On 19/02/2019 09:21, Lior Dotan wrote:
> Hi,
Hi,
>
> In my AD I have an OU that contains several other OUs with users and
> groups that I'd like to sync.
> However, I would like to skip some of these OUs.
>
> +------+ OU1
> |
> OU ---+-------+ OU2
> |
> +------+ OU3
>
> In this example, I would like to only sync OU1 & OU3.
> I would filter based on the DN but unfortunately Active Directory does
> not support extensible matches.
>
> Can I use JavaScript or any other way to filter the OUs?
> I know that I can create a separate task for each sub-OU but there are
> many sub-OUs and I will need to create many tasks for all the users &
> groups, so I prefer to filter them out, if that is possible.
You can script conditions for create, update, delete: returning false will
prevent the action, returning true will allow it.
Example (I haven't tested this) :
<conditions>
<create>srcBean.getDatasetFirstValueById('dn').indexOf('ou=not-this-one,dc=domain,dc=com')
!= -1 &&
srcBean.getDatasetFirstValueById('dn').indexOf('ou=this-one-neither,dc=domain,dc=com')
!= -1</create>
<update> ... </update>
<delete> ... </delete>
<changeId> ... </changeId>
</conditions>
Depending on your case, you can also define a regex to match allowed or
disallowed values in object DN as a condition for create or update or delete.
See
https://lsc-project.org/documentation/latest/configuration/syncoptions
https://lsc-project.org/documentation/latest/scripting/start
--
Soisik Froger | Software Architect
[email protected]
+33 6 49 00 09 55
Worteks | https://www.worteks.com
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
