One more update for the day. It seems I’m hitting this issue #27<https://github.com/lsc-project/lsc/issues/27>. Any chance someone wants to write a patch that takes care of that this week? I could pay you for your time if it works out.
I’ve loaded it into my IDE and might take a stab at it, but a real programmer I am not... Jeremy Sanders, CCIE 12332 R&S and Voice Solutions Architect http://www.teklinks.com<http://www.teklinks.com/> t: 205.314.6630 | m: 205.249.5988 Call me via video at sip:[email protected]<mailto:[email protected]> support: 877.800.8898 In the event you are unable to reach me and need immediate assistance, please call 205.314.6600 and ask for an Engineering Coordinator or follow the Auto Attendant instructions for our Automated Escalation System. On Apr 24, 2018, at 11:12 AM, Jeremy Sanders <[email protected]<mailto:[email protected]>> wrote: At the moment I have the sync pushing a value into the AD LDS visGUID attribute, but it doesn’t match. When I run a sync I get the following output: Apr 24 10:41:24 - INFO - # Updating object *** for VIS2LDS # Tue Apr 24 10:41:24 CDT 2018 dn: *** changetype: modify replace: visGUID visGUID:: w6Btw7DDlsOIw7ITR8WhQjRWwqPDh2zCvQ== But when I view the attribute in LDS via LDP or Softerra LDAP Admin it is all jumbled binary data. I’m also not sure that the base64 encoding above can be converted back to the byte representation of the source value that it supposedly came from: objectGUID: {54BD95CE-E4AE-4CDA-BEF3-2956D3A263AB} Here is my config: <?xml version="1.0" ?> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0"> <connections> <ldapConnection> <name>ldap-vis</name> <url>***</url> <username>***</username> <password>***</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>1000</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> <binaryAttributes> <string>objectGUID</string> </binaryAttributes> </ldapConnection> <ldapConnection> <name>ldap-lds</name> <url>***</url> <username>***</username> <password>***</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>1000</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> <binaryAttributes> <string>visGUID</string> </binaryAttributes> </ldapConnection> </connections> <tasks> <task> <name>OUSync</name> <bean>org.lsc.beans.SimpleBean</bean> <ldapSourceService> <name>OU-src-service</name> <connection reference="ldap-vis" /> <baseDn>***</baseDn> <pivotAttributes><string>distinguishedName</string></pivotAttributes> <fetchedAttributes> <string>distinguishedName</string> <string>objectClass</string> <string>ou</string> </fetchedAttributes> <getAllFilter>(objectClass=organizationalUnit)</getAllFilter> <getOneFilter>(&(objectClass=organizationalUnit)(distinguishedName={distinguishedName}))</getOneFilter> <cleanFilter>(&(objectClass=organizationalUnit)(distinguishedName={distinguishedName}))</cleanFilter> </ldapSourceService> <ldapDestinationService> <name>OU-dst-service</name> <connection reference="ldap-lds" /> <baseDn>***</baseDn> <pivotAttributes> <string>distinguishedName</string> </pivotAttributes> <fetchedAttributes> <string>distinguishedName</string> <string>objectClass</string> <string>ou</string> </fetchedAttributes> <getAllFilter>(objectClass=organizationalUnit)</getAllFilter> <getOneFilter>(&(objectClass=organizationalUnit)(distinguishedName={distinguishedName}))</getOneFilter> </ldapDestinationService> <propertiesBasedSyncOptions> <mainIdentifier> srcBean.getDatasetFirstValueById("distinguishedName") </mainIdentifier> <defaultDelimiter>;</defaultDelimiter> <defaultPolicy>KEEP</defaultPolicy> <dataset> <name>distinguishedName</name> <policy>KEEP</policy> </dataset> </propertiesBasedSyncOptions> </task> <task> <name>VIS2LDS</name> <bean>org.lsc.beans.SimpleBean</bean> <ldapSourceService> <name>VIS-src-service</name> <connection reference="ldap-vis" /> <baseDn>***</baseDn> <pivotAttributes><string>userPrincipalName</string></pivotAttributes> <fetchedAttributes> <string>distinguishedName</string> <string>cn</string> <string>sn</string> <string>objectClass</string> <string>userPrincipalName</string> <string>mail</string> <string>msRTCSIP-PrimaryUserAddress</string> <string>telephoneNumber</string> <string>givenName</string> <string>displayName</string> <string>mobile</string> <string>objectGUID</string> </fetchedAttributes> <getAllFilter>(&(objectClass=user)(!