Well Clément, you are absolutely right of course. In the end, I forgot to split
my returned string into an array, so of course this didn't work. So thanks for
clarifying!
But if I may be so bold and suggest an improvement:
The schema for the valuesType is too ambiguous, imho, and I blame it a bit that
I came to my conclusion. One of the datasets I'd like to use for comparison
here is `description`:
<dataset>
<name>description</name>
<policy>FORCE</policy>
<forceValues>
<string>srcBean.getDatasetValuesById("description")</string>
</forceValues>
</dataset>
This translates into what I have in my initial mail. What you describe was my
initial thought, so I looked into the schema of the lsc.xml
(`lsc-core-2.1.xsd`) and forceValues is of type valuesType which is defined as:
<xsd:complexType name="valuesType">
<xsd:sequence>
<xsd:element name="string" type="xsd:string"
minOccurs="0"
maxOccurs="unbounded" />
</xsd:sequence>
<xsd:attribute name="id" type="xsd:string" use="optional" />
</xsd:complexType>
That means only <string> is allowed. So whatever you pass into your forceValues
(even arrays, as noted above) are interpreted as a string, delimited by a ";".
At least this is how I understand it. The obvious "fix" would be to include an
element called `array`, that can - for all intents and purposes - behave
absolutely the same under the hood, but would semantically distinguish between
the two use cases. But really, just humble food for thought. :)
On a related note, `description` is a very mean example for this in the
AD-world. Seems that even though the AD-schema allows multiple values, the
AD-system does not, so it throws with an error code 20 when trying to add
multiple description.* Threw me off, too, so that influenced my conclusion as
well. ;)
All the best,
Alex.
*:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/c3efab6a-0a86-41ee-8246-5bb8482ee692/cannot-add-second-value-to-multivalue-attribute?forum=winserverDS
Von: lsc-users [mailto:[email protected]] Im Auftrag von
Clément OUDOT
Gesendet: Wednesday, 21 June 2017 10:12
An: [email protected]
Betreff: Re: [lsc-users] Support for multiple values
Le 20/06/2017 à 15:57, Alexander Herr a écrit :
Hi list,
I am in need of synchronizing eduPersonOrgUnitDN into my Active Directory, and
for that I have to be able to use multiple values. Here is the thing though,
that attribute is defined as a DN, but multi-valued. That means I cannot simply
write a ; delimited string, because that violates the syntax for DNs.
The way I understand LSC is that currently it can only map multi-value
attributes to a delimited single-value for that attribute, i.e. if I have
description: foo
description: bar
in my OpenLDAP, it can only write this as
description: foo ; bar
in my AD. As I have said, this does not work here due to syntax-enforcement.
Is there any way I can have multiple values synchronized as multiple values for
the same atrtribute from openLDAP to AD? If so, how?
By default multiple values are mapped to multiple values. In a dataset, if you
return an array, then multiple values are written. If you return a String, then
you have a simple value.
Show your dataset code if you need help on this.
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
137 boulevard de Magenta - 75010 PARIS
Blog: http://sflx.ca/coudot
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
