Hi Clément, Please check the configuration files, we have work in 3 files, for users, groups and organizational units:
USERS >>>> <?xml version="1.0"?> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0"> <!-- CONNECTIONS --> <connections> <!-- DESTINATION CONNECTION--> <ldapConnection> <name>dst-ldap</name> <url>ldap://localhost:389/dc=example,dc=com</url> <username>uid=admin,ou=system</username> <password>PASSWORD</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>-1</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> </ldapConnection> <!-- SOURCE CONNECTION --> <ldapConnection> <name>src-ad</name> <url>ldap://DCSERVER:389/dc=CLIENT,dc=COM</url> <username>ADMIN</username> <password>PASSWORD</password> <authentication>SIMPLE</authentication> <pageSize>1000</pageSize> </ldapConnection> </connections> <!-- AUDITS --> <audits/> <!-- TASKS --> <tasks> <!-- TASK READ CNs --> <task> <name>TASK-AD2OLDAP-CNs</name> <bean>org.lsc.beans.SimpleBean</bean> <!-- TASK READ CNs SOURCE --> <ldapSourceService> <name>TASK-READ-CNs-SOURCE</name> <connection reference="src-ad"/> <baseDn>ou=EXAMPLEOU,dc=CLIENT,dc=COM</baseDn> <pivotAttributes> <string>userPrincipalName</string> </pivotAttributes> <fetchedAttributes> <string>cn</string> <string>sn</string> <string>ou</string> <string>givenName</string> <string>mail</string> <string>sAMAccountName</string> <string>userPrincipalName</string> </fetchedAttributes> <getAllFilter>(&(objectClass=user))</getAllFilter> <getOneFilter>(&(userPrincipalName={userPrincipalName})(objectClass=user))</getOneFilter> <cleanFilter>(&(userPrincipalName={userPrincipalName})(objectClass=user))</cleanFilter> <interval>6</interval> </ldapSourceService> <!-- TASK WRITE CNs DESTINATION --> <ldapDestinationService> <name>TASK-WRITE-CNs-DESTINATION</name> <connection reference="dst-ldap"/> <baseDn>dc=example,dc=com</baseDn> <pivotAttributes> <string>uid</string> </pivotAttributes> <fetchedAttributes> <string>dn</string> <string>sn</string> <string>cn</string> <string>ou</string> <string>uid</string> <string>givenName</string> <string>ObjectClass</string> <string>userPassword</string> </fetchedAttributes> <getAllFilter>(&(uid=*)(objectClass=inetOrgPerson))</getAllFilter> <getOneFilter>(&(objectClass=inetOrgPerson)(sAMAccountName={sAMAccountName}))</getOneFilter> </ldapDestinationService> <!-- PROPERTIES BASED SYNC --> <propertiesBasedSyncOptions> <mainIdentifier>"uid=" + srcBean.getDatasetFirstValueById("sAMAccountName") + srcBean.getDatasetFirstValueById("ou") + ",ou=EXAMPLEOU,dc=example,dc=com"</mainIdentifier> <defaultDelimiter>;</defaultDelimiter> <defaultPolicy>FORCE</defaultPolicy> <!-- DATASETs --> <dataset> <name>objectClass</name> <policy>FORCE</policy> <createValues> <string>"top"</string> <string>"person"</string> <string>"organizationalPerson"</string> <string>"inetOrgPerson"</string> </createValues> </dataset> <dataset> <name>uid</name> <policy>FORCE</policy> <createValues> <string>srcBean.getDatasetFirstValueById("sAMAccountName")</string> </createValues> </dataset> <dataset> <name>givenName</name> <policy>FORCE</policy> <createValues> <string>srcBean.getDatasetFirstValueById("givenName")</string> </createValues> </dataset> <dataset> <name>sn</name> <policy>FORCE</policy> <createValues> <string>srcBean.getDatasetFirstValueById("sn") + " "</string> </createValues> </dataset> <dataset> <name>cn</name> <policy>FORCE</policy> <createValues> <string>srcBean.getDatasetFirstValueById("cn")</string> </createValues> </dataset> <dataset> <name>ou</name> <policy>FORCE</policy> <createValues> <string>srcBean.getDatasetFirstValueById("ou")</string> </createValues> </dataset> <dataset> <name>userPassword</name> <policy>FORCE</policy> <createValues> <string>"{SASL}" + srcBean.getDatasetFirstValueById("sAMAccountName") + "@CLIENT.COM"</string> </createValues> </dataset> </propertiesBasedSyncOptions> </task> </tasks> </lsc> GROUPS >>>>>>> <?xml version="1.0"?> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0"> <!-- CONNECTIONS --> <connections> <!-- DESTINATION CONNECTION--> <ldapConnection> <name>dst-ldap</name> <url>ldap://localhost:389/dc=example,dc=com</url> <username>uid=admin,ou=system</username> <password>PASSWORD</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>-1</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> </ldapConnection> <!-- SOURCE CONNECTION --> <ldapConnection> <name>src-ad</name> <url>ldap://DCSERVER:389/dc=CLIENT,dc=COM</url> <username>ADMIN</username> <password>PASSWORD</password> <authentication>SIMPLE</authentication> <pageSize>1000</pageSize> </ldapConnection> </connections> <!-- AUDITS --> <audits/> <!-- TASKS --> <tasks> <!-- TASK READ GROUPS --> <task> <name>TASK-AD2OLDAP-GROUPs</name> <bean>org.lsc.beans.SimpleBean</bean> <!-- TASK READ GROUPs SOURCE --> <ldapSourceService> <name>TASK-READ-GROUPs-SOURCE</name> <connection reference="src-ad"/> <baseDn>dc=CLIENT,dc=COM</baseDn> <pivotAttributes> <string>cn</string> </pivotAttributes> <fetchedAttributes> <string>cn</string> <string>member</string> </fetchedAttributes> <getAllFilter>(&(objectClass=group)(member=*)(|(cn=cn*)))</getAllFilter> <getOneFilter>(&(objectClass=group)(cn={cn}))</getOneFilter> <cleanFilter>(&(objectClass=group)(cn={cn}))</cleanFilter> <interval>100</interval> </ldapSourceService> <!-- TASK WRITE GROUPs DESTINATION --> <ldapDestinationService> <name>TASK-WRITE-GROUPs-DESTINATION</name> <connection reference="dst-ldap"/> <baseDn>dc=example,dc=com</baseDn> <pivotAttributes> <string>cn</string> </pivotAttributes> <fetchedAttributes> <string>cn</string> <string>member</string> <string>objectClass</string> </fetchedAttributes> <getAllFilter>(objectClass=groupOfNames)</getAllFilter> <getOneFilter>(&(objectClass=groupOfNames)(cn={cn}))</getOneFilter> </ldapDestinationService> <propertiesBasedSyncOptions> <mainIdentifier>"cn=" + srcBean.getDatasetValuesById("cn") + ",ou=EXAMPLEOU,dc=example,dc=com"</mainIdentifier> <defaultDelimiter>;</defaultDelimiter> <defaultPolicy>FORCE</defaultPolicy> <dataset> <name>objectClass</name> <policy>FORCE</policy> <forceValues> <string>"groupOfNames"</string> <string>"top"</string> </forceValues> <delimiter>$</delimiter> </dataset> <dataset> <name>default</name> <policy>FORCE</policy> </dataset> </propertiesBasedSyncOptions> </task> </tasks> </lsc> Organizational Units >>>>>> <?xml version="1.0"?> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0"> <!-- CONNECTIONS --> <connections> <!-- DESTINATION CONNECTION--> <ldapConnection> <name>dst-ldap</name> <url>ldap://localhost:389/dc=example,dc=com</url> <username>uid=admin,ou=system</username> <password>PASSWORD</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>-1</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> </ldapConnection> <!-- SOURCE CONNECTION --> <ldapConnection> <name>src-ad</name> <url>ldap://DCSERVER:389/dc=CLIENT,dc=COM</url> <username>ADMIN</username> <password>PASSWORD</password> <authentication>SIMPLE</authentication> <pageSize>1000</pageSize> </ldapConnection> </connections> <!-- AUDITS --> <audits/> <!-- TASKS --> <tasks> <task> <name>TASK-AD2OLDAP-OUs</name> <bean>org.lsc.beans.SimpleBean</bean> <!-- TASK READ OUs SOURCE --> <ldapSourceService> <name>TASK-READ-OUs-SOURCE</name> <connection reference="src-ad"/> <baseDn>ou=EXAMPLEOU,dc=CLIENT,dc=COM</baseDn> <pivotAttributes> <string>ou</string> </pivotAttributes> <fetchedAttributes> <string>ou</string> </fetchedAttributes> <getAllFilter>(&(objectClass=organizationalUnit))</getAllFilter> <getOneFilter>(&(ou={ou})(objectclass=organizationalUnit))</getOneFilter> <cleanFilter>(&(ou={ou})(objectclass=organizationalUnit))</cleanFilter> <interval>100</interval> </ldapSourceService> <!