Le 04/10/2016 à 01:36, Elias Pereira a écrit :
Thanks for the answer Clément!
*My group_sync task:*
<task>
<name>sync_groups</name>
<bean>org.lsc.beans.SimpleBean</bean>
<asyncLdapSourceService>
<name>group-source-service</name>
<connection reference="openldap" />
<baseDn>ou=Groups,dc=company,dc=com,dc=br</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>displayName</string>
<string>memberUid</string>
</fetchedAttributes>
<getAllFilter><![CDATA[(objectClass=top)]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=top)(cn={cn}))]]></getOneFilter>
<cleanFilter><![CDATA[(&(objectClass=top)(cn={cn}))]]></cleanFilter>
<serverType>OpenLDAP</serverType>
</asyncLdapSourceService>
<ldapDestinationService>
<name>group-dst-service</name>
<connection reference="AD" />
<baseDn>OU=Groups,dc=company,dc=com,dc=br</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>displayName</string>
<string>member</string>
<string>objectClass</string>
</fetchedAttributes>
<getAllFilter><![CDATA[(objectClass=group)]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>js:"cn=" +
javax.naming.ldap.Rdn.escapeValue(srcBean.getDatasetFirstValueById("cn"))
+ ",OU=Groups,dc=company,dc=com,dc=br"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<conditions>
<create>true</create>
<update>true</update>
<delete>true</delete>
<changeId>true</changeId>
</conditions>
<dataset>
<name>objectclass</name>
<policy>KEEP</policy>
<createValues>
<string>"group"</string>
<string>"top"</string>
</createValues>
</dataset>
<dataset>
<name>member</name>
<policy>KEEP</policy>
<defaultValues>
<string>
<![CDATA[rjs:
var membersSrcDn =
srcBean.getDatasetValuesById("memberUid");
var membersDstDn = [];
for (var i=0; i<membersSrcDn.size(); i++) {
var memberSrcDn = membersSrcDn.get(i);
var uid = "";
try {
uid = srcLdap.attribute(memberSrcDn,
"uid").get(0);
} catch(e) {
continue;
}
var destDn = ldap.search("ou=Groups",
"(sAMAccountName=" + uid + ")");
if (destDn.size() == 0 || destDn.size() > 1) {
continue;
}
var destMemberDn = destDn.get(0) + "," +
ldap.getContextDn();
membersDstDn.push(destMemberDn);
}
membersDstDn
]]>
</string>
</defaultValues>
</dataset>
</propertiesBasedSyncOptions>
</task>
I have the ldap with the old configuration, ie, slapd.conf. Perform
lsc in test mode and apparently normal wheel, but with 2 errors.
out 03 20:24:26 - ERROR - Synchronization aborted because no source
object has been found !
out 03 20:24:27 - ERROR - All entries: 49, to modify entries: 48,
successfully modified entries: 0, errors: 1
There's something wrong in my task?
Hi,
* Why are you using asyncLdapSourceService? You can only use it againts
OpenLDAP if you have syncprov overlay configured. Try to start with
standard ldapSourceService
* (objectClass=top) is not really useful. If you have posixGroup, set
(objectClass=posixGroup) in your source filters
* In the "member" dataset, you set policy to KEEP, which means values
will not be updated if they are not the same between source an destination.
* Still in this dataset, you get values of memberUid in source, which
are simple users uid, not DN, but then you use them as DN, which will
obviously fail.
I think the javascript code is quite clear, try to understand what it
does and adapt it to your needs.
Good luck,
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS
Blog: http://sflx.ca/coudot
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