(objectClass=computer)))</getAllFilter> <getOneFilter>(&(objectClass=user)(userPrincipalName={userPrincipalName}))</getOneFilter> <cleanFilter>(&(objectClass=user)(userPrincipalName={userPrincipalName}))</cleanFilter> </ldapSourceService> <ldapDestinationService> <name>LDS-dst-service</name> <connection reference="ldap-lds" /> <baseDn>***</baseDn> <pivotAttributes> <string>userPrincipalName</string> </pivotAttributes> <fetchedAttributes> <string>distinguishedName</string> <string>cn</string> <string>sn</string> <string>objectClass</string> <string>userPrincipalName</string> <string>mail</string> <string>msRTCSIP-PrimaryUserAddress</string> <string>telephoneNumber</string> <string>givenName</string> <string>displayName</string> <string>mobile</string> <string>visGUID</string> </fetchedAttributes> <getAllFilter>(objectClass=user)</getAllFilter> <getOneFilter>(&(objectClass=user)(userPrincipalName={userPrincipalName}))</getOneFilter> </ldapDestinationService> <propertiesBasedSyncOptions> <mainIdentifier> srcBean.getDatasetFirstValueById("distinguishedName") </mainIdentifier> <defaultDelimiter>;</defaultDelimiter> <defaultPolicy>FORCE</defaultPolicy> <dataset> <name>distinguishedName</name> <policy>KEEP</policy> </dataset> <dataset> <name>visGUID</name> <policy>FORCE</policy> <forceValues> <string>srcBean.getDatasetFirstValueById("objectGUID")</string> </forceValues> </dataset> </propertiesBasedSyncOptions> </task> </tasks> </lsc> Thanks, Jeremy Sanders, CCIE 12332 R&S and Voice Solutions Architect http://www.teklinks.com<http://www.teklinks.com/> t: 205.314.6630 | m: 205.249.5988 Call me via video at sip:[email protected]<mailto:[email protected]> support: 877.800.8898 In the event you are unable to reach me and need immediate assistance, please call 205.314.6600 and ask for an Engineering Coordinator or follow the Auto Attendant instructions for our Automated Escalation System. On Apr 24, 2018, at 8:29 AM, Jeremy Sanders <[email protected]<mailto:[email protected]>> wrote: I’m trying to use LSC to sync between an LDAP aggregator service (Optimal VIS) and AD LDS. I need to be able to maintain the correlation between accounts across DN and UPN changes. Optimal VIS maintains the Object GUID from the backend Active Directory as the object is passed through. AD LDS creates a new Object GUID and I can’t force it to use the Object GUID from VIS since it is it’s own “primary key” right? So, the only way I can come up with to logically accomplish this is to try to store the Optimal VIS Object GUID into a schema attribute on the AD LDS side and use those two attributes as the pivot attribute. The only problem with this is that the Object GUID is binary and not a string value. According to Raphaël Ouazana on GitHub, LSC will support a binary pivot attribute (with a link to some example code)<https://github.com/lsc-project/lsc/blob/master/src/test/java/org/lsc/Ldap2LdapBinaryPivotSyncTest.java>. However, I’m not sure how to take that example code and implement that via the configuration file and sync process of LSC. At this point I have data successfully sync’ing between VIS and AD LDS using DN as the pivot attribute and all the data that I need to use is being sync’d successfully. I just need to work out how to maintain the link between accounts across name/email/upn/dn changes. Does anyone have any pointers? Thanks, Jeremy Sanders, CCIE 12332 R&S and Voice Solutions Architect http://www.teklinks.com<http://www.teklinks.com/> t: 205.314.6630 | m: 205.249.5988 Call me via video at sip:[email protected]<mailto:[email protected]> support: 877.800.8898 In the event you are unable to reach me and need immediate assistance, please call 205.314.6600 and ask for an Engineering Coordinator or follow the Auto Attendant instructions for our Automated Escalation System. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org<http://lsc-project.org/> lsc-users mailing list [email protected]<mailto:[email protected]> https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected]<mailto:[email protected]> https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