-- TASK WRITE OUs DESTINATION --> <ldapDestinationService> <name>TASK-WRITE-OUs-DESTINATION</name> <connection reference="dst-ldap"/> <baseDn>dc=example,dc=com</baseDn> <pivotAttributes> <string>ou</string> </pivotAttributes> <fetchedAttributes> <string>ou</string> <string>objectClass</string> </fetchedAttributes> <getAllFilter>(objectClass=organizationalUnit)</getAllFilter> <getOneFilter>(&(objectClass=organizationalUnit)(ou={ou}))</getOneFilter> </ldapDestinationService> <!-- PROPERTIES BASED SYNC --> <propertiesBasedSyncOptions> <mainIdentifier>"ou=" + srcBean.getDatasetFirstValueById("ou") + ",ou=EXAMPLEOU,dc=example,dc=com"</mainIdentifier> <defaultDelimiter>;</defaultDelimiter> <defaultPolicy>FORCE</defaultPolicy> <!-- DATASETs --> <dataset> <name>objectClass</name> <policy>FORCE</policy> <forceValues> <string>"organizationalUnit"</string> <string>"top"</string> </forceValues> <delimiter>$</delimiter> </dataset> <dataset> <name>default</name> <policy>FORCE</policy> </dataset> </propertiesBasedSyncOptions> </task> </tasks> </lsc> Best regards, Pedro Bagulho *INTEGRITY Portugal* Av. João Crisóstomo, 30 5º 1050-127 | Lisboa* -* Portugal Tel. +351 21 33 03 740 . Mob (+351) 93 529 99 97 www.integrity.pt – www.keepitsecure24.com *INTEGRITY United Kingdom* Suite 4B | 43 Berkeley Square Mayfair, Westminster | London W1J 5FJ - UK 2016-06-06 17:10 GMT+01:00 <[email protected]>: > Send lsc-users mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.lsc-project.org/listinfo/lsc-users > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of lsc-users digest..." > > > Today's Topics: > > 1. Re: lsc-users Digest, Vol 77, Issue 5 (Cl?ment OUDOT) > 2. Re: lsc (Cl?ment OUDOT) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 6 Jun 2016 15:35:26 +0200 > From: Cl?ment OUDOT <[email protected]> > Subject: Re: [lsc-users] lsc-users Digest, Vol 77, Issue 5 > To: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset=windows-1252; format=flowed > > > > Le 06/06/2016 15:21, Pedro Bagulho a ?crit : > > Hi Clement, > > > > Thanks for your email! > > > > We are able to write the OU?s in Open LDAP, the problem is to keep the > > original structure of the Active Directory Organizational Units with > > the rigth users inside them OU. > > Just to mention that we also have OU?s inside OU?s. > > > Did you manage the structure in <mainIdentifier> like I suggested? > > My advice is to build a task that will create/update all OU's, and then > a task that will create/update users. > > > You need to send logs and your configuration files if you want more help. > > > -- > Cl?ment OUDOT > Consultant en logiciels libres, Expert infrastructure et s?curit? > Savoir-faire Linux > 87, rue de Turbigo - 75003 PARIS > Blog: http://sflx.ca/coudot > > > > ------------------------------ > > Message: 2 > Date: Mon, 6 Jun 2016 18:10:23 +0200 > From: Cl?ment OUDOT <[email protected]> > Subject: Re: [lsc-users] lsc > To: "Cazanaru, Florin" <[email protected]> > Cc: "[email protected]" > <[email protected]> > Message-ID: <[email protected]> > Content-Type: text/plain; charset="windows-1252"; Format="flowed" > > > > Le 06/06/2016 15:44, Cazanaru, Florin a ?crit : > > > > Hi Clement, > > > > Hello, > > please answer to the list. > > > > After I put <asyncLdapSourceService> I have an error > > > > Jun 06 14:31:25 - DEBUG - Removing <3, > > org.apache.directory.ldap.client.api.future.SearchFuture> > > > > Jun 06 14:31:25 - DEBUG - Removing <3, > > org.apache.directory.ldap.client.api.future.SearchFuture> > > > > *Jun 06 14:31:25 - ERROR - Synchronization aborted because no source > > object has been found !* > > > > Jun 06 14:31:25 - ERROR - All entries: 2, to modify entries: 0, > > successfully modified entries: 0, errors: 2 > > > > Jun 06 14:31:25 - DEBUG - received a NoD, closing everything > > > > Jun 06 14:31:25 - DEBUG - received a NoD, closing everything > > > > asyncLdapSourceService will not work with AD. Keep the ldapSourceService > and use "lsc -s all -c all" to run your tasks. > > > What I want to achieve is to sync all users from an AD to an ldap, > > what to sync ? Email, user, description, password (password for later > > after I see it is working). > > > > It's up to you to choose which information you need to sync. > > You won't be able to extract password from AD, see > > http://lsc-project.org/wiki/documentation/howto/activedirectory#password_synchronization > > > > My config file is like: > > > > <?xml version="1.0" ?