That's why you need to adapt the javascript in the member dataset to get
the real user DN in destination tp put this value as member. See as
example :
https://lsc-project.org/documentation/tutorial/synchronizegroups#properties
Hello,
Indeed, I succeded in adapting the js part to import users from
posixgroups/memberuid's (source LDAP) to groups (Samba4/AD groups)
But some errors remains and i would like to know why.
The destination groups ar partially fullfilled, but sometimes it fails,
and even some (a few) groups remain empty.
Here is the trace, when launching LSC:
juin 08 12:14:30 - ERROR - Error while synchronizing ID {cn=[s2489]}:
org.lsc.exception.LscServiceException:
java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
juin 08 12:14:30 - INFO - # Updating object
CN=MYGROUP,OU=Groups,DC=dstdomain,DC=lan for LDAPGROUPS2AD
# Fri Jun 08 12:14:30 CEST 2018
dn: CN=MYGROUP,OU=Groups,DC=dstdomain,DC=lan
changetype: modify
replace: member
member: CN=User1 User1name,cn=users,dc=dstdomain,dc=lan
member: CN=User2 User2name,cn=users,dc=dstdomain,dc=lan
Here is my full config for the LDAP2GROUP task:
Where i f firstly retrieve the memberUid attributes from the
posixgroups, then foreach I try to perform a LDAP search to get the CN
associated to the memberUid, and then create the user in destination groups.
<task>
<name>LDAPGROUPS2AD</name>
<bean>org.lsc.beans.SimpleBean</bean>
<asyncLdapSourceService>
<name>group-source-service</name>
<connection reference="ldap-source-conn-group" />
<baseDn>ou=groupes,dc=srcdomain,dc=lan</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>description</string>
<string>memberUid</string>
<string>gidNumber</string>
<string>mail</string>
</fetchedAttributes>
<getAllFilter><![CDATA[(objectClass=posixgroup)]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=posixgroup)(cn={cn}))]]></getOneFilter>
<serverType>OpenLDAP</serverType>
</asyncLdapSourceService>
<ldapDestinationService>
<name>group-dst-service</name>
<connection reference="ldap-dst-conn-group" />
<baseDn>OU=Groups,DC=dstdomain,DC=lan</baseDn>
<pivotAttributes>
<string>cn</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>description</string>
<string>mail</string>
<string>member</string>
<string>objectClass</string>
<string>gidNumber</string>
<string>sAMAccountName</string>
</fetchedAttributes>
<getAllFilter><![CDATA[(objectClass=group)]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>js:"cn=" +
javax.naming.ldap.Rdn.escapeValue(srcBean.getDatasetFirstValueById("cn"))
+ ",OU=Groups,DC=dstdomain,DC=lan"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<conditions>
<create>true</create>
<update>true</update>
<delete>true</delete>
<changeId>true</changeId>
</conditions>
<dataset>
<name>objectclass</name>
<policy>KEEP</policy>
<createValues>
<string>"group"</string>
<string>"top"</string>
</createValues>
</dataset>
<dataset>
<name>member</name>
<policy>FORCE</policy>
<forceValues>
<string>
<![CDATA[rjs:
var membersSrcUid =
srcBean.getDatasetValuesById("memberUid");
var membersDstDn = [];
for (var i=0; i<membersSrcUid.size(); i++) {
var membersFinalUid = membersSrcUid.get(i);
var destDn = ldap.search("cn=users",
"(sAMAccountName=" + membersFinalUid + ")");
var dn = destDn[0] + ",dc=dstdomain,dc=lan"
membersDstDn.push(dn);
}
membersDstDn
]]>
</string>
</forceValues>
</dataset>
<dataset>
<!-- sAMAccountName = cn -->
<name>sAMAccountName</name>
<policy>FORCE</policy>
<forceValues>
<string>srcBean.getDatasetFirstValueById("cn")</string>
</forceValues>
</dataset>
</propertiesBasedSyncOptions>
</task>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
