2015-11-29 18:08 GMT+01:00 Jehan Procaccia <[email protected]>:

> Hello
>
> I am setting up en openldap to openldap sync with lsc-2.1.3-0.el5.noarch
> source of sync will be a dozen of institutes ldap directories to a central
> one merging all of them in sub OUs .
> I am facing an initial pb when want to pull from one openldap only
> interorgPerson attribute (white pages usage; sn, cn, mail,
> departmentNumber, employeetype, telephoneNumber)
> because the source contains many other objectclass (posixaccount, samba,
> shacUser, spann ...) , whever I run the 1st initial sync I get ERRORs like
> this
>
> ERROR - Error while adding entry cn=Antoine
> MARTIN,ou=evry,ou=people,dc=mines-telecom,dc=fr in directory
> :javax.naming.directory.SchemaViolationException: [LDAP: error code 65 -
> object class 'sambaSamAccount' requires attribute 'sambaSID']; remaining
> name 'cn=Antoine MATIN,ou=evry,ou=people'
>
> How can I tell lsc to not sync sambaSamAccount objectclass and related
> attributes (and others objecclass  that exists in the source as
> posixAccount, etc ...).
>
> Thanks .
>
> PS: related task in my lsc.xml
>
> <task>
>       <name>user</name>
>       <bean>org.lsc.beans.SimpleBean</bean>
>        <ldapSourceService>
>         <name>user-source-service</name>
>         <connection reference="tem-tsp" />
>         <baseDn>ou=people,dc=int-evry,dc=fr</baseDn>
>         <pivotAttributes>
>           <string>cn</string>
>         </pivotAttributes>
>         <fetchedAttributes>
>           <string>cn</string>
>           <string>objectClass</string>
>           <string>mail</string>
>           <string>sn</string>
>           <string>departmentNumber</string>
>           <string>employeeType</string>
>           <string>givenName</string>
>           <string>telephoneNumber</string>
>
> <getAllFilter><![CDATA[(&(cn=*)(objectClass=inetOrgPerson)(uid=martin*))]]></getAllFilter>
>
> <getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(cn={cn}))]]></getOneFilter>
>
> <cleanFilter><![CDATA[(&(objectClass=inetOrgPerson)(cn={cn}))]]></cleanFilter>
>     </ldapSourceService>
>
>
>
>
Hello Jehan,

the best is to create a dataset for objectClass and force the values in
order to set only inetOrgPerson in destination. Remove objectClass
attribute for source fetched attributes and create a dataset like this:


        <dataset>
          <name>objectclass</name>
          <policy>KEEP</policy>
          <createValues>
            <string>"inetOrgPerson"</string>
            <string>"organizationalPerson"</string>
            <string>"person"</string>
            <string>"top"</string>
          </createValues>
        </dataset>




Clément.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to