Hi to all I have a strange situation
Using LSC 2.1 with java 1.7, after a manual run of LSC with /usr/bin/lsc -f /etc/lsc -s all -c all i have always correct result Sep 23 10:20:10 - INFO - Starting sync for Sync_Groups Sep 23 10:20:16 - INFO - All entries: 186, to modify entries: 0, successfully modified entries: 0, errors: 0 Sep 23 10:20:16 - INFO - Starting clean for Sync_Groups Sep 23 10:20:18 - INFO - All entries: 186, to modify entries: 0, successfully modified entries: 0, errors: 0 Sep 23 10:20:18 - INFO - Starting sync for Sync_Users Sep 23 10:20:20 - INFO - All entries: 1013, to modify entries: 0, successfully modified entries: 0, errors: 0 Sep 23 10:20:20 - INFO - Starting clean for Sync_Users Sep 23 10:20:22 - INFO - All entries: 1013, to modify entries: 0, successfully modified entries: 0, errors: 0 All ok!... but when run a LSC service for async and check Sync Group the result with lsc-agent return this result: first check # lsc-agent -s Sync_Groups Sep 23 11:17:08 - INFO - Hostname parameter not specified, using localhost as default value. Sep 23 11:17:08 - INFO - TCP Port parameter not specified, using 1099 as default value. Sep 23 11:17:08 - INFO - Connecting to remote engine on : service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi Sep 23 11:17:08 - INFO - Asynchronous task Sync_Groups is running Sep 23 11:17:08 - INFO - All entries: 55800, to modify entries: 0, successfully modified entries: 0, errors: 0 second check Sep 23 11:17:34 - INFO - Hostname parameter not specified, using localhost as default value. Sep 23 11:17:34 - INFO - TCP Port parameter not specified, using 1099 as default value. Sep 23 11:17:34 - INFO - Connecting to remote engine on : service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi Sep 23 11:17:34 - INFO - Asynchronous task Sync_Groups is running Sep 23 11:17:34 - INFO - All entries: 56181, to modify entries: 0, successfully modified entries: 0, errors: 0 Why?? All entries always increase????? Any idea?? Thanks in advance Best Regards Massimo ----- Here my lsc.xml <?xml version="1.0" ?> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0"> <!-- Configurazione: LSC-Sync-UG (Utenze e Gruppi)--> <connections> <!-- Connections configuration.--> <ldapConnection> <!-- Connection to OpenLDAP. --> <name>ldap-source-conn</name> <url>ldap://localhost:389/dc=lsc-project,dc=org</url> <username>cn=Directory Manager,dc=lsc-project,dc=org</username> <password>secret</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> </ldapConnection> <ldapConnection> <!-- SSL connection to Active Directory. --> <name>ad-dst-conn</name> <url>ldap://adlds.lsc-project.org:389/dc=lsc-project,dc=org</url> <username>cn=LSC,dc=lsc-project,dc=org</username> <password>PassW0RD</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>5000</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> </ldapConnection> </connections> <tasks> <!-- Tasks configuration. --> <task> <!-- Task for synchronize users from OpenLDAP to Active Directory. --> <name>Sync_Users</name> <bean>org.lsc.beans.SimpleBean</bean> <ldapSourceService> <!-- LDAP source service. --> <name>ldap-source-service-1</name> <connection reference="ldap-source-conn" /> <baseDn>ou=People,dc=lsc-project,dc=org</baseDn> <pivotAttributes> <string>uid</string> </pivotAttributes> <fetchedAttributes> <string>uid</string> <string>sn</string> <string>description</string> <string>displayName</string> <string>employeeNumber</string> <string>givenName</string> <string>mail</string> <string>cn</string> </fetchedAttributes> <getAllFilter><![CDATA[(objectClass=inetOrgPerson)]]></getAllFilter> <getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(uid={uid}))]]></getOneFilter> <cleanFilter><![CDATA[(&(objectClass=inetOrgPerson)(uid={sAMAccountName}))]]></cleanFilter> </ldapSourceService> <ldapDestinationService> <!-- LDAP destination service. --> <name>ad-dst-service-1</name> <connection reference="ad-dst-conn" /> <baseDn>cn=Users,dc=lsc-project,dc=org</baseDn> <pivotAttributes> <string>sAMAccountName</string> </pivotAttributes> <fetchedAttributes> <string>uid</string> <string>sn</string> <string>description</string> <string>displayName</string> <string>givenName</string> <string>mail</string> <string>objectclass</string> <string>userPrincipalName</string> <string>sAMAccountName</string> <string>userAccountControl</string> </fetchedAttributes> <getAllFilter><![CDATA[(objectClass=user)]]></getAllFilter> <getOneFilter><![CDATA[(&(objectClass=user)(sAMAccountName={uid}))]]></getOneFilter> </ldapDestinationService> <propertiesBasedSyncOptions> <!