seems to be working now. Thanks Clément! now, once my users (in AD) have the userAccountControl status changed I get no update in my destination ldap (389-ds). I'm using the FORCE policy for the ntUserFlags attribute (as per my xlm file), but here it is what I get when running lsc command:
Jun 12 09:27:33 - DEBUG - In object "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": List of attributes considered for writing in destination: [ntUserFlags, employeetype, ntUserDomainId, employeenumber, objectClass, sn, cn] Jun 12 09:27:33 - DEBUG - In object "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": Attribute "ntUserFlags" is in FORCE status Jun 12 09:27:33 - DEBUG - In object "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": Attribute "employeetype" is in FORCE status Jun 12 09:27:33 - DEBUG - In object "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": Attribute "ntUserDomainId" is in FORCE status Jun 12 09:27:33 - DEBUG - In object "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": Attribute "employeenumber" is in FORCE status Jun 12 09:27:33 - DEBUG - In object "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": Attribute "objectClass" is in KEEP status Jun 12 09:27:33 - DEBUG - In object "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": Attribute "sn" is in FORCE status Jun 12 09:27:33 - DEBUG - In object "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": Attribute "sn" will not be written to the destination Jun 12 09:27:33 - DEBUG - In object "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": Attribute "cn" is in FORCE status Jun 12 09:27:33 - DEBUG - In object "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": Attribute "cn" will not be written to the destination Jun 12 09:27:33 - DEBUG - Entry "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com" will not be written to the destination thx, Paulo Em seg, 11 de jun de 2018 às 10:43, Clément OUDOT <[email protected]> escreveu: > > > Le 11/06/2018 à 15:34, Paulo Sergio a écrit : > > you're right Clément.. I believe I was using the wrong destination > attribute (ntUserAuthFlags)...the correct one should be ntUserFlags which > gives the basic possibilities for the AD account status: > > > - 0x0002: Account disabled > > > - 0x0010: Account currently locked > > > - 0x0020: Password not required > > > - 0x0040: User cannot change password > > > - 0x10000: Password should never expire > > > those values are the same as Active Directory (as far as I know). Now my > problem is how to write to destination (389-ds ldap). > > > You need to use some javascript with AD.userAccountControlSet() > > > https://lsc-project.org/javadoc/2.1-SNAPSHOT/org/lsc/utils/directory/AD.html#userAccountControlSet-int-java.lang.String:A > - > > -- > Clément Oudot | Identity Solutions Manager > [email protected] > > Worteks | https://www.worteks.com > > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] > https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
