Hi guys, just trying to sync info from an AD to my 389DS. So far I can get pretty much all I need except by the userAccountControl and password policy. Would someone point me to the right direction in how to do it? Basically I can get the userAccountControl value but I just can't write to ntUserAuthFlags. The password policy I have no idea in how to start.
here is my lsc.xml file so far: <?xml version="1.0" ?> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0"> <connections> <ldapConnection> <name>ldap-src-conn</name> <url>ldap://192.168.0.224:389/dc=ad,dc=com</url> <username>cn=389sync,cn=users,dc=ad,dc=com</username> <password>Secret</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>1000</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> </ldapConnection> <ldapConnection> <name>ldap-dst-conn</name> <url>ldap://localhost:389/dc=ldapinternal,dc=com</url> <username>uid=gpslab,dc=ldapinternalgps-lab,dc=com</username> <password>Secret2</password> <authentication>SIMPLE</authentication> <referral>IGNORE</referral> <derefAliases>NEVER</derefAliases> <version>VERSION_3</version> <pageSize>1000</pageSize> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> <tlsActivated>false</tlsActivated> </ldapConnection> </connections> <audits> <csvAudit> <name>csv</name> <append>true</append> <operations>create, delete</operations> <file>/tmp/dump.csv</file> <datasets>cn, dn</datasets> <separator>,</separator> </csvAudit> </audits> <tasks> <task> <name>AD2389dsSync</name> <bean>org.lsc.beans.SimpleBean</bean> <ldapSourceService> <name>opends-src-service</name> <connection reference="ldap-src-conn" /> <baseDn>cn=Users,dc=ad,dc=com</baseDn> <pivotAttributes> <string>sAMAccountName</string> </pivotAttributes> <fetchedAttributes> <string>description</string> <string>cn</string> <string>sn</string> <string>givenName</string> <string>samAccountName</string> <string>userPrincipalName</string> <string>employeeType</string> <string>employeeNumber</string> <string>userAccountControl</string> </fetchedAttributes> <getAllFilter>(objectClass=user)</getAllFilter> <getOneFilter>(&(!(objectClass=computer))(objectClass=user)(samAccountName={samAccountName}))</getOneFilter> <cleanFilter>(&(objectClass=user)(samAccountName={uid}))</cleanFilter> </ldapSourceService> <ldapDestinationService> <name>opends-dst-service</name> <connection reference="ldap-dst-conn" /> <baseDn>ou=People,dc=ldapinternal,dc=com</baseDn> <pivotAttributes> <string>uid</string> </pivotAttributes> <fetchedAttributes> <string>sn</string> <string>cn</string> <string>objectClass</string> <string>mail</string> --> <string>employeetype</string> <string>employeenumber</string> <string>ntUserDomainId</string> <string>ntUserAuthFlags</string> </fetchedAttributes> <getAllFilter>(objectClass=inetorgperson)</getAllFilter> <getOneFilter>(&(objectClass=inetorgperson)(uid={samAccountName}))</getOneFilter> </ldapDestinationService> <propertiesBasedSyncOptions> <mainIdentifier>"uid=" + srcBean.getDatasetFirstValueById("samAccountName") + ",ou=People,dc=ldapinternal,dc=com"</mainIdentifier> <defaultDelimiter>;</defaultDelimiter> <defaultPolicy>KEEP</defaultPolicy> <conditions> <create>true</create> <update>true</update> <delete>false</delete> <changeId>true</changeId> </conditions> <dataset> <name>objectclass</name> <policy>KEEP</policy> <createValues> <string>"top"</string> <string>"person"</string> <string>"organizationalPerson"</string> <string>"inetorgperson"</string> <string>"ntuser"</string> </createValues> </dataset> <dataset> <name>ntUserAuthFlags</name> <policy>FORCE</policy> <createValues> <string>js:(srcBean.getDatasetFirstValueById('userAccountControl'))</string> </createValues> </dataset> <dataset> <name>ntUserDomainId</name> <policy>FORCE</policy> <createValues> <string>js:(srcBean.getDatasetFirstValueById("samAccountName"))</string> </createValues> </dataset> <dataset> <name>employeetype</name> <policy>FORCE</policy> <createValues> <string>js:(srcBean.getDatasetFirstValueById("employeetype") != null)</string> </createValues> </dataset> <dataset> <name>sn</name> <policy>FORCE</policy> <createValues> <string>js:(srcBean.getDatasetFirstValueById("sn") != null ? srcBean.getDatasetFirstValueById("sn") : srcBean.getDatasetFirstValueByI d("uid") )</string> </createValues> </dataset> <dataset> <name>uid</name> <policy>KEEP</policy> <createValues> <string>js:srcBean.getDatasetFirstValueById("samAcccountName")</string> </createValues> </dataset> <dataset> <name>employeenumber</name> <policy>FORCE</policy> <createValues> <string>js:srcBean.getDatasetFirstValueById("employeeNumber")</string> </createValues> </dataset> </propertiesBasedSyncOptions> </task> </tasks> <security> <encryption> <keyfile>etc/lsc.key</keyfile> <algorithm>AES</algorithm> <strength>128</strength> </encryption> </security> </lsc>
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list lsc-users@lists.lsc-project.org https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