> > > > > <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0"> > > > > <connections> > > > > <ldapConnection> > > > > <name>ldap-live</name> > > > > <url>ldap://1.1.1.1:33389/OU=test,OU=Users,OU=mfz,DC=ITGames,DC=com > </url> > > > > <username>CN=flcaza,OU=test,OU=Users,OU=mfz,DC=ITGames,DC=com</username> > > > > <password>xxxxxxxx</password> > > > > <authentication>SIMPLE</authentication> > > > > <referral>IGNORE</referral> > > > > <derefAliases>NEVER</derefAliases> > > > > <version>VERSION_3</version> > > > > <pageSize>1000</pageSize> > > > > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > > > > <tlsActivated>false</tlsActivated> > > > > </ldapConnection> > > > > <ldapConnection> > > > > <name>ldap-tools</name> > > > > <url>ldap://localhost:389/ou=Users,dc=ITGames,dc=com</url> > > > > <username>cn=flcaza,DC=ITGames,DC=com</username> > > > > <password>QtEfGHwCwLHanhfqd2zarMVTqyMEZhz9Pnf4jkUP</password> > > > > <authentication>SIMPLE</authentication> > > > > <referral>IGNORE</referral> > > > > <derefAliases>NEVER</derefAliases> > > > > <version>VERSION_3</version> > > > > <pageSize>-1</pageSize> > > > > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > > > > <tlsActivated>false</tlsActivated> > > > > </ldapConnection> > > > > </connections> > > > > <tasks> > > > > <task> > > > > <name>MySyncTask</name> > > > > <bean>org.lsc.beans.SimpleBean</bean> > > > > <asyncLdapSourceService> > > > > <!-- <ldapSourceService> --> > > > > <name>MySyncTask-src</name> > > > > <connection reference="ldap-live"/> > > > > <baseDn>OU=test,OU=Users,OU=mfz,DC=ITGames,DC=com</baseDn> > > > > <pivotAttributes> > > > > <string>userPrincipalName</string> > > > > </pivotAttributes> > > > > <fetchedAttributes> > > > > <string>cn</string> > > > > <string>sn</string> > > > > <string>description</string> > > > > <string>givenName</string> > > > > <string>memberOf</string> > > > > <string>sAMAccountName</string> > > > > <string>userPrincipalName</string> > > > > <string>objectClass</string> > > > > </fetchedAttributes> > > > > <!-- > > > > <getAllFilter><![CDATA[(&(userPrincipalName=*)(objectClass=user))]]></getAllFilter> > > > > > <getOneFilter><![CDATA[(&(userPrincipalName=*)(objectClass=user))]]></getOneFilter> > > > > > <cleanFilter><![CDATA[(&(userPrincipalName={userPrincipalName})(objectClass=user))]]></cleanFilter> > > > > --> > > > > <getAllFilter>(objectClass=*)</getAllFilter> > > > > > <getOneFilter><![CDATA[(&(objectClass=person)(uid={userPrincipalName}))]]></getOneFilter> > > > > <serverType>ActiveDirectory</serverType> > > > > <!-- <interval>6</interval> --> > > > > </asyncLdapSourceService> > > > > <!-- </ldapSourceService> --> > > > > <ldapDestinationService> > > > > <name>MySyncTask-dst</name> > > > > <connection reference="ldap-tools"/> > > > > <baseDn>ou=test,ou=Users,dc=ITGames,dc=com</baseDn> > > > > <pivotAttributes> > > > > <string>cn</string> > > > > </pivotAttributes> > > > > <fetchedAttributes> > > > > <string>cn</string> > > > > <string>sn</string> > > > > <string>description</string> > > > > <string>objectClass</string> > > > > <string>givenName</string> > > > > <string>mail</string> > > > > <string>uid</string> > > > > </fetchedAttributes> > > > > <getAllFilter>(objectClass=inetOrgPerson)</getAllFilter> > > > > > <getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(cn={cn}))]]></getOneFilter> > > > > </ldapDestinationService> > > > > <propertiesBasedSyncOptions> > > > > <!