Hi, I'm also interested in synchronization of AD groups for purposes of AD user group membership. Here in this xml example are also included sh and py scripts, like ad_list.sh or ad_connector.py. I have a question if these scripts are part of lsc project distribution or are just specific custom script from the user of LSC tool. Also I have a question if it is mandatory to use external scripts for synchronization of AD groups membership or I can just use ldap for LdapSourceService and also for LdapDestinationService.
Thanks in advance, Matjaž V V pet., 30. nov. 2018 ob 08:56 je oseba Lior Dotan <[email protected]> napisala: > > We need to see the full lsc.xml file to help you. > > Here is the lsc.xml file: > <?xml version="1.0" ?> > <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; > xmlns:exec="http://lsc-project.org/XSD/lsc-executable-plugin-1.0.xsd"; > revision="0"> > > <connections> > <ldapConnection> > <name>ldap-src-conn</name> > <url>ldap://dc.acme.corp:389/OU=Offices,DC=acme,DC=corp</url> > <username>[email protected]</username> > <password>notpassword</password> > <authentication>SIMPLE</authentication> > <referral>IGNORE</referral> > <derefAliases>NEVER</derefAliases> > <version>VERSION_3</version> > <pageSize>1000</pageSize> > <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> > <tlsActivated>false</tlsActivated> > </ldapConnection> > <pluginConnection> > <name>executable</name> > <url>fake</url> > <username>fake</username> > <password>fake</password> > </pluginConnection> > </connections> > <tasks> > <task> > <name>SyncUpdateGroupTask</name> > <bean>org.lsc.beans.SimpleBean</bean> > <ldapSourceService> > <name>SyncUpdateGroupTask-src</name> > <connection reference="ldap-src-conn" /> > <baseDn>OU=Offices,DC=acme,DC=corp</baseDn> > <pivotAttributes> > <string>cn</string> > </pivotAttributes> > <fetchedAttributes> > <string>cn</string> > <string>member</string> > </fetchedAttributes> > <getAllFilter>(&(objectClass=group))</getAllFilter> > <getOneFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></getOneFilter> > <cleanFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></cleanFilter> > </ldapSourceService> > <pluginDestinationService > > implementationClass="org.lsc.plugins.connectors.executable.ExecutableLdifDestinationService"> > <name>SyncUpdateGroupTask-dst</name> > <connection reference="executable" /> > <exec:executableLdifDestinationServiceSettings> > <name>SyncUpdateGroupTask-service</name> > <connection reference="executable" /> > <exec:listScript>/usr/local/bin/ad_list.sh</exec:listScript> > <exec:getScript>/usr/local/bin/ad_get.sh</exec:getScript> > <exec:addScript>/usr/local/bin/ad_connector.py</exec:addScript> > <exec:updateScript>/usr/local/bin/ad_connector.py</exec:updateScript> > <exec:removeScript>/usr/local/bin/ad_connector.py</exec:removeScript> > <exec:renameScript>/usr/local/bin/ad_rename.sh</exec:renameScript> > <exec:fetchedAttributes> > <string>member</string> > <string>objectClass</string> > <string>cn</string> > </exec:fetchedAttributes> > </exec:executableLdifDestinationServiceSettings> > </pluginDestinationService> > <propertiesBasedSyncOptions> > <mainIdentifier>js:"cn=" + > > javax.naming.ldap.Rdn.escapeValue(srcBean.getDatasetFirstValueById("cn"))</mainIdentifier> > <defaultDelimiter>,</defaultDelimiter> > <defaultPolicy>KEEP</defaultPolicy> > <conditions> > <create>false</create> > <update>true</update> > <delete>false</delete> > <changeId>false</changeId> > </conditions> > <dataset> > <name>member</name> > <policy>FORCE</policy> > <forceValues> > <string> > <![CDATA[rjs: > var membersSrcDn = srcBean.getDatasetValuesById("member"); > var membersDstDn = dstBean.getDatasetValuesById("member"); > var membersList = new java.util.ArrayList(); > var syncMembers = new java.util.ArrayList(); > for (var i=0; i<membersSrcDn.size(); i++) { > var memberSrcDn = ""; > try { > memberSrcDn = membersSrcDn.get(i); > } catch(e) { > continue; > } > membersList.addAll(getMembersDn(srcLdap, > membersDstDn, memberSrcDn)); > } > var diff = difference(membersDstDn, membersList); > syncMembers.addAll(diff); > if ( syncMembers.size() == 0) { > membersList.add("cn=empty"); > } > syncMembers > ]]> > </string> > </forceValues> > </dataset> > </propertiesBasedSyncOptions> > <scriptInclude> > <string>ldap.js</string> > </scriptInclude> > </task> > </tasks> > </lsc> > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] > https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
