Hi, I test the sync with create condition "true" and then I get a (false) result.
In the AD there is an entry like this: ***Searching... ldap_search_s(ld, "DC=foo,DC=bar", 2, "(samAccountName=lg)", attrList, 0, &msg) Getting 1 entries: Dn: CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar Then I start a sync I get this: Nov 08 16:50:12 - DEBUG - In object "CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": List of attributes considered for writing in destination: [uid, unixHomeDirectory, gidNumber, uidNumber, loginShell] Nov 08 16:50:12 - DEBUG - In object "CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Attribute "uid" is in FORCE status Nov 08 16:50:12 - DEBUG - In object "CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Adding attribute "uid" with values [lg] Nov 08 16:50:12 - DEBUG - In object "CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Attribute "unixHomeDirectory" is in FORCE status Nov 08 16:50:12 - DEBUG - In object "CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Adding attribute "unixHomeDirectory" with values [/home/lg] Nov 08 16:50:12 - DEBUG - In object "CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Attribute "gidNumber" is in FORCE status Nov 08 16:50:12 - DEBUG - In object "CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Adding attribute "gidNumber" with values [202] Nov 08 16:50:12 - DEBUG - In object "CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Attribute "uidNumber" is in FORCE status Nov 08 16:50:12 - DEBUG - In object "CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Adding attribute "uidNumber" with values [5675] Nov 08 16:50:12 - DEBUG - In object "CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Attribute "loginShell" is in FORCE status Nov 08 16:50:12 - DEBUG - In object "CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Adding attribute "loginShell" with values [/usr/bin/bash] Nov 08 16:50:12 - DEBUG - Create condition false. Should have added object CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar # Thu Nov 08 16:50:12 CET 2018 dn: CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar changetype: add uid: lg unixHomeDirectory: /home/lg gidNumber: 202 uidNumber: 5675 loginShell: /usr/bin/bash Nov 08 16:50:13 - INFO - All entries: 950, to modify entries: 1, successfully modified entries: 0, errors: 0 This is not what I expected. The sync should MODIFY the listed attribute in the destination entry and not create a new (duplicate) one with the list attribute. Has someone an advice what I do wrong ? Regards Martin Von: "Clément OUDOT" <[email protected]> An: [email protected] Datum: 07.11.2018 00:21 Betreff: Re: [lsc-users] Antwort: Re: Antwort: Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: NIS plugin and filtering Gesendet von: "lsc-users" <[email protected]> Le 06/11/2018 à 11:52, Martin Röh a écrit : Hi Soisik, as described I changed the sync destination from an openldap to an AD (also changing the attributes fitting the AD needs). If I start a sync now no entries for syncing are found, I only get this message: Nov 06 11:45:21 - INFO - Starting sync for NIS2LDAP-User-SyncTask Nov 06 11:45:21 - DEBUG - Connecting to the NIS domain ... Nov 06 11:45:21 - DEBUG - Retrieving the information ... Nov 06 11:45:22 - DEBUG - Closing context ... Nov 06 11:45:25 - INFO - All entries: 950, to modify entries: 0, successfully modified entries: 0, errors: 0 It seems to me that there are no matches between the NIS and the AD and I think I set the mainidentifier in a wrong way: <mainIdentifier>"CN=" + srcBean.getDatasetFirstValueById("uid")) + ",OU=HH,OU=Benutzer,DC=foo,DC=bar"></mainIdentifier> <defaultDelimiter>;</defaultDelimiter> <defaultPolicy>KEEP</defaultPolicy> <conditions> <create>false</create> <update><![CDATA[rjs: var update = false; java.lang.System.out.prbarln("checking user -> " + srcBean.getDatasetFirstValueById("uid")); The prbarln in the update condition is never reached. Is it possible to set a general prbarln outside of the condition block so I can see every entry from the source the sync is working on ? An output of every mainIdentifier would also be helpful. Hello, the create condition is set to "false" so if the entry does not exists in AD, it will not be created. -- Clément Oudot | Identity Solutions Manager [email protected] Worteks | https://www.worteks.com _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
