Hi,

I need some help please to resolve my problem (I don't find the solution)

I have a problem to sync AD Group to an Openldap group (posixGroup)

All openldap groups are as follow :

memberUid: someuid
memberUid: someuid
memberUid: someuid
memberUid: ...
memberUid: ...
memberUid: ...
objectClass: top
objectClass: posixGroup
objectClass: labeledURIObject
labeledURI: ldap:///.......
cn: department-service
gidNumber: 1630


I have some group under the first I would like to sync
In each group there are memberUid

cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr
cn=service01,cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr
cn=service01,cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr

I need :
- synchronize all groups without removing those from below (in example sync 
cn=department, but want to keep cn=service01,cn=department..../ 
cn=service02,cn=department....)
- to add only missing memberUid
- remove memberUid is not in the AD Group

When I launch my sync task, I have an error

ERROR - Error while adding entry 
cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr in directory 
:javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - Entry Already 
Exists]; remaining name ' cn=department,ou=SI,ou=Group'
ERROR - Error while synchronizing ID 
cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr: java.lang.Exception: 
Technical problem while applying modifications to the destination
# Wed Feb 01 12:33:41 CET 2017
dn: cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr
changetype: add         <<<<< why ? the group exist.
gidnumber: 1634
memberUid: someuid      <<<<< I need to add only missing and delete all that 
are in excess, in my task it wants to ADD ALL memberUid
memberUid: someuid
memberUid: someuid
memberUid: ...
memberUid: ...
memberUid: ...
objectClass: top
objectClass: posixGroup
objectClass: labeledURIObject


Here my lsc.xml

<connections>

        <ldapConnection>
                <name>src-ad</name>
                <url>ldaps://****************</url>
                <username>****************</username>
                <password>ADPASSWORD</password>
                <authentication>SIMPLE</authentication>
                <referral>IGNORE</referral>
                <derefAliases>NEVER</derefAliases>
                <version>VERSION_3</version>
                <pageSize>1000</pageSize>
                <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
                <tlsActivated>false</tlsActivated>
        </ldapConnection>
        
        <ldapConnection>
                <name>dest-openldap</name>
                <url>ldaps://****************</url>
                <username>****************</username>
                <password>OLPASSWORD</password>
                <authentication>SIMPLE</authentication>
                <referral>THROW</referral>
                <derefAliases>NEVER</derefAliases>
                <version>VERSION_3</version>
                <pageSize>-1</pageSize>
                <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
                <tlsActivated>false</tlsActivated>
        </ldapConnection>

</connections>

<tasks>

        <task>
        
                <name>NAMEGROUPEAD-SyncADtoLDAPgroups</name>
                <bean>org.lsc.beans.SimpleBean</bean>

                <ldapSourceService>
                        <name>AD-GROUPS_NAMEGROUPEAD</name>
                        <connection reference="src-ad" />
                        
<baseDn>OU=SyncOpenldap,OU=..................dc=windows,dc=domain,dc=fr</baseDn>

                        <pivotAttributes>
                                <string>cn</string>
                        </pivotAttributes>

                        <fetchedAttributes>
                                <string>cn</string>
                                <string>sAMAccountName</string>
                                <string>member</string>
                                <string>objectClass</string>
                        </fetchedAttributes>

                        
<getAllFilter>(&amp;(objectClass=group)(CN=CNGROUPEAD))</getAllFilter>
                        
<getOneFilter>(&amp;(objectClass=group)(cn={cn}))</getOneFilter>        
                        
<cleanFilter>(&amp;(objectClass=group)(cn={cn}))</cleanFilter>
                        
                </ldapSourceService>

                <ldapDestinationService>
                
                        <name>Openldap-GROUPS_NAMEGROUPEAD</name>
                        <connection reference="dest-openldap" />
                        
<baseDn>cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr</baseDn>

                        <pivotAttributes>
                                <string>cn</string>
                        </pivotAttributes>

                        <fetchedAttributes>                                     
                
                                <string>gidnumber</string>
                                <string>labeleduri</string>
                                <string>memberuid</string>
                                <string>objectClass</string>
                        </fetchedAttributes>

                        <getAllFilter>(objectClass=posixGroup)</getAllFilter>
                        
<getOneFilter>(&amp;(objectClass=posixGroup)(cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr))</getOneFilter>

                </ldapDestinationService>

                <propertiesBasedSyncOptions>
                
                        
<mainIdentifier>"cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr"</mainIdentifier>
                        <defaultDelimiter>;</defaultDelimiter>
                        <defaultPolicy>FORCE</defaultPolicy>

                        <dataset>
                                <name>memberUid</name>
                                <policy>FORCE</policy>
                                <forceValues>
                                <string>
                                        <![CDATA[js:
                                        var dstMembers = new Array();
                                        var membersSrcDn = 
srcBean.getDatasetValuesById("member");   
                                        for  (var i=0; i<membersSrcDn.size(); 
i++)
                                        {
                                        var memberSrcDn = membersSrcDn.get(i);  
                                        
                                        sam = srcLdap.attribute( memberSrcDn, 
"sAMAccountName").get(0).toLowerCase().trim();
                                        dstMembers.push(sam)
                                        }
                                        dstMembers;
                                        ]]>
                                </string>
                                </forceValues>
                        </dataset>

                        <dataset>
                                <name>objectClass</name>
                                <policy>KEEP</policy>
                                <createValues>
                                <string>"top"</string>                          
                        
                                <string>"posixGroup"</string>
                                <string>"labeledURIObject"</string>
                                </createValues>
                        </dataset> 

                        <!-- count up the gidnumber -->
                        <dataset>
                                <name>gidnumber</name>
                                <policy>KEEP</policy>
                                <createValues>
                                
<string>SequencesFactory.getInstance(ldap.getJndiServices()).getNextValue("cn=gidNumberSequenceUnix,ou=LSC,dc=unix,dc=domain,dc=fr","serialNumber")</string>
                                                    
                                </createValues>
                        </dataset>

                </propertiesBasedSyncOptions>

        </task>

</tasks>

</lsc>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to