Hi,
I need some help please to resolve my problem (I don't find the solution)
I have a problem to sync AD Group to an Openldap group (posixGroup)
All openldap groups are as follow :
memberUid: someuid
memberUid: someuid
memberUid: someuid
memberUid: ...
memberUid: ...
memberUid: ...
objectClass: top
objectClass: posixGroup
objectClass: labeledURIObject
labeledURI: ldap:///.......
cn: department-service
gidNumber: 1630
I have some group under the first I would like to sync
In each group there are memberUid
cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr
cn=service01,cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr
cn=service01,cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr
I need :
- synchronize all groups without removing those from below (in example sync
cn=department, but want to keep cn=service01,cn=department..../
cn=service02,cn=department....)
- to add only missing memberUid
- remove memberUid is not in the AD Group
When I launch my sync task, I have an error
ERROR - Error while adding entry
cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr in directory
:javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - Entry Already
Exists]; remaining name ' cn=department,ou=SI,ou=Group'
ERROR - Error while synchronizing ID
cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr: java.lang.Exception:
Technical problem while applying modifications to the destination
# Wed Feb 01 12:33:41 CET 2017
dn: cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr
changetype: add <<<<< why ? the group exist.
gidnumber: 1634
memberUid: someuid <<<<< I need to add only missing and delete all that
are in excess, in my task it wants to ADD ALL memberUid
memberUid: someuid
memberUid: someuid
memberUid: ...
memberUid: ...
memberUid: ...
objectClass: top
objectClass: posixGroup
objectClass: labeledURIObject
Here my lsc.xml
<connections>
<ldapConnection>
<name>src-ad</name>
<url>ldaps://****************</url>
<username>****************</username>
<password>ADPASSWORD</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>1000</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
</ldapConnection>
<ldapConnection>
<name>dest-openldap</name>
<url>ldaps://****************</url>
<username>****************</username>
<password>OLPASSWORD</password>
<authentication>SIMPLE</authentication>
<referral>THROW</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>-1</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
</ldapConnection>
</connections>
<tasks>
<task>
<name>NAMEGROUPEAD-SyncADtoLDAPgroups</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>AD-GROUPS_NAMEGROUPEAD</name>
<connection reference="src-ad" />
<baseDn>OU=SyncOpenldap,OU=..................dc=windows,dc=domain,dc=fr</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>sAMAccountName</string>
<string>member</string>
<string>objectClass</string>
</fetchedAttributes>
<getAllFilter>(&(objectClass=group)(CN=CNGROUPEAD))</getAllFilter>
<getOneFilter>(&(objectClass=group)(cn={cn}))</getOneFilter>
<cleanFilter>(&(objectClass=group)(cn={cn}))</cleanFilter>
</ldapSourceService>
<ldapDestinationService>
<name>Openldap-GROUPS_NAMEGROUPEAD</name>
<connection reference="dest-openldap" />
<baseDn>cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>gidnumber</string>
<string>labeleduri</string>
<string>memberuid</string>
<string>objectClass</string>
</fetchedAttributes>
<getAllFilter>(objectClass=posixGroup)</getAllFilter>
<getOneFilter>(&(objectClass=posixGroup)(cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr))</getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>"cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<dataset>
<name>memberUid</name>
<policy>FORCE</policy>
<forceValues>
<string>
<![CDATA[js:
var dstMembers = new Array();
var membersSrcDn =
srcBean.getDatasetValuesById("member");
for (var i=0; i<membersSrcDn.size();
i++)
{
var memberSrcDn = membersSrcDn.get(i);
sam = srcLdap.attribute( memberSrcDn,
"sAMAccountName").get(0).toLowerCase().trim();
dstMembers.push(sam)
}
dstMembers;
]]>
</string>
</forceValues>
</dataset>
<dataset>
<name>objectClass</name>
<policy>KEEP</policy>
<createValues>
<string>"top"</string>
<string>"posixGroup"</string>
<string>"labeledURIObject"</string>
</createValues>
</dataset>
<!-- count up the gidnumber -->
<dataset>
<name>gidnumber</name>
<policy>KEEP</policy>
<createValues>
<string>SequencesFactory.getInstance(ldap.getJndiServices()).getNextValue("cn=gidNumberSequenceUnix,ou=LSC,dc=unix,dc=domain,dc=fr","serialNumber")</string>
</createValues>
</dataset>
</propertiesBasedSyncOptions>
</task>
</tasks>
</lsc>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
