Re: [lsc-users] Flattening AD Groups

[Lior Dotan]

On Thu, Feb 1, 2018 at 12:47 PM, Soisik Froger
<soisik.fro...@savoirfairelinux.com> wrote:
> On 01/02/2018 11:19, Lior Dotan wrote:
>>
>> I have a task for syncing users and one for groups, I am trying to run
>> the filter in the group task:
>
>
> I don't think that setting filters that pick up users in a sync group task
> is the right approach.
>
> If I were you, I'll have filters that pick up groups :
>
> <getAllFilter>(&amp;(objectClass=group))</getAllFilter>
> <getOneFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></getOneFilter>
>
> [...]
>
> and populate their member attributes by adapting this script
> https://lsc-project.org/documentation/tutorial/synchronizegroups#member so
> that it loads members using your filter, not the src member attributes,
> something like this (adapt it to your context) :
>
> <dataset>
> <name>member</name>
> <policy>MERGE</policy>
> <forceValues>
> <string>
> <![CDATA[rjs:
> var membersSrcDn =
> srcLdap.search("ou=users,ou=ad-testing,dc=ad-testing,dc=test,dc=io",
> "(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=cn="+srcBean.getDatasetFirstValueById("cn")+",ou=ad-testing,dc=ad-testing,dc=test,dc=io)");
>         [...]
> ]]>
>            </string>
> </forceValues>
>   </dataset>
>
I've tried your suggestion with the following code but membersSrcDn is null.
In ldapsearch I've used '-s sub', perhaps something similar is needed
here as well?
<string>
<![CDATA[rjs:
var membersSrcDn =
srcLdap.search("ou=ad-testing,dc=ad-testing,dc=test,dc=io",
"(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=cn="+srcBean.getDatasetFirstValueById("cn")+",ou=ad-testing,dc=ad-testing,dc=test,dc=io)");
.
.
.

> --
> Soisik
> _______________________________________________________________
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>
> lsc-users mailing list
> lsc-users@lists.lsc-project.org
> https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
lsc-users@lists.lsc-project.org
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users