Le 03/09/2015 13:37, Armando Martins a écrit :
Hi Clement,
i ve just done a test to see if the binary data is transformed by lsc.
So for my test i've run my lsc task to add the user:
# /usr/local/lsc-2.1.3/bin/lsc -f
/usr/local/lsc-2.1.3/etc/lsc/ad2openldap -s all
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "uid" is in KEEP status
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Adding attribute "uid" with
values [AMARTESS]
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "mailHost" is in
FORCE status
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Adding attribute "mailHost"
with values [mx.exemple.fr <http://mx.exemple.fr>]
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "userPassword" is in
FORCE status
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Adding attribute
"userPassword" with values [{SASL}[email protected]
<mailto:sasl%[email protected]>]
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "mail" is in FORCE
status
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "mail" will not be
written to the destination
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "givenName" is in
FORCE status
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Adding attribute "givenName"
with values [AMARTEST]
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "mailLocalAddress"
is in FORCE status
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "mailLocalAddress"
will not be written to the destination
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "cn" is in FORCE status
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Adding attribute "cn" with
values [AMARTESS]
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "sn" is in FORCE status
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Adding attribute "sn" with
values [AMARTESSA]
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "binarysid" is in
FORCE status
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Adding attribute "binarysid"
with values [�;2y�U�Qjf��]
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "objectclass" is in
KEEP status
sept. 03 13:21:17 - DEBUG - In object
"uid=AMARTESS,ou=users,dc=test,dc=fr": Adding attribute "objectclass"
with values [inetOrgPerson, organizationalPerson,
inetLocalMailRecipient, person, top, test64]
sept. 03 13:21:18 - INFO - # Adding new object
uid=AMARTESS,ou=users,dc=test,dc=fr for adUser
# Thu Sep 03 13:21:18 CEST 2015
dn: uid=AMARTESS,ou=users,dc=test,dc=fr
changetype: add
uid: AMARTESS
mailHost: kusiel.exemple.fr <http://kusiel.exemple.fr>
userPassword: {SASL}[email protected]
<mailto:sasl%[email protected]>
givenName: AMARTEST
cn: AMARTESS
sn: AMARTESSA
binarysid:: AQUAAAAAAAUVAAAA77+9OzJ577+9Ve+/vVEdA2pm77+977+9AAA=
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: inetLocalMailRecipient
objectclass: person
objectclass: top
objectclass: test64
So the user is added to my ldap, but when i do a search with this
query filter
binarysid="\01\05\00\00\00\00\00\05\15\00\00\00\CE;2y\C5U\C2Q\1D\03jf\ED\FB\00\00"
ther is no result returned:
slapd[9141]: conn=1027 op=1 SRCH base="dc=test,dc=fr" scope=2 deref=0
filter="(binarysid=\01\05\00\00\00\00\00\05\15\00\00\00\CE;2y\C5U\C2Q\1D\03jf\ED\FB\00\00)"
slapd[9141]: conn=1027 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Now i've taken the value of the base64 encoded objectsid of my active
directory, and i've added the data to my binarysid attribute with
ldapmodify. Here is the ldif file:
dn: uid=AMARTESS,ou=users,dc=test,dc=fr
changetype: modify
replace: binarysid
binarysid:: AQUAAAAAAAUVAAAAzjsyecVVwlEdA2pm7fsAAA==
And now if i do the same query on the binarysid attribute, i've the
right result...
slapd[9141]: conn=1029 op=1 SRCH base="dc=test,dc=fr" scope=2 deref=0
filter="(binarysid=\01\05\00\00\00\00\00\05\15\00\00\00\CE;2y\C5U\C2Q\1D\03jf\ED\FB\00\00)"
slapd[9141]: conn=1029 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
objectsid is declared as a binary attribute in my ldap source
connection and binarysid is also declared as binary attribute in my
ldap dest service.
I know i'm missing something, but i can't see what...
Hi Armando,
So I set up a test platform with AD and OpenLDAP to reproduce your
configuration. And I indeed reproduce the same issue with LSC 2.1.3 and
with the trunk (LSC 2.2) : the binary value is not well written when the
entry is created in OpenLDAP so then LSC is unable to find the entry
with a search.
If I do like you, copying the binary value from AD to OpenLDAP outside
of LSC, then LSC can find the entry because the filter is correct.
So it seems we have a bug here, or we miss an option to tell LSC not to
mess the binary value in the dataset.
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
