Le 20/01/2016 04:30, Gmail a écrit :
hi, I have the following request to sync ad structure recursively.
the ad look like:
ou=A
|-- ou= B
|— = BC
|—ou = D
|— ou= F
|— ou= BC
how can I sync them to my openldap and keep their structure same with AD?
there are 2 problems I meet:
1: OU attribute is not unique, so I have to use objectGUID as the
pivot attribute. e.g :
<getAllFilter><![CDATA[(&(objectClass=organizationalUnit))]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=organizationalUnit)(objectGUID={objectGUID}))]]></getOneFilter>
2:I don’t know how to add ou entry recursively? I seem that there are
alway have a sequence to add those entry? I try to set the
mainIdentifier as something like.
<mainIdentifier><![CDATA[srcBean.getMainIdentifier().substring(0,srcBean.getMainIdentifier().lastIndexOf(“DC=adtest,DC=cn"))
+ "ou=Account,dc=adtest,dc=com"]]></mainIdentifier>
but it seem sync those entry randomly? a sub entry add before a parent
entry added?
I try to set the sortedBy attribute in ldapconection, such as:
<sortedBy>dn</sortedBy>
but this cannot work, I get such a error:
ERROR - javax.naming.OperationNotSupportedException: [LDAP: error code
12 - 00000057: LdapErr: DSID-0C090753, comment: Error processing
control, data 0, v1db1]; remaining name 'ou=_ZHKS(????)’
any suggestion? guys?
Hello,
LSC is clearly not the best tool to do tree synchronization. This will
work better in release 2.2 (not published yet) thanks to
pivotTransformation: http://tools.lsc-project.org/issues/756#note-2
For the moment, you can just run LSC several times to be sure all parent
nodes are created before child nodes.
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
