Hello,
> * Why are you using asyncLdapSourceService? You can only use it againts > OpenLDAP if you have syncprov overlay configured. Try to start with > standard ldapSourceService Fixed! * (objectClass=top) is not really useful. If you have posixGroup, set > (objectClass=posixGroup) in your source filters Fixed! * In the "member" dataset, you set policy to KEEP, which means values will > not be updated if they are not the same between source an destination. Change to "FORCE". * Still in this dataset, you get values of memberUid in source, which are > simple users uid, not DN, but then you use them as DN, which will obviously > fail. What should I put? Looking at the example that in the lsc wiki project, I chose the memberUid because in my base openldap is where informs that member belongs to which group. On Tue, Oct 4, 2016 at 4:58 AM, Clément OUDOT < [email protected]> wrote: > Le 04/10/2016 à 01:36, Elias Pereira a écrit : > > Thanks for the answer Clément! > > *My group_sync task:* > <task> > <name>sync_groups</name> > <bean>org.lsc.beans.SimpleBean</bean> > <asyncLdapSourceService> > <name>group-source-service</name> > <connection reference="openldap" /> > <baseDn>ou=Groups,dc=company,dc=com,dc=br</baseDn> > <pivotAttributes> > <string>cn</string> > </pivotAttributes> > <fetchedAttributes> > <string>cn</string> > <string>displayName</string> > <string>memberUid</string> > </fetchedAttributes> > <getAllFilter><![CDATA[(objectClass=top)]]></getAllFilter> > <getOneFilter><![CDATA[(&(objectClass=top)(cn={cn}))]]>< > /getOneFilter> > <cleanFilter><![CDATA[(&(objectClass=top)(cn={cn}))]]>< > /cleanFilter> > <serverType>OpenLDAP</serverType> > </asyncLdapSourceService> > <ldapDestinationService> > <name>group-dst-service</name> > <connection reference="AD" /> > <baseDn>OU=Groups,dc=company,dc=com,dc=br</baseDn> > <pivotAttributes> > <string>cn</string> > </pivotAttributes> > <fetchedAttributes> > <string>cn</string> > <string>displayName</string> > <string>member</string> > <string>objectClass</string> > </fetchedAttributes> > <getAllFilter><![CDATA[(objectClass=group)]]></getAllFilter> > <getOneFilter><![CDATA[(&(objectClass=group)(cn={cn}))]] > ></getOneFilter> > </ldapDestinationService> > <propertiesBasedSyncOptions> > <mainIdentifier>js:"cn=" + javax.naming.ldap.Rdn. > escapeValue(srcBean.getDatasetFirstValueById("cn")) + > ",OU=Groups,dc=company,dc=com,dc=br"</mainIdentifier> > <defaultDelimiter>;</defaultDelimiter> > <defaultPolicy>FORCE</defaultPolicy> > <conditions> > <create>true</create> > <update>true</update> > <delete>true</delete> > <changeId>true</changeId> > </conditions> > <dataset> > <name>objectclass</name> > <policy>KEEP</policy> > <createValues> > <string>"group"</string> > <string>"top"</string> > </createValues> > </dataset> > > <dataset> > <name>member</name> > <policy>KEEP</policy> > <defaultValues> > <string> > <![CDATA[rjs: > var membersSrcDn = srcBean.getDatasetValuesById(" > memberUid"); > var membersDstDn = []; > for (var i=0; i<membersSrcDn.size(); i++) { > var memberSrcDn = membersSrcDn.get(i); > var uid = ""; > try { > uid = srcLdap.attribute(memberSrcDn, > "uid").get(0); > } catch(e) { > continue; > } > var destDn = ldap.search("ou=Groups", > "(sAMAccountName=" + uid + ")"); > if (destDn.size() == 0 || destDn.size() > 1) { > continue; > } > var destMemberDn = destDn.get(0) + "," + > ldap.getContextDn(); > membersDstDn.push(destMemberDn); > } > membersDstDn > ]]> > </string> > </defaultValues> > </dataset> > </propertiesBasedSyncOptions> > </task> > > I have the ldap with the old configuration, ie, slapd.conf. Perform lsc in > test mode and apparently normal wheel, but with 2 errors. > > out 03 20:24:26 - ERROR - Synchronization aborted because no source object > has been found ! > out 03 20:24:27 - ERROR - All entries: 49, to modify entries: 48, > successfully modified entries: 0, errors: 1 > > There's something wrong in my task? > > > Hi, > > * Why are you using asyncLdapSourceService? You can only use it againts > OpenLDAP if you have syncprov overlay configured. Try to start with > standard ldapSourceService > > * (objectClass=top) is not really useful. If you have posixGroup, set > (objectClass=posixGroup) in your source filters > > * In the "member" dataset, you set policy to KEEP, which means values will > not be updated if they are not the same between source an destination. > > * Still in this dataset, you get values of memberUid in source, which are > simple users uid, not DN, but then you use them as DN, which will obviously > fail. > > > > I think the javascript code is quite clear, try to understand what it does > and adapt it to your needs. > > > > Good luck, > > -- > Clément OUDOT > Consultant en logiciels libres, Expert infrastructure et sécurité > Savoir-faire Linux > 87, rue de Turbigo - 75003 PARIS > Blog: http://sflx.ca/coudot > > -- Elias Pereira
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
