On Thu, Feb 1, 2018 at 12:13 PM, Soisik Froger
<[email protected]> wrote:
> On 01/02/2018 10:19, Lior Dotan wrote:
>>
>> Hi,
>>
>> I'm trying to sync groups and users from AD. Everything is working
>> okay but in case of nested groups, I'd like to flatten them to a
>> single group with all the users.
>>
>> Running the foloowing filter with ldapsearch gives the expected results:
>>
>> (memberOf:1.2.840.113556.1.4.1941:=cn=LargeGroup,ou=ad-testing,dc=ad-testing,dc=test,dc=io)
>>
>> But when i run the same filter in LSC I still only get the the
>> sub-groups of "LargeGroup" instead of the users.
>>
>> Is there a way to get the users list in case of nested groups?
>>
>> Thanks,
>> Lior
>
>
> Hi,
>
> How do you use this filter ? In a sync group task (which only deals with
> group objects so it's normal if you get only groups in results) or when
> synchronizing the member attribute of a group in a javascript, like this one
> : https://lsc-project.org/documentation/tutorial/synchronizegroups#member ?
>
> Please share the relevant part of your LSC configuration and the ldapsearch
> command you used.
This is the ldapsearch command I'm using:
ldapsearch -D "cn=ReadAdmin,ou=Users,ou=ad-testing,dc=ad-testing,dc=test,dc=io"
-w password -p 389 -h ad-testing.test.io -b
"ou=ad-testing,dc=ad-testing,dc=test,dc=io" -s sub
"(memberOf:1.2.840.113556.1.4.1941:=cn=LargeGroup,ou=ad-testing,dc=ad-testing,dc=test,dc=io)"
I have a task for syncing users and one for groups, I am trying to run
the filter in the group task:
<task>
<name>SyncGroupTask</name>
<bean>org.lsc.beans.SimpleBean</bean>
<asyncLdapSourceService>
<name>SyncGroupTask-src</name>
<connection reference="ldap-src-conn" />
<baseDn>ou=ad-testing,dc=ad-testing,dc=test,dc=io</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>member</string>
<string>objectClass</string>
</fetchedAttributes>
<!--
<getAllFilter>(&(objectClass=*))</getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></getOneFilter>
-->
<getAllFilter><![CDATA[(memberOf:1.2.840.113556.1.4.1941:=cn={cn},ou=ad-testing,dc=ad-testing,dc=test,dc=io)]]></getAllFilter>
<getOneFilter><![CDATA[(memberOf:1.2.840.113556.1.4.1941:=cn={cn},ou=ad-testing,dc=ad-testing,dc=test,dc=io)]]></getOneFilter>
<cleanFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></cleanFilter>
<serverType>ActiveDirectory</serverType>
</asyncLdapSourceService>
<pluginDestinationService
implementationClass="org.lsc.plugins.connectors.executable.ExecutableLdifDestinationService">
<name>SyncTask-dst</name>
<connection reference="executable" />
<exec:executableLdifDestinationServiceSettings>
<name>SyncGroupTask-service</name>
<connection reference="executable" />
<exec:listScript>/home/ubuntu/list.sh</exec:listScript>
<exec:getScript>/home/ubuntu/get_group.sh</exec:getScript>
<exec:addScript>/home/ubuntu/add.py</exec:addScript>
<exec:updateScript>/home/ubuntu/add.py</exec:updateScript>
<exec:removeScript>/home/ubuntu/add.py</exec:removeScript>
<exec:renameScript>/home/ubuntu/rename.sh</exec:renameScript>
<exec:variables>
<entry><key>LDAP_BIND_DN</key><value>cn=Directory Manager</value></entry>
<entry><key>LDAP_BIND_PW</key><value>secret</value></entry>
<entry><key>LDAP_URL</key><value>ldap://localhost:33389</value></entry>
</exec:variables>
<exec:fetchedAttributes>
<string>member</string>
<string>objectClass</string>
<string>cn</string>
</exec:fetchedAttributes>
</exec:executableLdifDestinationServiceSettings>
</pluginDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>js:"cn=" +
javax.naming.ldap.Rdn.escapeValue(srcBean.getDatasetFirstValueById("cn"))</mainIdentifier>
<defaultDelimiter>,</defaultDelimiter>
<defaultPolicy>KEEP</defaultPolicy>
<conditions>
<create>true</create>
<update>true</update>
<delete>true</delete>
<changeId>true</changeId>
</conditions>
<dataset>
<name>objectClass</name>
<policy>KEEP</policy>
<createValues>
<string>"group"</string>
<string>"top"</string>
</createValues>
</dataset>
<dataset>
<name>member</name>
<policy>MERGE</policy>
<forceValues></forceValues>
</dataset>
</propertiesBasedSyncOptions>
</task>
>
> --
> Soisik
> _______________________________________________________________
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>
> lsc-users mailing list
> [email protected]
> https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
