Le 29/11/2015 18:14, Clément OUDOT a écrit :
2015-11-29 18:08 GMT+01:00 Jehan Procaccia <[email protected]
<mailto:[email protected]>>:
Hello
I am setting up en openldap to openldap sync with
lsc-2.1.3-0.el5.noarch
source of sync will be a dozen of institutes ldap directories to a
central one merging all of them in sub OUs .
I am facing an initial pb when want to pull from one openldap only
interorgPerson attribute (white pages usage; sn, cn, mail,
departmentNumber, employeetype, telephoneNumber)
because the source contains many other objectclass (posixaccount,
samba, shacUser, spann ...) , whever I run the 1st initial sync I
get ERRORs like this
ERROR - Error while adding entry cn=Antoine
MARTIN,ou=evry,ou=people,dc=mines-telecom,dc=fr in directory
:javax.naming.directory.SchemaViolationException: [LDAP: error
code 65 - object class 'sambaSamAccount' requires attribute
'sambaSID']; remaining name 'cn=Antoine MATIN,ou=evry,ou=people'
How can I tell lsc to not sync sambaSamAccount objectclass and
related attributes (and others objecclass that exists in the
source as posixAccount, etc ...).
Thanks .
PS: related task in my lsc.xml
<task>
<name>user</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>user-source-service</name>
<connection reference="tem-tsp" />
<baseDn>ou=people,dc=int-evry,dc=fr</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>objectClass</string>
<string>mail</string>
<string>sn</string>
<string>departmentNumber</string>
<string>employeeType</string>
<string>givenName</string>
<string>telephoneNumber</string>
<getAllFilter><![CDATA[(&(cn=*)(objectClass=inetOrgPerson)(uid=martin*))]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(cn={cn}))]]></getOneFilter>
<cleanFilter><![CDATA[(&(objectClass=inetOrgPerson)(cn={cn}))]]></cleanFilter>
</ldapSourceService>
Hello Jehan,
the best is to create a dataset for objectClass and force the values
in order to set only inetOrgPerson in destination. Remove objectClass
attribute for source fetched attributes and create a dataset like this:
<dataset>
<name>objectclass</name>
<policy>KEEP</policy>
<createValues>
<string>"inetOrgPerson"</string>
<string>"organizationalPerson"</string>
<string>"person"</string>
<string>"top"</string>
</createValues>
</dataset>
Clément.
Hello Clément
Thanks , that works fine with a dataset limited to specific objeclass as
you mention above .
I suspect that we can also rewrite on the fly attributes values that we
would want to be unified on the merge directories ?
for example if daprtmentNumber contains "MCI" in on ldap source and
"INFO" in an another, and I want the merge directory to replace those
values to a common syntax " DSI" for those values
is it also a dataset to do set ?
is this the corresponding doc
http://lsc-project.org/wiki/documentation/2.0/configuration/syncoptions
I cannot find a sample config that do this kind of rewrite .
Thanks .
PS: I document my config and deployement online at :
https://www-public.tem-tsp.eu/~procacci/dok/doku.php?id=docpublic:systemes:ldap:ldap_lsc&#scenario_ldap_to_ldap
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
