Le 12/06/2018 à 10:43, Lior Dotan a écrit :
> On Tue, Jun 12, 2018 at 11:32 AM Clément OUDOT
> <clement.ou...@worteks.com> wrote:
>>
>>
>> Le 12/06/2018 à 09:10, Lior Dotan a écrit :
>>> On Tue, Jun 12, 2018 at 10:05 AM Clément OUDOT
>>> <clement.ou...@worteks.com> wrote:
>>>>
>>>> Le 12/06/2018 à 08:28, Lior Dotan a écrit :
>>>>> Hi,
>>>>>
>>>>> I'm trying to sync groups from AD to external scripts which I was able
>>>>> to do in the past.
>>>>> The problem now is that the update script is called with 'cn= ' only,
>>>>> without the group name even though the get script is called with the
>>>>> group name.
>>>>> Any idea what's going on?
>>>>>
>>>>> Jun 12 08:35:51 - INFO - Starting sync for SyncCreateGroupTask
>>>>> Jun 12 08:35:51 - DEBUG - Using pagedResults control for 1000 entries at
>>>>> a time
>>>>> Jun 12 08:35:51 - DEBUG - Lauching '/usr/local/bin/ad_get.sh
>>>>> CN=Management,OU=Microsoft Exchange,DC=TEST,DC=LOCAL '
>>>>> Jun 12 08:35:51 - DEBUG - Writing to STDIN cn: Management
>>>>>
>>>>> Jun 12 08:35:51 - DEBUG - Waiting for command to stop ...
>>>>> Jun 12 08:35:53 - DEBUG - Messages dump on stderr by script:
>>>>> Jun 12 08:35:53 - WARN - The ldif file is empty
>>>>> Jun 12 08:35:53 - WARN - The ldif file is empty
>>>>> Jun 12 08:35:53 - ERROR - Entries count: 0
>>>>> Jun 12 08:35:53 - DEBUG - Unsupported scripting engine: Oracle Nashorn
>>>>> Jun 12 08:35:54 - DEBUG - In object "cn=": List of attributes
>>>>> considered for writing in destination: [member, objectClass, cn]
>>>>> Jun 12 08:35:54 - DEBUG - In object "cn=": Attribute "member" is in
>>>>> FORCE status
>>>>> Jun 12 08:35:54 - DEBUG - In object "cn=": Adding attribute "member"
>>>>> with values [CN=Joe Doe, OU=Operation, OU=Test, DC=TEST, DC=LOCAL,
>>>>> CN=John Dough, CN=Test Test2]
>>>>> Jun 12 08:35:54 - DEBUG - In object "cn=": Attribute "objectClass" is
>>>>> in KEEP status
>>>>> Jun 12 08:35:54 - DEBUG - In object "cn=": Attribute "objectClass"
>>>>> will not be written to the destination
>>>>> Jun 12 08:35:54 - DEBUG - In object "cn=": Attribute "cn" is in KEEP
>>>>> status
>>>>> Jun 12 08:35:54 - DEBUG - In object "cn=": Attribute "cn" will not be
>>>>> written to the destination
>>>>> Jun 12 08:35:54 - DEBUG - Lauching '/usr/local/bin/ad_connector.py cn= '
>>>>>
>>>>>
>>>> Your scripts seems to return nothing. Be sure to respect
>>>> STDIN/STDOUT/STDERR usage:
>>>> https://lsc-project.org/documentation/plugins/executable/howto_scripts
>>> The problem is that STDOUT doesn't contain the group name, this is
>>> what I get on STDOUT:
>>> Jun 12 08:35:54 - DEBUG - Writing to STDIN # Tue Jun 12 08:35:54 IDT 2018
>>> dn: cn=
>>> changetype: add
>>> member: CN=Joe Doe
>>>
>>> Notice that the dn: us malformed which is why my script fails.
>>> My question is why I don't get the group name in the 'dn'.
>> Hard to say, because this depends on what you code in your script. Send
>> us the script if want help.
> This is the get script which seems to work ok:
> #! /bin/bash
>
> line=""
> read line
> text="$line"
>
> while test "$line" != ""
> do
> read line
> text="$text
> $line"
> done
>
> logger $0 $@
> ad_connector.py GET $text
>
>
> This is the pythonscript that creates the group:
> def main():
> parser = ldif.LDIFRecordList(sys.stdin)
> parser.parse()
>
> It fails on the parser.parse() as the LDiF is invalid because it looks
> like the example I pasted above (dn: cn= ).
Got it. The DN is built with:
<mainIdentifier>js:"cn=" +
javax.naming.ldap.Rdn.escapeValue(srcBean.getDatasetFirstValueById("cn"))</mainIdentifier>
But "cn" is not defined in <fetchedAttributes> in ldapSourceService.
Just add it in the list.
--
Clément Oudot | Identity Solutions Manager
clement.ou...@worteks.com
Worteks | https://www.worteks.com
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
