Re: [lsc-users] lsc

Mon, 06 Jun 2016 09:11:17 -0700 


Le 06/06/2016 15:44, Cazanaru, Florin a écrit :


Hi Clement,



Hello,

please answer to the list.


After I put <asyncLdapSourceService> I have an error


Jun 06 14:31:25 - DEBUG - Removing <3, 
org.apache.directory.ldap.client.api.future.SearchFuture>



Jun 06 14:31:25 - DEBUG - Removing <3, 
org.apache.directory.ldap.client.api.future.SearchFuture>



*Jun 06 14:31:25 - ERROR - Synchronization aborted because no source 
object has been found !*



Jun 06 14:31:25 - ERROR - All entries: 2, to modify entries: 0, 
successfully modified entries: 0, errors: 2


Jun 06 14:31:25 - DEBUG - received a NoD, closing everything

Jun 06 14:31:25 - DEBUG - received a NoD, closing everything




asyncLdapSourceService will not work with AD. Keep the ldapSourceService 
and use "lsc -s all -c all" to run your tasks.



What I want to achieve is to sync all users from an AD to an ldap, 
what to sync ? Email, user, description, password (password for later 
after I see it is working).




It's up to you to choose which information you need to sync.


You won't be able to extract password from AD, see 
http://lsc-project.org/wiki/documentation/howto/activedirectory#password_synchronization




My config file is like:

<?xml version="1.0" ?>

<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0">

<connections>

<ldapConnection>

<name>ldap-live</name>

<url>ldap://1.1.1.1:33389/OU=test,OU=Users,OU=mfz,DC=ITGames,DC=com</url>

<username>CN=flcaza,OU=test,OU=Users,OU=mfz,DC=ITGames,DC=com</username>

<password>xxxxxxxx</password>

<authentication>SIMPLE</authentication>

<referral>IGNORE</referral>

<derefAliases>NEVER</derefAliases>

<version>VERSION_3</version>

<pageSize>1000</pageSize>

      <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>

<tlsActivated>false</tlsActivated>

</ldapConnection>

<ldapConnection>

<name>ldap-tools</name>

<url>ldap://localhost:389/ou=Users,dc=ITGames,dc=com</url>

<username>cn=flcaza,DC=ITGames,DC=com</username>

<password>QtEfGHwCwLHanhfqd2zarMVTqyMEZhz9Pnf4jkUP</password>

<authentication>SIMPLE</authentication>

<referral>IGNORE</referral>

<derefAliases>NEVER</derefAliases>

<version>VERSION_3</version>

<pageSize>-1</pageSize>

<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>

<tlsActivated>false</tlsActivated>

</ldapConnection>

</connections>

  <tasks>

<task>

<name>MySyncTask</name>

<bean>org.lsc.beans.SimpleBean</bean>

<asyncLdapSourceService>

<!-- <ldapSourceService> -->

<name>MySyncTask-src</name>

               <connection reference="ldap-live"/>

<baseDn>OU=test,OU=Users,OU=mfz,DC=ITGames,DC=com</baseDn>

<pivotAttributes>

<string>userPrincipalName</string>

</pivotAttributes>

<fetchedAttributes>

<string>cn</string>

<string>sn</string>

                    <string>description</string>

<string>givenName</string>

<string>memberOf</string>

<string>sAMAccountName</string>

<string>userPrincipalName</string>

<string>objectClass</string>

</fetchedAttributes>


<!-- 
    <getAllFilter><![CDATA[(&(userPrincipalName=*)(objectClass=user))]]></getAllFilter>


<getOneFilter><![CDATA[(&(userPrincipalName=*)(objectClass=user))]]></getOneFilter>

<cleanFilter><![CDATA[(&(userPrincipalName={userPrincipalName})(objectClass=user))]]></cleanFilter>

-->

<getAllFilter>(objectClass=*)</getAllFilter>

<getOneFilter><![CDATA[(&(objectClass=person)(uid={userPrincipalName}))]]></getOneFilter>

