Hi Clement, Daniela, @Clement: thanks for the LSC explanation @Daniela: the DACS plugin is forcing the user password plugin activation if it is not already activated. Because the following part of the discussion will be linked to the product itself, may I kindly suggest to request your Morpho support list with myslef in CC ?
Kind regards, Sebastien 2015-10-16 12:37 GMT+02:00 Clément OUDOT <[email protected] >: > > > Le 15/10/2015 16:33, MICH, DANIELA (DANIELA) a écrit : > > Hi, > > I am using LSC to provision users to DACS/DVS from an external LDAP. In > LSC config file userPassword is set to > *ALWAYS-ENABLE-PASSWORD-AUTHENTICATION**:* > > <dataset> > <!-- This dataset ensure that the > password authentication factor will always be activated on DACS --> > <name>*userPassword*</name> > <policy>*FORCE*</policy> > <forceValues> > <string> > *"ALWAYS-ENABLE-PASSWORD-AUTHENTICATION"*</string> > </forceValues> > </dataset> > > All users are correctly added/modified in DACS and DVS, but some users are > being deactivated in DACS once LSC finishes its task. > For example these 2 users (julienuser and dmi_test): givenName of both > users were updated in DACS, but julienuser was deactivated, while dmi_test > remains activated. The only difference I notice in the log file is that > *userPassword: > ALWAYS-ENABLE-PASSWORD-AUTHENTICATION* is missing from julienuser > > Oct 15 15:42:23 - INFO - # Updating object uid=julienuser,ou=users,ou= > smartland.gov,dc=e-gep,dc=com for SyncToDacs > # Thu Oct 15 15:42:23 CEST 2015 > dn: uid=julienuser,ou=users,ou=smartland.gov,dc=e-gep,dc=com > changetype: modify > replace: givenName > givenName: JulienU > - > delete: modifyTimestamp > - > > > Oct 15 15:42:24 - INFO - # Updating object > uid=dmi_test,ou=users,ou=GCAtenancy.com,dc=e-gep,dc=com for SyncToDacs > # Thu Oct 15 15:42:24 CEST 2015 > dn: uid=dmi_test,ou=users,ou=GCAtenancy.com,dc=e-gep,dc=com > changetype: modify > replace: userPassword > *userPassword: ALWAYS-ENABLE-PASSWORD-AUTHENTICATION* > - > replace: givenName > givenName: ABC > - > delete: modifyTimestamp > - > > Please find attached lsc.xml and the complete log file > Any ideas how can I bypass this issue? > > > > Hello Daniela, > > looking to the logs, LSC just force > "ALWAYS-ENABLE-PASSWORD-AUTHENTICATION" in entry if the value does not > exist. If it exist, LSC detects it and do not try to replace it. the > "FORCE" in LSC does not means LSC will write the attribute each time, but > that it will replace it if the value is not the same as the one configured > in LSC. > > As I don't know the DACS plugin, I can't say why the account is > desactivated. You should ask this to someone working for Dictao. > > -- > Clément OUDOT > Consultant en logiciels libres, Expert infrastructure et sécurité > Savoir-faire Linux > > > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] > http://lists.lsc-project.org/listinfo/lsc-users >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
