Re: [lsc-users] binary attribute objectsid as pivot attribute problem

Armando Martins Thu, 27 Aug 2015 07:11:04 -0700

that's what i have done.... I'm a little bit lost so their is my full
config file.


<!-- Definition Source Active directory -->
    <ldapConnection>
      <name>AD-source</name>
      <url>ldap://ad.exemple.fr:389/dc=exemple,dc=fr</url>
      <username>cn=readaccount,cn=users,dc=exemple,dc=fr</username>
      <password>secret</password>
      <authentication>SIMPLE</authentication>
      <referral>IGNORE</referral>
      <derefAliases>NEVER</derefAliases>
      <version>VERSION_3</version>
      <pageSize>10</pageSize>
      <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
      <tlsActivated>false</tlsActivated>
      <binaryAttributes>
                <string>objectsid</string>
      </binaryAttributes>
    </ldapConnection>

<!-- Definition Destination Openldap -->
    <ldapConnection>
      <name>openldap-destination</name>
      <url>ldap://localhost:389/dc=test,dc=fr</url>
      <username>cn=root,dc=test,dc=fr</username>
      <password>secret</password>
      <authentication>SIMPLE</authentication>
      <referral>IGNORE</referral>
      <derefAliases>NEVER</derefAliases>
      <version>VERSION_3</version>
      <pageSize>10</pageSize>
      <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
      <tlsActivated>false</tlsActivated>
      <binaryAttributes>
                <string>userCertificate</string>
      </binaryAttributes>
    </ldapConnection>
  </connections>

 <tasks>
    <task>
      <name>adUser</name>
        <bean>org.lsc.beans.SimpleBean</bean>
      <ldapSourceService>
        <name>AD-source-service</name>
        <connection reference="AD-source" />
        <baseDn>dc=exemple,dc=fr</baseDn>
        <pivotAttributes>
          <string>objectsid</string>
        </pivotAttributes>
        <fetchedAttributes>
          <string>cn</string>
          <string>givenName</string>
          <string>mail</string>
          <string>sn</string>
          <string>objectsid</string>
          <string>sAMAccountName</string>
        </fetchedAttributes>
<!--       <getAllFilter><![CDATA[(objectClass=user)]]></getAllFilter> -->

<getAllFilter><![CDATA[(&(objectClass=user)(objectsid=S-1-5-21-2033335246-1371690437-1718223645-64493))]]></getAllFilter>

<getOneFilter><![CDATA[(&(objectClass=user)(objectsid={objectsid}))]]></getOneFilter>

<cleanFilter><![CDATA[(&(objectClass=user)(objectsid={userCertificate}))]]></cleanFilter>
      </ldapSourceService>

      <ldapDestinationService>
        <name>openldap-dst-service</name>
        <connection reference="openldap-destination" />
        <baseDn>ou=users,dc=test,dc=fr</baseDn>
        <pivotAttributes>
          <string>userCertificate</string>
        </pivotAttributes>
        <fetchedAttributes>
          <string>cn</string>
          <string>givenName</string>
          <string>mail</string>
          <string>sn</string>
          <string>uid</string>
          <string>userCertificate</string>
          <string>objectclass</string>
          <string>mailHost</string>
          <string>mailLocalAddress</string>
          <string>userPassword</string>
        </fetchedAttributes>
        <getAllFilter><![CDATA[(objectClass=inetOrgPerson)]]></getAllFilter>

<getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(userCertificate={objectsid}))]]></getOneFilter>
      </ldapDestinationService>
  <propertiesBasedSyncOptions>
    <mainIdentifier>"uid=" +
srcBean.getDatasetFirstValueById("sAMAccountName") +
",ou=users,dc=test,dc=fr"</mainIdentifier>
    <defaultDelimiter>;</defaultDelimiter>
    <defaultPolicy>FORCE</defaultPolicy>
    <conditions>
      <create>true</create>
      <update>true</update>
      <delete>true</delete>
      <changeId>true</changeId>
    </conditions>
    <dataset>
      <name>objectclass</name>
      <policy>KEEP</policy>
      <createValues>
        <string>"inetOrgPerson"</string>
        <string>"organizationalPerson"</string>
        <string>"inetLocalMailRecipient"</string>
        <string>"person"</string>
        <string>"top"</string>
      </createValues>
    </dataset>
    <dataset>
     <name>uid</name>
     <policy>KEEP</policy>
     <createValues>
      <string>srcBean.getDatasetFirstValueById("sAMAccountName")</string>
     </createValues>
    </dataset>
    <dataset>
     <name>userCertificate</name>
     <policy>KEEP</policy>
     <createValues>
      <string>srcBean.getDatasetFirstValueById("objectsid")</string>
     </createValues>
     <delimiter></delimiter>
    </dataset>
      <!-- userPassword -->
    <dataset>
     <name>userPassword</name>
     <policy>FORCE</policy>
     <createValues>
      <string>"{SASL}" + srcBean.getDatasetFirstValueById("sAMAccountName")
+ "@exemple.fr"</string>
     </createValues>
    </dataset>
    <dataset>
     <name>mailhost</name>
     <policy>FORCE</policy>
     <createValues>
      <string>"127.0.0.1"</string>
     </createValues>
    </dataset>
   </propertiesBasedSyncOptions>

  </task>
 </tasks>
</lsc>

With this config i always have this message
: javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error
code 17 - userCertificate: requires ;binary transfer];

If someone have an idea i will really appreciate :p

Thanks

2015-08-27 15:59 GMT+02:00 Clément OUDOT <[email protected]
>:

>
>
> Le 27/08/2015 15:50, Armando Martins a écrit :
>
>> I think i've found something. The userSMIMECertificate not seems to be a
>> binary attribute so i've replaced it by userCertificate attribute. But now
>> i've this error :
>>
>> javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error
>> code 17 - userCertificate: requires ;binary transfer];
>>
>> How can i do a binary transfer of the value in the attribute?
>>
>>
> It should be done by LSC if userCertificate is declared as binary
> attribute...
>
>
> --
> Clément OUDOT
> Consultant en logiciels libres, Expert infrastructure et sécurité
> Savoir-faire Linux
> 87, rue de Turbigo - 75003 PARIS
>
> _______________________________________________________________
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>
> lsc-users mailing list
> [email protected]
> http://lists.lsc-project.org/listinfo/lsc-users
>



-- 
Armando Martins

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Re: [lsc-users] binary attribute objectsid as pivot attribute problem

Reply via email to