Re: [lsc-users] synchronizing groups from postgresql to openldap!

Tue, 18 Oct 2016 00:13:20 -0700 

Le 14/10/2016 à 15:14, Pape Khaly NIANG a écrit :
> Hi,
> 

Hi Pape,

> I’m facing difficulties to understand how to synchronize groups from
> a postgresql database with two tables user_ and group_ and an
> association table between the earlier two tables to be able to find
> the group to which a user belongs.
> 
> I have an openldap directory for which I get results when making an 
> ldapsearch on ou groups:
> 
> # extended LDIF
> 
> #
> 
> # LDAPv3
> 
> # base <ou=groups,dc=cfe,dc=fr> with scope subtree
> 
> # filter: (objectclass=*)
> 
> # requesting: ALL
> 
> #
> 
> 
> 
> # groups, cfe.fr
> 
> dn: ou=groups,dc=cfe,dc=fr
> 
> objectClass: top
> 
> objectClass: organizationalUnit
> 
> ou: ade
> 
> ou: groups
> 
> 
> 
> # Engineering, groups, cfe.fr
> 
> dn: cn=Engineering,ou=groups,dc=cfe,dc=fr
> 
> cn: Engineering
> 
> objectClass: groupOfNames
> 
> member: cn=khaly souleye,ou=people,dc=cfe,dc=fr

Here is how I do it. As you , I have three tables : users, groups, and
user_group.

In my task I have,

        <requestNameForList>getGroupList</requestNameForList>
        <requestNameForObject>getGroup</requestNameForObject>

And I'm using the following sql map:

  <select id="getGroupList" resultClass="java.util.HashMap">
      SELECT DISTINCT
      groups.unix_group_name as cn
      FROM groups, user_group
      WHERE groups.status = 'A' // optional for you
      AND user_group.group_id=groups.group_id
  </select>

The tricky part is to retrieve group membership (getGroup) :

  <select id="getGroup" resultClass="java.util.HashMap"
parameterClass="java.util.Map">
      SELECT
      groups.unix_group_name as cn,
      string_agg(users.user_name, ',') as member
      FROM users,user_group, groups
      WHERE users.user_id=user_group.user_id
      AND user_group.group_id=groups.group_id
      AND groups.status = 'A' // optional criteria
      AND groups.unix_group_name = #cn#
      GROUP BY unix_group_name
</select>

with the above you get a two columns result : the group name and the
group members list.

Now you can use the following <dataset> to feed the LDAP 'member' attribute:


<dataset>
          <name>member</name>
          <policy>MERGE</policy>
    <forceValues>
    <string><![CDATA[js:
    var groupmembers =
srcBean.getDatasetFirstValueById("member").split(',');
    var membersdn = [] ;
    for (var i=0; i < groupmembers.length;  i++) {
    membersdn.push("uid=" + groupmembers[i] +    ",ou=people,dc=xxx,dc=yyy);
    }
    membersdn;
    ]]></string>
          </forceValues>
</dataset>

Hope this help,

Cheers
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to