Ok merci beaucoup Clément! Can you please keep me updated about this issue?
2015-09-03 15:40 GMT+02:00 Clément OUDOT <[email protected] >: > > > Le 03/09/2015 13:37, Armando Martins a écrit : > > Hi Clement, > > i ve just done a test to see if the binary data is transformed by lsc. So > for my test i've run my lsc task to add the user: > > # /usr/local/lsc-2.1.3/bin/lsc -f /usr/local/lsc-2.1.3/etc/lsc/ad2openldap > -s all > > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "uid" is in KEEP status > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Adding attribute "uid" with values > [AMARTESS] > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "mailHost" is in FORCE > status > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Adding attribute "mailHost" with > values [mx.exemple.fr] > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "userPassword" is in > FORCE status > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Adding attribute "userPassword" > with values [{SASL}[email protected]] > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "mail" is in FORCE status > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "mail" will not be > written to the destination > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "givenName" is in FORCE > status > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Adding attribute "givenName" with > values [AMARTEST] > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "mailLocalAddress" is in > FORCE status > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "mailLocalAddress" will > not be written to the destination > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "cn" is in FORCE status > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Adding attribute "cn" with values > [AMARTESS] > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "sn" is in FORCE status > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Adding attribute "sn" with values > [AMARTESSA] > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "binarysid" is in FORCE > status > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Adding attribute "binarysid" with > values [�;2y�U�Qjf��] > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Attribute "objectclass" is in KEEP > status > sept. 03 13:21:17 - DEBUG - In object > "uid=AMARTESS,ou=users,dc=test,dc=fr": Adding attribute "objectclass" with > values [inetOrgPerson, organizationalPerson, inetLocalMailRecipient, > person, top, test64] > sept. 03 13:21:18 - INFO - # Adding new object > uid=AMARTESS,ou=users,dc=test,dc=fr for adUser > # Thu Sep 03 13:21:18 CEST 2015 > dn: uid=AMARTESS,ou=users,dc=test,dc=fr > changetype: add > uid: AMARTESS > mailHost: kusiel.exemple.fr > userPassword: {SASL}[email protected] > givenName: AMARTEST > cn: AMARTESS > sn: AMARTESSA > binarysid:: AQUAAAAAAAUVAAAA77+9OzJ577+9Ve+/vVEdA2pm77+977+9AAA= > objectclass: inetOrgPerson > objectclass: organizationalPerson > objectclass: inetLocalMailRecipient > objectclass: person > objectclass: top > objectclass: test64 > > So the user is added to my ldap, but when i do a search with this query > filter > binarysid="\01\05\00\00\00\00\00\05\15\00\00\00\CE;2y\C5U\C2Q\1D\03jf\ED\FB\00\00" > ther is no result returned: > > slapd[9141]: conn=1027 op=1 SRCH base="dc=test,dc=fr" scope=2 deref=0 > filter="(binarysid=\01\05\00\00\00\00\00\05\15\00\00\00\CE;2y\C5U\C2Q\1D\03jf\ED\FB\00\00)" > slapd[9141]: conn=1027 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= > > Now i've taken the value of the base64 encoded objectsid of my active > directory, and i've added the data to my binarysid attribute with > ldapmodify. Here is the ldif file: > > dn: uid=AMARTESS,ou=users,dc=test,dc=fr > changetype: modify > replace: binarysid > binarysid:: AQUAAAAAAAUVAAAAzjsyecVVwlEdA2pm7fsAAA== > > And now if i do the same query on the binarysid attribute, i've the right > result... > > slapd[9141]: conn=1029 op=1 SRCH base="dc=test,dc=fr" scope=2 deref=0 > filter="(binarysid=\01\05\00\00\00\00\00\05\15\00\00\00\CE;2y\C5U\C2Q\1D\03jf\ED\FB\00\00)" > slapd[9141]: conn=1029 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= > > > objectsid is declared as a binary attribute in my ldap source connection > and binarysid is also declared as binary attribute in my ldap dest service. > > I know i'm missing something, but i can't see what... > > > Hi Armando, > > So I set up a test platform with AD and OpenLDAP to reproduce your > configuration. And I indeed reproduce the same issue with LSC 2.1.3 and > with the trunk (LSC 2.2) : the binary value is not well written when the > entry is created in OpenLDAP so then LSC is unable to find the entry with a > search. > > If I do like you, copying the binary value from AD to OpenLDAP outside of > LSC, then LSC can find the entry because the filter is correct. > > So it seems we have a bug here, or we miss an option to tell LSC not to > mess the binary value in the dataset. > > > -- > Clément OUDOT > Consultant en logiciels libres, Expert infrastructure et sécurité > Savoir-faire Linux > 87, rue de Turbigo - 75003 PARIS > > > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] > http://lists.lsc-project.org/listinfo/lsc-users > -- Armando Martins
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
