Thanks, works like a charm! On Tue, Jun 12, 2018 at 11:48 AM Clément OUDOT <[email protected]> wrote: > > > > Le 12/06/2018 à 10:43, Lior Dotan a écrit : > > On Tue, Jun 12, 2018 at 11:32 AM Clément OUDOT > > <[email protected]> wrote: > >> > >> > >> Le 12/06/2018 à 09:10, Lior Dotan a écrit : > >>> On Tue, Jun 12, 2018 at 10:05 AM Clément OUDOT > >>> <[email protected]> wrote: > >>>> > >>>> Le 12/06/2018 à 08:28, Lior Dotan a écrit : > >>>>> Hi, > >>>>> > >>>>> I'm trying to sync groups from AD to external scripts which I was able > >>>>> to do in the past. > >>>>> The problem now is that the update script is called with 'cn= ' only, > >>>>> without the group name even though the get script is called with the > >>>>> group name. > >>>>> Any idea what's going on? > >>>>> > >>>>> Jun 12 08:35:51 - INFO - Starting sync for SyncCreateGroupTask > >>>>> Jun 12 08:35:51 - DEBUG - Using pagedResults control for 1000 entries > >>>>> at a time > >>>>> Jun 12 08:35:51 - DEBUG - Lauching '/usr/local/bin/ad_get.sh > >>>>> CN=Management,OU=Microsoft Exchange,DC=TEST,DC=LOCAL ' > >>>>> Jun 12 08:35:51 - DEBUG - Writing to STDIN cn: Management > >>>>> > >>>>> Jun 12 08:35:51 - DEBUG - Waiting for command to stop ... > >>>>> Jun 12 08:35:53 - DEBUG - Messages dump on stderr by script: > >>>>> Jun 12 08:35:53 - WARN - The ldif file is empty > >>>>> Jun 12 08:35:53 - WARN - The ldif file is empty > >>>>> Jun 12 08:35:53 - ERROR - Entries count: 0 > >>>>> Jun 12 08:35:53 - DEBUG - Unsupported scripting engine: Oracle Nashorn > >>>>> Jun 12 08:35:54 - DEBUG - In object "cn=": List of attributes > >>>>> considered for writing in destination: [member, objectClass, cn] > >>>>> Jun 12 08:35:54 - DEBUG - In object "cn=": Attribute "member" is in > >>>>> FORCE status > >>>>> Jun 12 08:35:54 - DEBUG - In object "cn=": Adding attribute "member" > >>>>> with values [CN=Joe Doe, OU=Operation, OU=Test, DC=TEST, DC=LOCAL, > >>>>> CN=John Dough, CN=Test Test2] > >>>>> Jun 12 08:35:54 - DEBUG - In object "cn=": Attribute "objectClass" is > >>>>> in KEEP status > >>>>> Jun 12 08:35:54 - DEBUG - In object "cn=": Attribute "objectClass" > >>>>> will not be written to the destination > >>>>> Jun 12 08:35:54 - DEBUG - In object "cn=": Attribute "cn" is in KEEP > >>>>> status > >>>>> Jun 12 08:35:54 - DEBUG - In object "cn=": Attribute "cn" will not be > >>>>> written to the destination > >>>>> Jun 12 08:35:54 - DEBUG - Lauching '/usr/local/bin/ad_connector.py cn= ' > >>>>> > >>>>> > >>>> Your scripts seems to return nothing. Be sure to respect > >>>> STDIN/STDOUT/STDERR usage: > >>>> https://lsc-project.org/documentation/plugins/executable/howto_scripts > >>> The problem is that STDOUT doesn't contain the group name, this is > >>> what I get on STDOUT: > >>> Jun 12 08:35:54 - DEBUG - Writing to STDIN # Tue Jun 12 08:35:54 IDT 2018 > >>> dn: cn= > >>> changetype: add > >>> member: CN=Joe Doe > >>> > >>> Notice that the dn: us malformed which is why my script fails. > >>> My question is why I don't get the group name in the 'dn'. > >> Hard to say, because this depends on what you code in your script. Send > >> us the script if want help. > > This is the get script which seems to work ok: > > #! /bin/bash > > > > line="" > > read line > > text="$line" > > > > while test "$line" != "" > > do > > read line > > text="$text > > $line" > > done > > > > logger $0 $@ > > ad_connector.py GET $text > > > > > > This is the pythonscript that creates the group: > > def main(): > > parser = ldif.LDIFRecordList(sys.stdin) > > parser.parse() > > > > It fails on the parser.parse() as the LDiF is invalid because it looks > > like the example I pasted above (dn: cn= ). > > > Got it. The DN is built with: > > <mainIdentifier>js:"cn=" + > javax.naming.ldap.Rdn.escapeValue(srcBean.getDatasetFirstValueById("cn"))</mainIdentifier> > > > But "cn" is not defined in <fetchedAttributes> in ldapSourceService. > Just add it in the list. > > > -- > Clément Oudot | Identity Solutions Manager > > [email protected] > > Worteks | https://www.worteks.com > > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] > https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
