Hi LSC Users, Our organization keeps all personnel information in a database. The LDAP directory is a copy of that information. We have used custom scripts to manage the synchronization before, but now we wish to use LSC to help us manage this.
I have configured LSC to import our user objects. But I am having a hard time trying to getting LSC to use a SQL Qry as the members list for the LDAP Destination. Using the Sample SQL Map InetOrgPerson.xml for the user import. If I setup another task to import a SQL Query as group list I might setup my queries like this <?xml version="1.0" encoding="UTF-8" standalone="no"?> <!DOCTYPE sqlMap PUBLIC "-//iBATIS.com//DTD SQL Map 2.0//EN" "http://www.ibatis.com/dtd/sql-map-2.dtd";> <sqlMap namespace="InetOrgPerson"> <select id="getInetOrgPerson-AllUserGroup" resultClass="java.util.HashMap" parameterClass="java.util.Map"> Select pers."UID" FROM csvdata pers WHERE pers."MAIL" LIKE #uid# </select> <select id="checkPersonForClean-AllUserGroup" resultClass="java.util.HashMap" parameterClass="java.util.Map"> Select pers."UID" AS uid FROM csvdata pers WHERE pers."MAIL" LIKE #uid# </select> <select id="getInetOrgPersonList-AllUserGroup" resultClass="java.util.HashMap"> SELECT pers."uid" AS uid FROM csvdata pers WHERE pers."SN" is not like "Smith" </select> <select id="getNextInetOrgPersonId-AllUserGroup" resultClass="java.util.HashMap"> SELECT pers."uid" AS uid FROM csvdata pers LIMIT 1 </select> </sqlMap> * Note: We've decided we need to excluded all Smiths from our group ** Note: I've botched the getNextInetOrgPersonId query, as I'm not sure how to provide the result of next ID it's looking for. So now we come back to lsc.xml>LSC>tasks>task <task> <name>AllUsers_ButSmith</name> <bean>org.lsc.beans.SimpleBean</bean> <databaseSourceService> <name>SQLAllUsersButSmith</name> <connection reference="mydb" /> <requestNameForList>getInetOrgPersonList-AllUserGroup</requestNameForList> <requestNameForObject>getInetOrgPerson-AllUserGroup</requestNameForObject> <requestNameForNextId>getNextInetOrgPersonId-AllUserGroup</requestNameForNextId> <requestNameForClean>checkPersonForClean-AllUserGroup</requestNameForClean> </databaseSourceService> <ldapDestinationService> <name>groupAllUsersButSmith</name> <connection reference="myldap" /> <baseDn>cn=AllUsersButSmith,ou=groups,dc=example,dc=com</baseDn> <pivotAttributes> <string>member</string> </pivotAttributes> <fetchedAttributes> <string>member</string> </fetchedAttributes> <getAllFilter><![CDATA[(objectClass=groupOfNames)]]></getAllFilter> <getOneFilter><![CDATA[(&(objectClass=groupOfNames)(cn={member}))]]></getOneFilter> </ldapDestinationService> <propertiesBasedSyncOptions> <mainIdentifier>"cn=AllUsersButSmith,ou=groups,dc=example,dc=com"</mainIdentifier> <defaultDelimiter>,</defaultDelimiter> <defaultPolicy>MERGE</defaultPolicy> <conditions> <create>true</create> <update>true</update> <delete>true</delete> <changeId>false</changeId> </conditions> <dataset> <name>member</name> <policy>MERGE</policy> <forceValues> <string>"cn=" + srcBean.getDatasetFirstValueById("member") + ",ou=people,dc=example,dc=com" </string> </forceValues> </dataset> <!-- <dataset> <name>objectClass</name> <policy>KEEP</policy> <defaultValues></defaultValues> <forceValues></forceValues> <createValues> <string>"groupOfNames"</string> </createValues> <delimiter>,</delimiter> </dataset> --> </propertiesBasedSyncOptions> </task> For Synchronous run, the above configuration works somewhat. But it only adds users, it tries to add all users, even though they are in the group already, with the same DN. I think the getOneFilter is for this purpose of checking, or I'm missing something. If the username is in the member list, then it should not try to add the member attribute to the group. Could you please clarify if I am using LSC correctly in this purpose? I feel I'm missing something. We have one dozen or so groups that we need to update in this manner on a regular basis, and would like only to make changes to the groupOfNames object if necessary. My next question is Asynchronous mode, and I suppose it applies to the User objects as well. How do I write a query for <requestNameForClean> to return the name of the next member? I would like LSC to fetch the userlist and compare that list itself, having to provide a FILO List script seperate of LSC seems redundant for what I'm working with. Thank you very much. - Billy Baker SelfDesign Learning Foundation https://selfdesign.org _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