-- Synchronization rules. --> <mainIdentifier>"CN=" + srcBean.getDatasetFirstValueById("uid") + ",cn=Users,dc=lsc-project,dc=org"</mainIdentifier> <defaultDelimiter>;</defaultDelimiter> <defaultPolicy>FORCE</defaultPolicy> <conditions> <create>true</create> <update>true</update> <delete>false</delete> <changeId>true</changeId> </conditions> <dataset> <!-- objectClass = user/organizationalPerson/person/top --> <name>objectClass</name> <policy>KEEP</policy> <createValues> <string>"user"</string> <string>"organizationalPerson"</string> <string>"person"</string> <string>"top"</string> </createValues> </dataset> <dataset> <name>sAMAccountName</name> <policy>KEEP</policy> <createValues> <string>srcBean.getDatasetFirstValueById("uid")</string> </createValues> </dataset> <dataset> <!-- userAccountControl = Configuring account like normal and non admin. --> <name>userAccountControl</name> <policy>KEEP</policy> <createValues> <string>AD.userAccountControlSet("0", [AD.UAC_SET_PASSWD_NOTREQD, AD.UAC_SET_NORMAL_ACCOUNT])</string> </createValues> </dataset> <dataset> <name>userPrincipalName</name> <policy>KEEP</policy> <createValues> <string>srcBean.getDatasetFirstValueById("uid") + "@lsc-project.org"</string> </createValues> </dataset> </propertiesBasedSyncOptions> </task> <task> <!-- Task for synchronize groups from OpenLDAP to Active Directory. --> <name>Sync_Groups</name> <bean>org.lsc.beans.SimpleBean</bean> <asyncLdapSourceService> <name>ldap-source-service-3</name> <connection reference="ldap-source-conn" /> <baseDn>ou=Groups,dc=lsc-project,dc=org</baseDn> <pivotAttributes> <string>cn</string> </pivotAttributes> <fetchedAttributes> <string>cn</string> <string>description</string> <string>member</string> </fetchedAttributes> <getAllFilter><![CDATA[(objectClass=groupOfNames)]]></getAllFilter> <getOneFilter><![CDATA[(&(objectClass=groupOfNames)(cn={cn}))]]></getOneFilter> <cleanFilter><![CDATA[(&(objectClass=groupOfNames)(cn={cn}))]]></cleanFilter> <serverType>OpenLDAP</serverType> </asyncLdapSourceService> <ldapDestinationService> <name>ad-dst-service-3</name> <connection reference="ad-dst-conn" /> <baseDn>ou=Groups,dc=lsc-project,dc=org</baseDn> <pivotAttributes> <string>cn</string> </pivotAttributes> <fetchedAttributes> <string>cn</string> <string>description</string> <string>member</string> <string>objectClass</string> <string>sAMAccountName</string> </fetchedAttributes> <getAllFilter><![CDATA[(objectClass=group)]]></getAllFilter> <getOneFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></getOneFilter> </ldapDestinationService> <propertiesBasedSyncOptions> <!-- Groups Synchronization rules. --> <mainIdentifier>"CN=" + srcBean.getDatasetFirstValueById("cn") + ",ou=Groups,dc=lsc-project,dc=org"</mainIdentifier> <defaultDelimiter>;</defaultDelimiter> <defaultPolicy>FORCE</defaultPolicy> <conditions> <create>true</create> <update>true</update> <delete>true</delete> <changeId>true</changeId> </conditions> <dataset> <!-- objectclass = group/top --> <name>objectclass</name> <policy>KEEP</policy> <createValues> <string>"group"</string> <string>"top"</string> </createValues> </dataset> <dataset> <!-- sAMAccountName = cn --> <name>sAMAccountName</name> <policy>FORCE</policy> <forceValues> <string>srcBean.getDatasetFirstValueById("cn")</string> </forceValues> </dataset> <dataset> <!-- member = "script for group membership" --> <name>member</name> <policy>FORCE</policy> <forceValues> <string> <![CDATA[rjs: var membersSrcDn = srcBean.getDatasetValuesById("member"); var membersDstDn = []; for (var i=0; i<membersSrcDn.size(); i++) { var memberSrcDn = membersSrcDn.get(i); var uid = ""; try { uid = srcLdap.attribute(memberSrcDn, "uid").get(0); } catch(e) { continue; } var destDn = ldap.search("OU=Groups", "(sAMAccountName=" + uid + ")"); if (destDn.size() == 0 || destDn.size() > 1) { continue; } var destMemberDn = destDn.get(0) + "," + ldap.getContextDn(); membersDstDn.push(destMemberDn); } membersDstDn ]]> </string> </forceValues> </dataset> </propertiesBasedSyncOptions> </task> </tasks> <security> <!-- ./encryption This optional node contains the encryption settings --> <encryption> <keyfile>etc/lsc.key</keyfile> <algorithm>AES</algorithm> <strength>128</strength> </encryption> </security> </lsc>
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
