Re: [lsc-users] Questions about Syncing CN to UID, why lowercase gets mapped to uppercase and error LDAP 65

Thu, 20 Apr 2017 08:17:34 -0700 


Le 20/04/2017 à 15:57, Robert Czipo a écrit :


Hello Everyone,


Hello Robert,



I have a few issues/questions to ask. I hope someone can help.


1. Why when I sync my live ldap with the backup ldap does the 
uid=Robert.czipo i live get Changed to CN=Robert Czipo in the backup 
ldap(see image below). Does it have to do with the mainIdentifier 
below? can I add two to include uid or combine?



 <mainIdentifier>js:"cn=" + 
javax.naming.ldap.Rdn.escapeValue(srcBean.getDatasetFirstValueById("cn")) 
+ ",ou=Secure,ou=MIS,ou=People,dc=unfpa,dc=org"</mainIdentifier>



Inline image 1




Yes, you configured the main identifier to use the "cn" attribute, so 
LSC apply this rule. To have uid in mainIdentifier, replace it by:



 <mainIdentifier>js:"uid=" + 
javax.naming.ldap.Rdn.escapeValue(srcBean.getDatasetFirstValueById("uid")) 
+ ",ou=Secure,ou=MIS,ou=People,dc=unfpa,dc=org"</mainIdentifier>



Using uid is common with standard LDAPv3 directories, but cn is common 
with AD.



2. Not sure why first letter for first and last name are lowercae in 
live and capitals in the backup ldap(see image above). not sure how to 
stop this.





Don't know. LSC does not transform values unless you tell it to do so, 
with .toLowerCase() method for example.



and #3


I'm trying to sunc an attribute called inetUserStatus from live to 
backup,but I'm getting this error.




The error seems clear:


> ... violates the Directory Server schema configuration because it 
includes attribute inetUserStatus which is not allowed by any of the 
objectclasses defined in that entry



You can't add an attribute in an entry if this attribute is not allowed 
by objectClasses. For this point you need to learn some LDAP basics.


--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
137 boulevard de Magenta - 75010 PARIS
Blog: http://sflx.ca/coudot


_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users





















					Reply via email to