Hi Clément, I've continued with this, this morning. I've made some amendments to the main identifier and now it will run the sync, and on subsequent runs it no longer errors. I am now faced with the following error: "Warning: updating the RDN of the entry will cancel other modifications! Relaunch synchronization to complete update."
It doesn't reflect any changes from AD to openLDAP. Here is the newest XML: <?xml version="1.0" ?> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0"> <connections> <ldapConnection> <name>srcAD</name> <url>ldap://[IP]:389/dc=[DC],dc=local</url> <username>[user]</username> <password>[password]</password> <authentication>SIMPLE</authentication> <pageSize>1000</pageSize> </ldapConnection> <ldapConnection> <name>dstLDAP</name> <url>ldap://localhost:389/dc=example,dc=com</url> <username>cn=admin,dc=example,dc=com</username> <password>[password]</password> <authentication>SIMPLE</authentication> </ldapConnection> </connections> <tasks> <task> <name>adUser</name> <bean>org.lsc.beans.SimpleBean</bean> <ldapSourceService> <name>ad-src-service</name> <connection reference="srcAD" /> <baseDn>cn=Users,dc=[dc],dc=local</baseDn> <pivotAttributes> <string>sAMAccountName</string> </pivotAttributes> <fetchedAttributes> <string>cn</string> <string>description</string> <string>givenName</string> <string>mail</string> <string>pwdLastSet</string> <string>sAMAccountName</string> <string>sn</string> <string>unicodePwd</string> <string>userAccountControl</string> <string>userPrincipalName</string> </fetchedAttributes> <getAllFilter><![CDATA[(objectClass=user)]]></getAllFilter> <getOneFilter><![CDATA[(&(objectClass=user)(sAMAccountName={sAMAccountName}))]]></getOneFilter> <cleanFilter><![CDATA[(&(objectClass=user)(sAMAccountName={sAMAccountName}))]]></cleanFilter> </ldapSourceService> <ldapDestinationService> <name>ldap-dst-service</name> <connection reference="dstldap" /> <baseDn>ou=Unit,dc=example,dc=com</baseDn> <pivotAttributes> <string>uid</string> </pivotAttributes> <fetchedAttributes> <string>cn</string> <string>description</string> <string>givenName</string> <string>mail</string> <string>sn</string> <string>uid</string> <string>userpassword</string> <string>objectClass</string> </fetchedAttributes> <getAllFilter><![CDATA[(objectClass=inetOrgPerson)]]></getAllFilter> <getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(uid={sAMAccountName}))]]></getOneFilter> </ldapDestinationService> <propertiesBasedSyncOptions> <mainIdentifier> "uid=" + srcBean.getDatasetFirstValueById("sAMAccountName") + ",ou=Unit" </mainIdentifier> <defaultDelimiter>;</defaultDelimiter> <defaultPolicy>FORCE</defaultPolicy> <conditions> <create>true</create> <update>true</update> <delete>true</delete> <changeId>true</changeId> </conditions> <dataset> <name>objectclass</name> <policy>KEEP</policy> <createValues> <!--string>"user"</string> <--> <string>"inetOrgPerson</string> <string>"organizationalPerson"</string> <string>"person"</string> <string>"top"</string> </createValues> </dataset> <dataset> <name>sAMAccountName</name> <policy>KEEP</policy> <createValues> <string>srcBean.getDatasetFirstValueById("uid")</string> </createValues> </dataset> <dataset> <!-- userPrincipalName = uid + "@lsc-project.org" --> <name>userPrincipalName</name> <policy>FORCE</policy> <forceValues> <string>srcBean.getDatasetFirstValueById("uid") + "@example.com"</string> </forceValues> </dataset> <dataset> <name>userAccountControl</name> <policy>KEEP</policy> <createValues> <string>AD.userAccountControlSet( "0", [AD.UAC_SET_NORMAL_ACCOUNT])</string> </createValues> </dataset> <dataset> <!-- pwdLastSet = 0 to force user to change password on next connection --> <name>pwdLastSet</name> <policy>KEEP</policy> <createValues> <string>"0"</string> </createValues> </dataset> <dataset> <!-- unicodePwd = "changeit" at creation (requires SSL connection to AD) --> <name>unicodePwd</name> <policy>KEEP</policy> <createValues> <string>AD.getUnicodePwd("changeit")</string> </createValues> </dataset> </propertiesBasedSyncOptions> </task> </tasks> </lsc> *Dan Williams * Google for work Professional T: 01793 391 420 On 13 November 2015 at 16:15, Clément OUDOT < [email protected]> wrote: > > > Le 13/11/2015 15:37, Dan Williams a écrit : > > Hi Clément, > > Sorry, I'm not clear on this. This line: > > <getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)( > uid={uid}))]]></getOneFilter> > > The pivot in the source is sAMAccountName. Should the new line be: > > > <getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(uid={sAMAccountName}))]]></getOneFilter> > or > > <getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(sAMAccountName={uid}))]]></getOneFilter> > or > <getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)( > sAMAccountName={sAMAccountName}))]]></getOneFilter> > > Or another combination I'm missing? > > > > The source pivot (sAMAccountName) should be used to match the destination > pivot (uid) in the filter applied on the destination, so the filter should > be: > > > <getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(uid={sAMAccountName}))]]></getOneFilter> > > > > -- > Clément OUDOT > Consultant en logiciels libres, Expert infrastructure et sécurité > Savoir-faire Linux > > -- Follow us on: <https://plus.google.com/+Appsbroker/> <https://twitter.com/appsbroker> <http://www.linkedin.com/company/appsbroker-consulting-limited/careers?trk=top_nav_careers> Appsbroker Consulting Limited, Registered office: Appsbroker House, The Square, Swindon, SN1 3EB, Company Number: 5702796, VAT Number: GB 876 3533 92, Company registered in England and Wales. ________________________________________ PLEASE NOTE AS RECIPIENT OF THIS EMAIL: Any views or opinions presented are solely those of the author and do not represent those of Appsbroker Consulting Limited. This e-mail is confidential and intended solely for the addressee. If you are not the intended recipient, be advised that you have received this mail in error and that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. Furthermore, if you are not the intended recipient, please email it back to the sender and then immediately permanently delete it.
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
