Re: [lsc-users] Problem to sync AD group to OpenLDAP group (posixGroup)

Wed, 01 Feb 2017 08:04:09 -0800 


Le 01/02/2017 à 12:50, MAUBON Renaud NEURONES IT a écrit :

Hi,

I need some help please to resolve my problem (I don't find the solution)

I have a problem to sync AD Group to an Openldap group (posixGroup)

All openldap groups are as follow :

memberUid: someuid
memberUid: someuid
memberUid: someuid
memberUid: ...
memberUid: ...
memberUid: ...
objectClass: top
objectClass: posixGroup
objectClass: labeledURIObject
labeledURI: ldap:///.......
cn: department-service
gidNumber: 1630


I have some group under the first I would like to sync
In each group there are memberUid

cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr
cn=service01,cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr
cn=service01,cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr

I need :
- synchronize all groups without removing those from below (in example sync 
cn=department, but want to keep cn=service01,cn=department..../ 
cn=service02,cn=department....)
- to add only missing memberUid
- remove memberUid is not in the AD Group

When I launch my sync task, I have an error

ERROR - Error while adding entry 
cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr in directory 
:javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - Entry Already 
Exists]; remaining name ' cn=department,ou=SI,ou=Group'
ERROR - Error while synchronizing ID 
cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr: java.lang.Exception: 
Technical problem while applying modifications to the destination
# Wed Feb 01 12:33:41 CET 2017
dn: cn=department,ou=SI,ou=Group,dc=unix,dc=domain,dc=fr
changetype: add         <<<<< why ? the group exist.
gidnumber: 1634
memberUid: someuid      <<<<< I need to add only missing and delete all that 
are in excess, in my task it wants to ADD ALL memberUid
memberUid: someuid
memberUid: someuid
memberUid: ...
memberUid: ...
memberUid: ...
objectClass: top
objectClass: posixGroup
objectClass: labeledURIObject




Hi,


check the getOneFilter of the destination, it should be 
(&amp;(objectClass=posixGroup)(cn={cn}))



--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
137 boulevard de Magenta - 75010 PARIS
Blog: http://sflx.ca/coudot

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users





















					Reply via email to