<serverType>ActiveDirectory</serverType>

<!-- <interval>6</interval> -->

</asyncLdapSourceService>

<!-- </ldapSourceService> -->

<ldapDestinationService>

<name>MySyncTask-dst</name>

<connection reference="ldap-tools"/>

<baseDn>ou=test,ou=Users,dc=ITGames,dc=com</baseDn>

<pivotAttributes>

<string>cn</string>

</pivotAttributes>

<fetchedAttributes>

<string>cn</string>

<string>sn</string>

<string>description</string>

<string>objectClass</string>

<string>givenName</string>

 <string>mail</string>

<string>uid</string>

</fetchedAttributes>

<getAllFilter>(objectClass=inetOrgPerson)</getAllFilter>

<getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(cn={cn}))]]></getOneFilter>

</ldapDestinationService>

<propertiesBasedSyncOptions>


<!-- <mainIdentifier><![CDATA["cn=" + 
srcBean.getDatasetFirstValueById("cn") + 
",ou=test,ou=Users,dc=ITGames,dc=com"]]></mainIdentifier> -->



<mainIdentifier><![CDATA["cn=" + 
srcBean.getDatasetFirstValueById("cn") + 
",ou=test,ou=Users,dc=ITGames,dc=com"]]></mainIdentifier>



<!-- 
<mainIdentifier><![CDATA[srcBean.getDatasetFirstValueById("dn")]]></mainIdentifier> 
-->


<!-- <mainIdentifier>srcBean.getMainIdentifier()</mainIdentifier> -->

<defaultDelimiter>;</defaultDelimiter>

<defaultPolicy>FORCE</defaultPolicy>

<conditions>

<create>true</create>

<update>true</update>

<delete>true</delete>

<changeId>true</changeId>

</conditions>

<dataset>

<name>objectClass</name>

<policy>FORCE</policy>

<forceValues>

<string>"inetOrgPerson"</string>

<string>"organizationalPerson"</string>

<string>"person"</string>

<string>"top"</string>

</forceValues>

<delimiter>,</delimiter>

</dataset>

<!-- <dataset>

<name>sAMAccountName</name>

<policy>FORCE</policy>

<forceValues>

<string>srcBean.getDatasetFirstValueById("uid")</string>

</forceValues>

</dataset>

-->

<dataset>

<name>uid</name>

             <policy>FORCE</policy>

<forceValues>

<string>srcBean.getDatasetFirstValueById("cn")</string>

</forceValues>

</dataset>

<dataset>

   <name>sn</name>

<policy>FORCE</policy>

<forceValues>

<string>srcBean.getDatasetFirstValueById("cn")</string>

</forceValues>

</dataset>

<dataset>

<name>default</name>

<policy>FORCE</policy>

</dataset>

</propertiesBasedSyncOptions>

</task>

</tasks>

</lsc>

service lsc configtest

lsc: [INFO] Using /etc/default/lsc for configuration

lsc: [INFO] Launching LSC configuration test...

lsc: [OK] LSC configuration test successful

/usr/bin/lsc -s all

-Al lot of lines removed


Jun 06 14:42:03 - DEBUG - Removing <3, 
org.apache.directory.ldap.client.api.future.SearchFuture>



Jun 06 14:42:03 - DEBUG - Removing <3, 
org.apache.directory.ldap.client.api.future.SearchFuture>



*Jun 06 14:42:03 - ERROR - Synchronization aborted because no source 
object has been found !*



Jun 06 14:42:03 - ERROR - All entries: 2, to modify entries: 0, 
successfully modified entries: 0, errors: 2


Jun 06 14:42:03 - DEBUG - received a NoD, closing everything

Jun 06 14:42:03 - DEBUG - received a NoD, closing everything


Can you give me a hint where is an error in config ? (and please not 
google, I read all pages about this)




Well maybe not all, see :
* http://lsc-project.org/wiki/documentation/latest/basics
* http://lsc-project.org/wiki/documentation/latest/sample

* 
http://lsc-project.org/wiki/documentation/tutorial/openldaptoactivedirectory



Do you have an working config for this ?




No but if you read the OpenLDAP -> AD tutorial (see last link) you 
should be able to adapt it to do the other way.



Start by choosing carefully pivotAttributes, getAllFilter and 
getOneFilter values, and use this mailing list as often as you need.


--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS
Blog: http://sflx.ca/coudot


_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users





















					Reply via email to