Hello -
Using the instructions at https://lsc-project.org/documentation/tutorial/synchronizegroups I am able to synchronize groups unless they are large. I know this is due to the AD range issue. I have tried using the “Script to bypass AD range” athttps://lsc-project.org/documentation/howto/adrangescript. I understand how to register the external script in my lsc.conf and how to call the function. I’ve struggled for several days in a row trying to understand how to use the script in my lsc.conf. I’ve read every post I can find and tried everything I can think of to try. Below is my group sync task (also attached as a PDF). It works fine for small/medicum groups. Please help me understand how I reference the “Script to bypass AD range” in this configuration properly. I’ve also attached the bypass script I’m referencing in my task (I called it bypass.js). ------------------------------------------------------------------------------------------------------------------------------ <task> <name>group-sync</name> <bean>org.lsc.beans.SimpleBean</bean> <ldapSourceService> <name>fdsync-groups</name> <connection reference=“source” /> <baseDn>OU=Groups,OU=DIV,OU=Applications,OU=Resources,o=org,c=US</baseDn> <pivotAttributes> <string>cn</string> </pivotAttributes> <fetchedAttributes> <string>cn</string> <string>member</string> <string>objectClass</string> </fetchedAttributes> <getAllFilter><![CDATA[(objectClass=group)]]></getAllFilter> <getOneFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></getOneFilter> <cleanFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></cleanFilter> </ldapSourceService> <ldapDestinationService> <name>destination-groups</name> <connection reference="destination" /> <baseDn>DC=poc,DC=local</baseDn> <pivotAttributes> <string>cn</string> </pivotAttributes> <fetchedAttributes> <string>cn</string> <string>member</string> <string>objectClass</string> </fetchedAttributes> <getAllFilter><![CDATA[(objectClass=group)]]></getAllFilter> <getOneFilter><![CDATA[(&(objectClass=group)(cn={cn}))]]></getOneFilter> </ldapDestinationService> <propertiesBasedSyncOptions> <mainIdentifier>js:"cn=" + javax.naming.ldap.Rdn.escapeValue(srcBean.getDatasetFirstValueById("cn")) + ",OU=Groups,OU=DIV,OU=ORG,DC=poc,DC=local"</mainIdentifier> <defaultDelimiter>;</defaultDelimiter> <defaultPolicy>FORCE</defaultPolicy> <conditions> <create>true</create> <update>true</update> <delete>true</delete> <changeId>true</changeId> </conditions> <dataset> <name>objectclass</name> <policy>KEEP</policy> <createValues> <string>"group"</string> <string>"top"</string> </createValues> </dataset> <dataset> <name>member</name> <policy>FORCE</policy> <forceValues> <string> <![CDATA[js: var membersSrcDn = srcBean.getDatasetValuesById("member"); var membersDstDn = []; for (var i=0; i<membersSrcDn.size(); i++) { var memberSrcDn = membersSrcDn.get(i); var uid = ""; try { uid = srcLdap.attribute(memberSrcDn, "uid").get(0); } catch(e) { continue; } var destDn = ldap.search("OU=Users,OU=DIV,OU=ORG, "(sAMAccountName=" + uid + ")"); if (destDn.size() == 0 || destDn.size() > 1) { continue; } var destMemberDn = destDn.get(0) + "," + ldap.getContextDn(); membersDstDn.push(destMemberDn); } membersDstDn ]]> </string> </forceValues> </dataset> </propertiesBasedSyncOptions> <scriptInclude> <string>bypass.js</string> </scriptInclude> </task> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Thanks!
group.sync.task.pdf
Description: Adobe PDF document
bypass.script.pdf
Description: Adobe PDF document
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
