Re: [lsc-users] LSC sync to DACS

Fri, 16 Oct 2015 03:38:15 -0700 


Le 15/10/2015 16:33, MICH, DANIELA (DANIELA) a écrit :

Hi,

I am using LSC to provision users to DACS/DVS from an external LDAP. 
In LSC config file userPassword is set to 
*ALWAYS-ENABLE-PASSWORD-AUTHENTICATION**:*

<dataset>

<!-- This dataset ensure that the password authentication factor will 
always be activated on DACS -->

<name>*userPassword*</name>
<policy>*FORCE*</policy>
<forceValues>
<string>*"ALWAYS-ENABLE-PASSWORD-AUTHENTICATION"*</string>
</forceValues>
</dataset>

All users are correctly added/modified in DACS and DVS, but some users 
are being deactivated in DACS once LSC finishes its task.
For example these 2 users (julienuserand dmi_test): givenName of both 
users were updated in DACS, but julienuser was deactivated, while 
dmi_test remains activated. The only difference I notice in the log 
file is that *userPassword: ALWAYS-ENABLE-PASSWORD-AUTHENTICATION***is 
missing from julienuser
Oct 15 15:42:23 - INFO  - # Updating object 
uid=julienuser,ou=users,ou=smartland.gov,dc=e-gep,dc=com for SyncToDacs

# Thu Oct 15 15:42:23 CEST 2015
dn: uid=julienuser,ou=users,ou=smartland.gov,dc=e-gep,dc=com
changetype: modify
replace: givenName
givenName: JulienU
-
delete: modifyTimestamp
-

Oct 15 15:42:24 - INFO  - # Updating object 
uid=dmi_test,ou=users,ou=GCAtenancy.com,dc=e-gep,dc=com for SyncToDacs

# Thu Oct 15 15:42:24 CEST 2015
dn: uid=dmi_test,ou=users,ou=GCAtenancy.com,dc=e-gep,dc=com
changetype: modify
replace: userPassword
*userPassword: ALWAYS-ENABLE-PASSWORD-AUTHENTICATION*
-
replace: givenName
givenName: ABC
-
delete: modifyTimestamp
-
Please find attached lsc.xml and the complete log file
Any ideas how can I bypass this issue?



Hello Daniela,


looking to the logs, LSC just force 
"ALWAYS-ENABLE-PASSWORD-AUTHENTICATION" in entry if the value does not 
exist. If it exist, LSC detects it and do not try to replace it. the 
"FORCE" in LSC does not means LSC will write the attribute each time, 
but that it will replace it if the value is not the same as the one 
configured in LSC.



As I don't know the DACS plugin, I can't say why the account is 
desactivated. You should ask this to someone working for Dictao.


--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux


_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users





















					Reply via email to