Re: [lsc-users] Update group memberships

[Clément OUDOT]

Le 26/01/2016 11:32, Petr Spurny a écrit :
Hello all,

I am quite new to the LSC but I really appreciate your effort – tho 
product is excellent and we were able to use it in our integration 
projects, thanks!
I am having a problem with a group membership synchronization – 
everything is working ok for the first run.
But every since after that the LSC is trying to add user groups and 
their members again – LDAP operation is add – I am expecting to do 
nothing or just update the member attributes.
Could someone please take a look at my configuration if I am not doing 
some simple mistake?

Thanks in advance:

<task>
<name>Sync_Hosel2Slave_Groups</name>
<bean>org.lsc.beans.SimpleBean</bean>
 <ldapSourceService>
<name>Sync_Hosel2Slave_Groups-SourceHoselServer</name>
<connection reference="Connection_HoselServer" />
<baseDn>ou=roles,dc=homecredit,dc=in</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>uniqueMember</string>
</fetchedAttributes>
<getAllFilter><![CDATA[(cn=mdm*)]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=groupOfUniqueNames)(cn={cn}))]]></getOneFilter>
<cleanFilter><![CDATA[(&(objectClass=groupOfUniqueNames)(cn={cn}))]]></cleanFilter>
</ldapSourceService>
<ldapDestinationService>
<name>Sync_Hosel2Slave_Groups-DestinationSlaveServer</name>
<connection reference="Connection_SlaveServer" />
<baseDn>ou=groups,ou=hosel,ou=source,ou=ldap,dc=homecredit,dc=in</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>member</string>
<string>objectClass</string>
</fetchedAttributes>
<getAllFilter><![CDATA[(cn=mdm*)]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=groupOfUniqueNames)(cn={cn}))]]></getOneFilter>
</ldapDestinationService>
 <propertiesBasedSyncOptions>
<mainIdentifier>js:"cn=" + srcBean.getDatasetFirstValueById("cn") + 
",ou=groups,ou=hosel,ou=source,ou=ldap,dc=homecredit,dc=in"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>MERGE</defaultPolicy>
<conditions>
<create>true</create>
<update>true</update>
<delete>true</delete>
<changeId>true</changeId>
</conditions>
<dataset>
<name>objectclass</name>
<policy>FORCE</policy>
<forceValues>
<string>"groupOfNames"</string>
<string>"top"</string>
</forceValues>
</dataset>
<dataset>
 <name>member</name>
 <policy>FORCE</policy>
 <forceValues>
 <string>
 <![CDATA[js:
  var membersSrcDn = srcBean.getDatasetValuesById("uniqueMember");
  var membersDstDn = new java.util.ArrayList();
  for (var i=0; i<membersSrcDn.size(); i++) {
          var memberSrcDn = membersSrcDn.get(i);
          var uid = "";
          try {
                  uid = srcLdap.attribute(memberSrcDn, "uid").get(0);
          } catch(e) {
                  continue;
          }
          var destDn = 
ldap.search("ou=users,ou=hosel,ou=source,ou=ldap", "(uid=" + uid + ")");
          if (destDn.size() == 0 || destDn.size() > 1) {
                  continue;
          }
          var destMemberDn = destDn.get(0) + "," +  ldap.getContextDn();
          membersDstDn.add(destMemberDn);
  }
  if (membersSrcDn.size() <= 0) membersDstDn.add("cn=placeholder");
  membersDstDn
 ]]>
 </string>
 </forceValues>
</dataset>
 </propertiesBasedSyncOptions>
 </task>





Hello Petr,

seems the getOneFilter in your destination service is false. You should 
use objectClass groupOfNames instead groupOfUniqueNames.

--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users