On 11/03/2019 14:21, Lior Dotan wrote: > I'm syncing from AD to the executable plugin based on the source OU: > > +------+ OU1 > | > OU ---+-------+ OU2 > | > +------+ OU3 > > In this example, I would like to only sync OU1 & OU3. > > If a user was in OU1 (and thus synced to the destination) and then > moved to OU2 (which is not synced to the destination), I would like to > delete it from the destination as well. > Is it possible to achieve this with LSC?
Hi, The cleanFilter works this way (https://lsc-project.org/documentation/latest/basics#clean_phase) : - LSC call the getAllFilter of your destinationService and get a list of entries it's going to check (or the list script if you use executable plugin) - For each entry, it calls the cleanFilter of your sourceService to see if this entry exists in source - If not found, the entry is deleted from destination. So you have to find a way to exclude entries in OU2 within your cleanFilter. Which is tricky since AD does not allow extensible matches, I don't see any way of defining such filter. I would consider setting up a cleanFilter that do not return any entry, and, in the delete condition, write a script that search your entry in source using srcLdap.search(base,filter) : either make several searches in each of your synced OUs, or do a top search and check the DN of the returned entry, and return true only if it is not found or not within one of your synced OUs, false otherwise. Note that srcLdap.search append the contextDn at the end of the base parameter, and will remove them from returned DNs (this is not very explicit in the documentation). See https://lsc-project.org/javadoc/2.1-SNAPSHOT/org/lsc/jndi/ScriptableJndiServices.html. Regards -- Soisik Froger | Software Architect [email protected] Worteks | https://www.worteks.com _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