-- <mainIdentifier><![CDATA["cn=" + > > srcBean.getDatasetFirstValueById("cn") + > > ",ou=test,ou=Users,dc=ITGames,dc=com"]]></mainIdentifier> --> > > > > <mainIdentifier><![CDATA["cn=" + > > srcBean.getDatasetFirstValueById("cn") + > > ",ou=test,ou=Users,dc=ITGames,dc=com"]]></mainIdentifier> > > > > <!-- > > > <mainIdentifier><![CDATA[srcBean.getDatasetFirstValueById("dn")]]></mainIdentifier> > > --> > > > > <!-- <mainIdentifier>srcBean.getMainIdentifier()</mainIdentifier> --> > > > > <defaultDelimiter>;</defaultDelimiter> > > > > <defaultPolicy>FORCE</defaultPolicy> > > > > <conditions> > > > > <create>true</create> > > > > <update>true</update> > > > > <delete>true</delete> > > > > <changeId>true</changeId> > > > > </conditions> > > > > <dataset> > > > > <name>objectClass</name> > > > > <policy>FORCE</policy> > > > > <forceValues> > > > > <string>"inetOrgPerson"</string> > > > > <string>"organizationalPerson"</string> > > > > <string>"person"</string> > > > > <string>"top"</string> > > > > </forceValues> > > > > <delimiter>,</delimiter> > > > > </dataset> > > > > <!-- <dataset> > > > > <name>sAMAccountName</name> > > > > <policy>FORCE</policy> > > > > <forceValues> > > > > <string>srcBean.getDatasetFirstValueById("uid")</string> > > > > </forceValues> > > > > </dataset> > > > > --> > > > > <dataset> > > > > <name>uid</name> > > > > <policy>FORCE</policy> > > > > <forceValues> > > > > <string>srcBean.getDatasetFirstValueById("cn")</string> > > > > </forceValues> > > > > </dataset> > > > > <dataset> > > > > <name>sn</name> > > > > <policy>FORCE</policy> > > > > <forceValues> > > > > <string>srcBean.getDatasetFirstValueById("cn")</string> > > > > </forceValues> > > > > </dataset> > > > > <dataset> > > > > <name>default</name> > > > > <policy>FORCE</policy> > > > > </dataset> > > > > </propertiesBasedSyncOptions> > > > > </task> > > > > </tasks> > > > > </lsc> > > > > service lsc configtest > > > > lsc: [INFO] Using /etc/default/lsc for configuration > > > > lsc: [INFO] Launching LSC configuration test... > > > > lsc: [OK] LSC configuration test successful > > > > /usr/bin/lsc -s all > > > > -Al lot of lines removed > > > > Jun 06 14:42:03 - DEBUG - Removing <3, > > org.apache.directory.ldap.client.api.future.SearchFuture> > > > > Jun 06 14:42:03 - DEBUG - Removing <3, > > org.apache.directory.ldap.client.api.future.SearchFuture> > > > > *Jun 06 14:42:03 - ERROR - Synchronization aborted because no source > > object has been found !* > > > > Jun 06 14:42:03 - ERROR - All entries: 2, to modify entries: 0, > > successfully modified entries: 0, errors: 2 > > > > Jun 06 14:42:03 - DEBUG - received a NoD, closing everything > > > > Jun 06 14:42:03 - DEBUG - received a NoD, closing everything > > > > Can you give me a hint where is an error in config ? (and please not > > google, I read all pages about this) > > > > Well maybe not all, see : > * http://lsc-project.org/wiki/documentation/latest/basics > * http://lsc-project.org/wiki/documentation/latest/sample > * > > http://lsc-project.org/wiki/documentation/tutorial/openldaptoactivedirectory > > > Do you have an working config for this ? > > > > No but if you read the OpenLDAP -> AD tutorial (see last link) you > should be able to adapt it to do the other way. > > Start by choosing carefully pivotAttributes, getAllFilter and > getOneFilter values, and use this mailing list as often as you need. > > -- > Cl?ment OUDOT > Consultant en logiciels libres, Expert infrastructure et s?curit? > Savoir-faire Linux > 87, rue de Turbigo - 75003 PARIS > Blog: http://sflx.ca/coudot > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://lists.lsc-project.org/pipermail/lsc-users/attachments/20160606/7e738dd4/attachment.htm > > > > ------------------------------ > > _______________________________________________ > lsc-users mailing list > [email protected] > http://lists.lsc-project.org/listinfo/lsc-users > > End of lsc-users Digest, Vol 77, Issue 7 > **************************************** >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
