[lsc-users] Help

Mon, 12 Dec 2016 23:11:19 -0800 

Hi, I am new in synchronizing active directory to ldap in debian. I have set up 
a synchronization from Active Directory to ldap. I set up Sasl to get the 
password from Active Directory and testsaslauthd works well. Then I got the 
synchronized users successfully. But when I do a test with their passwords, the 
problem comes. I am pleased to be helped.
Here is my lsc.xml file.
<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0">
<connections>
<ldapConnection>
    <name>AD</name>
    <url>ldap://192.168.6.128:3268/dc=teknetgroup,dc=mg</url>
    <username>cn=Administrator,cn=Users,dc=teknetgroup,dc=mg</username>
    <password>Root2016</password>
    <authentication>SIMPLE</authentication>
    <referral>IGNORE</referral>
    <derefAliases>NEVER</derefAliases>
    <version>VERSION_3</version>
    <pageSize>1000</pageSize>
    <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
    <tlsActivated>false</tlsActivated>
</ldapConnection>
<ldapConnection>
    <name>openldap</name>
    <url>ldap://localhost:389/dc=teknetgroup,dc=mg</url>
    <username>cn=admin,dc=teknetgroup,dc=mg</username>
    <password>root</password>
    <authentication>SIMPLE</authentication>
    <referral>THROW</referral>
    <derefAliases>NEVER</derefAliases>
    <version>VERSION_3</version>
    <pageSize>-1</pageSize>
    <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
    <tlsActivated>false</tlsActivated>
</ldapConnection>
</connections>
<tasks>
<task>
    <name>adUser</name>
    <bean>org.lsc.beans.SimpleBean</bean>
 <ldapSourceService>
    <name>openldap-source-service</name>
    <connection reference="AD" />
    <baseDn>ou=Comptes,dc=teknetgroup,dc=mg</baseDn>
    <pivotAttributes>
        <string>cn</string>
    </pivotAttributes>
    <fetchedAttributes>
        <string>cn</string>
        <string>description</string>
        <string>givenName</string>
        <string>mail</string>
        <string>sn</string>
        <string>userPrincipalName</string>
        <string>name</string>
        <string>sAMAccountName</string>
        <string>department</string>
        <string>telephoneNumber</string>
        <string>ipphone</string>        <string>userPassword</string>
    </fetchedAttributes>
    <getAllFilter><![CDATA[(&(cn=*)(objectClass=person))]]></getAllFilter>
    <getOneFilter><![CDATA[(&(objectClass=person)(cn={cn}))]]></getOneFilter>
    <cleanFilter><![CDATA[(&(objectClass=person)(cn={cn}))]]></cleanFilter>
 </ldapSourceService>
 <ldapDestinationService>
    <name>ad-dst-service</name>
    <connection reference="openldap" />
    <baseDn>ou=people,dc=teknetgroup,dc=mg</baseDn>
    <pivotAttributes>
        <string>cn</string>
    </pivotAttributes>
    <fetchedAttributes>
        <string>cn</string>
        <string>uid</string>
        <string>description</string>
        <string>gecos</string>
        <string>givenName</string>
        <string>mail</string>
        <string>homeDirectory</string>
        <string>objectClass</string>
        <string>sn</string>
        <string>cgfDepartmentPrimary</string>
        <string>userPassword</string>
        <string>loginShell</string>
        <string>gidNumber</string>    
        <string>uidNumber</string>
        <string>cgfDepartmentPrimary</string>
        <string>telephoneNumber</string>    
        <string>cgfInternalTelephoneNumber</string>
    </fetchedAttributes>
    
<getAllFilter><![CDATA[(&(cn=*)(objectClass=inetOrgPerson))]]></getAllFilter>
    
<getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(cn={cn}))]]></getOneFilter>
</ldapDestinationService>
    <propertiesBasedSyncOptions>
        <mainIdentifier>js:"cn=" + 
javax.naming.ldap.Rdn.escapeValue(srcBean.getDatasetFirstValueById("cn")) + 
",ou=people,dc=teknetgroup,dc=mg"</mainIdentifier>
        <defaultDelimiter>;</defaultDelimiter>
        <defaultPolicy>FORCE</defaultPolicy>
        <conditions>
            <create>true</create>
            <update>true</update>
            <delete>true</delete>
            <changeId>true</changeId>
        </conditions>
        <dataset>
            <name>objectclass</name>    
            <policy>KEEP</policy>        
            <createValues>
                <string>"inetOrgPerson"</string>
                <string>"gosaAccount"</string>
                <string>"organizationalPerson"</string>    
                <string>"person"</string>    
                <string>"top"</string>    
            </createValues>
        </dataset>
        <dataset>
            <name>uid</name>
            <forceValues>
                
<string>srcBean.getDatasetFirstValueById("sAMAccountName").toLowerCase()</string>
            </forceValues>
        </dataset>
        <dataset>
           <name>cgfDepartmentPrimary</name>    
            <forceValues>
                <string>srcBean.getDatasetFirstValueById("department")</string> 
   
            </forceValues>
        </dataset>
        <dataset>
            <name>cgfInternalTelephoneNumber</name>
            <forceValues>
                    
<string>srcBean.getDatasetFirstValueById("ipphone")</string>    
            </forceValues>    
        </dataset>
        <dataset>
            <name>userPassword</name>
            <forceValues>
                <string>"{SASL}" + 
srcBean.getDatasetFirstValueById("userPrincipalName")</string>    
            </forceValues>
        </dataset>
    </propertiesBasedSyncOptions>
</task>
</tasks>
</lsc>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
lsc-users@lists.lsc-project.org
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to