Hi Clement,
the connection is done with the AD admin user having full access rights.
Maybe the getOneFilter is wrong ?
<getOneFilter>(&(objectClass=user)(!(objectClass=computer))(sAMAccountName={uid}))</getOneFilter>
Is uid correctly filled from the nis plugin at this point ?
Regards
Martin
Von: "Clément OUDOT" <[email protected]>
An: [email protected]
Datum: 08.11.2018 17:19
Betreff: Re: [lsc-users] Antwort: Re: Antwort: Re: Antwort:
Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: Antwort:
Re: Antwort: Re: NIS plugin and filtering
Gesendet von: "lsc-users" <[email protected]>
Le 08/11/2018 à 16:59, Martin Röh a écrit :
Hi,
I test the sync with create condition "true" and then I get a (false)
result.
In the AD there is an entry like this:
***Searching...
ldap_search_s(ld, "DC=foo,DC=bar", 2, "(samAccountName=lg)", attrList, 0,
&msg)
Getting 1 entries:
Dn: CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar
Then I start a sync I get this:
Nov 08 16:50:12 - DEBUG - In object
"CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": List of attributes considered
for writing in destination: [uid, unixHomeDirectory, gidNumber, uidNumber,
loginShell]
Nov 08 16:50:12 - DEBUG - In object
"CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Attribute "uid" is in FORCE
status
Nov 08 16:50:12 - DEBUG - In object
"CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Adding attribute "uid" with
values [lg]
Nov 08 16:50:12 - DEBUG - In object
"CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Attribute "unixHomeDirectory" is
in FORCE status
Nov 08 16:50:12 - DEBUG - In object
"CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Adding attribute
"unixHomeDirectory" with values [/home/lg]
Nov 08 16:50:12 - DEBUG - In object
"CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Attribute "gidNumber" is in
FORCE status
Nov 08 16:50:12 - DEBUG - In object
"CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Adding attribute "gidNumber"
with values [202]
Nov 08 16:50:12 - DEBUG - In object
"CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Attribute "uidNumber" is in
FORCE status
Nov 08 16:50:12 - DEBUG - In object
"CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Adding attribute "uidNumber"
with values [5675]
Nov 08 16:50:12 - DEBUG - In object
"CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Attribute "loginShell" is in
FORCE status
Nov 08 16:50:12 - DEBUG - In object
"CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar": Adding attribute "loginShell"
with values [/usr/bin/bash]
Nov 08 16:50:12 - DEBUG - Create condition false. Should have added object
CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar
# Thu Nov 08 16:50:12 CET 2018
dn: CN=lg,OU=HH,OU=Benutzer,DC=foo,DC=bar
changetype: add
uid: lg
unixHomeDirectory: /home/lg
gidNumber: 202
uidNumber: 5675
loginShell: /usr/bin/bash
Nov 08 16:50:13 - INFO - All entries: 950, to modify entries: 1,
successfully modified entries: 0, errors: 0
This is not what I expected. The sync should MODIFY the listed attribute
in the destination entry and not create a new (duplicate) one with the
list attribute.
Has someone an advice what I do wrong ?
Maybe the account configured in LSC to browse AD has not enough rights to
read the entry? The issue is indeed that LSC does not find your entry and
tries to create a new one.
--
Clément Oudot | Identity Solutions Manager
[email protected]
Worteks | https://www.worteks.com
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
