do the update >>> operation 2 times, i have this message : >>> :javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - Entry >>> Already Exists]; >>> >>> And i see in my ldap log that the request of the objectsid stocked in my >>> ldap userSMIMECertificate send no results >>> >>> conn=1029 op=1 SRCH base="ou=users,dc=test,dc=fr" scope=2 deref=0 >>> filter="(&(objectClass=inetOrgPerson)(?userSMIMECertificate=\01\05\00\00\00\00\00\05\15\00\00\00\CE;2y\C5U\C2Q\1D\03jf\ED\FB\00\00))" >>> conn=1029 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= >>> >>> Also if i use lsc with -s all -d all the user is inserted and deleted... >>> >>> Is it possible to take the objectsid in active directory and put it in a >>> ldap attribute not coded in binary? >>> >>> >> >> You need to set userSMIMECertificate as binary in the destination LDAP >> connection. >> >> For now, you need to have a binary pivot in the destination to be able to >> match a binary pivot from the source. In the next release, you will be able >> to transform pivot value between source and destination: >> http://tools.lsc-project.org/issues/756 >> >> >> >> -- >> Clément OUDOT >> Consultant en logiciels libres, Expert infrastructure et sécurité >> Savoir-faire Linux >> 87, rue de Turbigo - 75003 PARIS >> >> _______________________________________________________________ >> Ldap Synchronization Connector (LSC) - http://lsc-project.org >> >> lsc-users mailing list >> [email protected] >> http://lists.lsc-project.org/listinfo/lsc-users >> > > > > -- > Armando Martins > -- Armando Martins
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
