Hi Clément,
I did a few tests and I have no idea why this is happening. I change the
userAccountControl from AD side (souce) and I get none when running lsc. As
I show below.
Here is what I get when I run lsc command:
Jun 14 14:24:42 - DEBUG - In object "uid=user1,ou=People,dc=ad,dc=com":
List of attributes considered for writing in destination: [ntUserFlags,
employeetype, ntUserDomainId, employeenumber, objectClass, sn, cn]
Jun 14 14:24:42 - DEBUG - In object "uid=user1,ou=People,dc=ad,dc=com":
Attribute "ntUserFlags" is in FORCE status
Jun 14 14:24:42 - DEBUG - In object "uid=user1,ou=People,dc=ad,dc=com":
Attribute "employeetype" is in FORCE status
Jun 14 14:24:42 - DEBUG - In object "uid=user1,ou=People,dc=ad,dc=com":
Attribute "ntUserDomainId" is in FORCE status
Jun 14 14:24:42 - DEBUG - In object "uid=user1,ou=People,dc=ad,dc=com":
Attribute "employeenumber" is in FORCE status
Jun 14 14:24:42 - DEBUG - In object "uid=user1,ou=People,dc=ad,dc=com":
Attribute "objectClass" is in KEEP status
Jun 14 14:24:42 - DEBUG - In object "uid=user1,ou=People,dc=ad,dc=com":
Attribute "sn" is in FORCE status
Jun 14 14:24:42 - DEBUG - In object "uid=user1,ou=People,dc=ad,dc=com":
Attribute "sn" will not be written to the destination
Jun 14 14:24:42 - DEBUG - In object "uid=user1,ou=People,dc=ad,dc=com":
Attribute "cn" is in FORCE status
Jun 14 14:24:42 - DEBUG - In object "uid=user1,ou=People,dc=ad,dc=com":
Attribute "cn" will not be written to the destination
Jun 14 14:24:42 - DEBUG - Entry "uid=user1,ou=People,dc=ad,dc=com" will not
be written to the destination
This is what I have in my source (AD)
C:\TEMP\AdFind>adfind -b dc=ad,dc=com -f "samaccountname=user1*"
Using server: ADSERVER.ad.local:389
Directory: Windows Server 2008
dn:CN=User One,CN=Users,DC=ad,dc=com
>objectClass: top
>objectClass: person
>objectClass: organizationalPerson
>objectClass: user
>cn: User One
>sn: One
>givenName: User
>distinguishedName: CN=User One,CN=Users,DC=ad,dc=com
>instanceType: 4
>whenCreated: 20180522165151.0Z
>whenChanged: 20180613115313.0Z
>displayName: User One
>uSNCreated: 143962
>uSNChanged: 148417
>name: User One
>objectGUID: {DC05624E-FC21-4BFC-9802-AC79C6A528F0}
>userAccountControl: 514
>badPwdCount: 0
>codePage: 0
>countryCode: 0
>badPasswordTime: 0
>lastLogoff: 0
>lastLogon: 0
>pwdLastSet: 131714815110708144
>primaryGroupID: 513
>objectSid: S-1-5-21-522684398-3338071774-2791690647-1123
>accountExpires: 9223372036854775807
>logonCount: 0
>sAMAccountName: user1
>sAMAccountType: 805306368
>userPrincipalName: user1@ad.local
>objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ad,dc=com
>dSCorePropagationData: 16010101000000.0Z
>msDS-SupportedEncryptionTypes: 0
>mail: us...@mail.com
1 Objects returned
Here is what I have in my destination (ldap 389-ds) after running lsc:
# user1, People, gps-lab.local
dn: uid=user1,ou=People,dc=gps-lab,dc=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: ntuser
ntUserDomainId: user1
ntUserFlags: 512
employeeType: true
uid: user1
sn: One
cn: User One
employeeNumber: 40300766882
mail: us...@mail.com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Em qua, 13 de jun de 2018 às 07:25, Paulo Sergio <overcast2...@gmail.com>
escreveu:
> that is the thing Clément.. they are different. I'll run some more tests
> and see what happens.
>
> Em ter, 12 de jun de 2018 às 16:43, Clément OUDOT <
> clement.ou...@worteks.com> escreveu:
>
>>
>>
>> Le 12/06/2018 à 14:41, Paulo Sergio a écrit :
>> > seems to be working now. Thanks Clément!
>> >
>> > now, once my users (in AD) have the userAccountControl status changed
>> > I get no update in my destination ldap (389-ds). I'm using the FORCE
>> > policy for the ntUserFlags attribute (as per my xlm file), but here it
>> > is what I get when running lsc command:
>> >
>> > Jun 12 09:27:33 - DEBUG - In object
>> > "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": List of
>> > attributes considered for writing in destination: [ntUserFlags,
>> > employeetype, ntUserDomainId, employeenumber, objectClass, sn, cn]
>> > Jun 12 09:27:33 - DEBUG - In object
>> > "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": Attribute
>> > "ntUserFlags" is in FORCE status
>> > Jun 12 09:27:33 - DEBUG - In object
>> > "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": Attribute
>> > "employeetype" is in FORCE status
>> > Jun 12 09:27:33 - DEBUG - In object
>> > "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": Attribute
>> > "ntUserDomainId" is in FORCE status
>> > Jun 12 09:27:33 - DEBUG - In object
>> > "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": Attribute
>> > "employeenumber" is in FORCE status
>> > Jun 12 09:27:33 - DEBUG - In object
>> > "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": Attribute
>> > "objectClass" is in KEEP status
>> > Jun 12 09:27:33 - DEBUG - In object
>> > "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": Attribute "sn"
>> > is in FORCE status
>> > Jun 12 09:27:33 - DEBUG - In object
>> > "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": Attribute "sn"
>> > will not be written to the destination
>> > Jun 12 09:27:33 - DEBUG - In object
>> > "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": Attribute "cn"
>> > is in FORCE status
>> > Jun 12 09:27:33 - DEBUG - In object
>> > "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com": Attribute "cn"
>> > will not be written to the destination
>> > Jun 12 09:27:33 - DEBUG - Entry
>> > "uid=user1,ou=People,dc=ldapinternalgps-lab,dc=com" will not be
>> > written to the destination
>> >
>> >
>>
>>
>> If the modification is not seen, it is because LSC finds no difference
>> between the destination value and the result of the dataset.
>>
>> --
>> Clément Oudot | Identity Solutions Manager
>>
>> clement.ou...@worteks.com
>>
>> Worteks | https://www.worteks.com
>>
>> _______________________________________________________________
>> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>>
>> lsc-users mailing list
>> lsc-users@lists.lsc-project.org
>> https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
>
>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
