Le 27/08/2015 16:09, Armando Martins a écrit :
that's what i have done.... I'm a little bit lost so their is my full
config file.
<!-- Definition Source Active directory -->
<ldapConnection>
<name>AD-source</name>
<url>ldap://ad.exemple.fr:389/dc=exemple,dc=fr
<http://ad.exemple.fr:389/dc=exemple,dc=fr></url>
<username>cn=readaccount,cn=users,dc=exemple,dc=fr</username>
<password>secret</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>10</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
<binaryAttributes>
<string>objectsid</string>
</binaryAttributes>
</ldapConnection>
<!-- Definition Destination Openldap -->
<ldapConnection>
<name>openldap-destination</name>
<url>ldap://localhost:389/dc=test,dc=fr</url>
<username>cn=root,dc=test,dc=fr</username>
<password>secret</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>10</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
<binaryAttributes>
<string>userCertificate</string>
</binaryAttributes>
</ldapConnection>
</connections>
<tasks>
<task>
<name>adUser</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>AD-source-service</name>
<connection reference="AD-source" />
<baseDn>dc=exemple,dc=fr</baseDn>
<pivotAttributes>
<string>objectsid</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>givenName</string>
<string>mail</string>
<string>sn</string>
<string>objectsid</string>
<string>sAMAccountName</string>
</fetchedAttributes>
<!-- <getAllFilter><![CDATA[(objectClass=user)]]></getAllFilter> -->
<getAllFilter><![CDATA[(&(objectClass=user)(objectsid=S-1-5-21-2033335246-1371690437-1718223645-64493))]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=user)(objectsid={objectsid}))]]></getOneFilter>
<cleanFilter><![CDATA[(&(objectClass=user)(objectsid={userCertificate}))]]></cleanFilter>
</ldapSourceService>
<ldapDestinationService>
<name>openldap-dst-service</name>
<connection reference="openldap-destination" />
<baseDn>ou=users,dc=test,dc=fr</baseDn>
<pivotAttributes>
<string>userCertificate</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>givenName</string>
<string>mail</string>
<string>sn</string>
<string>uid</string>
<string>userCertificate</string>
<string>objectclass</string>
<string>mailHost</string>
<string>mailLocalAddress</string>
<string>userPassword</string>
</fetchedAttributes>
<getAllFilter><![CDATA[(objectClass=inetOrgPerson)]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(userCertificate={objectsid}))]]></getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>"uid=" +
srcBean.getDatasetFirstValueById("sAMAccountName") +
",ou=users,dc=test,dc=fr"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<conditions>
<create>true</create>
<update>true</update>
<delete>true</delete>
<changeId>true</changeId>
</conditions>
<dataset>
<name>objectclass</name>
<policy>KEEP</policy>
<createValues>
<string>"inetOrgPerson"</string>
<string>"organizationalPerson"</string>
<string>"inetLocalMailRecipient"</string>
<string>"person"</string>
<string>"top"</string>
</createValues>
</dataset>
<dataset>
<name>uid</name>
<policy>KEEP</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("sAMAccountName")</string>
</createValues>
</dataset>
<dataset>
<name>userCertificate</name>
<policy>KEEP</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("objectsid")</string>
</createValues>
<delimiter></delimiter>
</dataset>
<!-- userPassword -->
<dataset>
<name>userPassword</name>
<policy>FORCE</policy>
<createValues>
<string>"{SASL}" +
srcBean.getDatasetFirstValueById("sAMAccountName") + "@exemple.fr
<http://exemple.fr>"</string>
</createValues>
</dataset>
<dataset>
<name>mailhost</name>
<policy>FORCE</policy>
<createValues>
<string>"127.0.0.1"</string>
</createValues>
</dataset>
</propertiesBasedSyncOptions>
</task>
</tasks>
</lsc>
With this config i always have this message
: javax.naming.directory.InvalidAttributeIdentifierException: [LDAP:
error code 17 - userCertificate: requires ;binary transfer];
If someone have an idea i will really appreciate :p
Well, userCertificate is not a pure binary attribute, its syntax is
1.3.6.1.4.1.1466.115.121.1.8 while binary syntax is
1.3.6.1.4.1.1466.115.121.1.5.
But for me tests, I create an attribute with octet string syntax
(1.3.6.1.4.1.1466.115.121.1.40) because binary syntax has no matching
rule. I am then able to use this attribute to store the binary value of
objectSid.
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
