Cheers,
-------- Message transféré -------- Sujet : RE: [lsc-users] synchronizing groups from postgresql to openldap! Date : Tue, 18 Oct 2016 15:42:01 +0200 De : Pape Khaly NIANG <[email protected]> Pour : [email protected] Thanks a lot ! After a few adaptations to my context, it finally worked! Thanks again -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: mardi 18 octobre 2016 09:09 To: Pape Khaly NIANG Subject: Re: [lsc-users] synchronizing groups from postgresql to openldap! Le 14/10/2016 à 15:14, Pape Khaly NIANG a écrit : > Hi, > Hi Pape, > I’m facing difficulties to understand how to synchronize groups from a > postgresql database with two tables user_ and group_ and an > association table between the earlier two tables to be able to find > the group to which a user belongs. > > I have an openldap directory for which I get results when making an > ldapsearch on ou groups: > > # extended LDIF > > # > > # LDAPv3 > > # base <ou=groups,dc=cfe,dc=fr> with scope subtree > > # filter: (objectclass=*) > > # requesting: ALL > > # > > > > # groups, cfe.fr > > dn: ou=groups,dc=cfe,dc=fr > > objectClass: top > > objectClass: organizationalUnit > > ou: ade > > ou: groups > > > > # Engineering, groups, cfe.fr > > dn: cn=Engineering,ou=groups,dc=cfe,dc=fr > > cn: Engineering > > objectClass: groupOfNames > > member: cn=khaly souleye,ou=people,dc=cfe,dc=fr Here is how I do it. As you , I have three tables : users, groups, and user_group. In my task I have, <requestNameForList>getGroupList</requestNameForList> <requestNameForObject>getGroup</requestNameForObject> And I'm using the following sql map: <select id="getGroupList" resultClass="java.util.HashMap"> SELECT DISTINCT groups.unix_group_name as cn FROM groups, user_group WHERE groups.status = 'A' // optional for you AND user_group.group_id=groups.group_id </select> The tricky part is to retrieve group membership (getGroup) : <select id="getGroup" resultClass="java.util.HashMap" parameterClass="java.util.Map"> SELECT groups.unix_group_name as cn, string_agg(users.user_name, ',') as member FROM users,user_group, groups WHERE users.user_id=user_group.user_id AND user_group.group_id=groups.group_id AND groups.status = 'A' // optional criteria AND groups.unix_group_name = #cn# GROUP BY unix_group_name </select> with the above you get a two columns result : the group name and the group members list. Now you can use the following <dataset> to feed the LDAP 'member' attribute: <dataset> <name>member</name> <policy>MERGE</policy> <forceValues> <string><![CDATA[js: var groupmembers = srcBean.getDatasetFirstValueById("member").split(','); var membersdn = [] ; for (var i=0; i < groupmembers.length; i++) { membersdn.push("uid=" + groupmembers[i] + ",ou=people,dc=xxx,dc=yyy); } membersdn; ]]></string> </forceValues> </dataset> Hope this help, Cheers ----- Aucun virus trouvé dans ce message. Analyse effectuée par AVG - www.avg.com Version: 2016.0.7797 / Base de données virale: 4664/13229 - Date: 17/10/2016 _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
