Hi
So after another 7 hours, with your guidance I finally got it to work. Syncing
modification, adding and deleting.
If I run it as a service, on what interval will it sync?
And then I have an issue with OpenLDAP where I can't seem to block anonymous
access and hope you can point me in the right direction.
I created an extra user with read only access and that works.
Here is my slapd.conf file:
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index default sub
index uidNumber eq
index gidNumber eq
index mail,givenNmae eq,subinitial
index dc eq
disallow bind_anon
require authc
access to *
by anonymous auth
access to dn="dc=nlb,dc=org,dc=za" attrs=userPassword
by anonymous auth
access to dn.sub="ou=nlc,dc=nlb,dc=org,dc=za"
by dn.exact="cn=read,dc=nlb,dc=org,dc=za" read
Kind Regards,
-----Original Message-----
From: lsc-users [mailto:[email protected]] On Behalf Of
Clément OUDOT
Sent: Thursday, 21 March 2019 09:36
To: [email protected]
Subject: Re: [lsc-users] Sync AD to LDAP
Le 20/03/2019 à 20:58, Christiaan Louw a écrit :
> Thank you.
>
> That helped a lot. Really hope you guys are still willing to help me get over
> the last hurdle or two.
>
> So I recreated my config file after reading up on the links provided.
> I also had to go verify what I want from AD and what I need to be in OpenLDAP
> for it to work.
>
> Now I am at least reading data but I don’t think my Filters work yet.
>
> If I use the filter like (&(objectClass=person)(telephoneNumber=*)) on the AD
> server using a program like LDAPAdmin, I get only valid results.
> Any idea how I can incorporate that into the config file OR does it
> look like its working in the LOG file ill add at the bottom?(Just
> curious because there are a lot of errors.)
>
> Also I'm not sure why my log shows errors about writing to OPENLDAP.
The error is: [LDAP: error code 21 - objectclass: value #0 invalid per syntax
Indeed, you made a typo in the objectClass name : replace "interOrgPerson" by
"inetOrgPerson"
Then, I suggest you simplify you configuration by using sAMAccountName as pivot
in the source, and only uid as pivot in the destination. I don't see the need
to use homePhone as pivot in destination.
Then use these filters in source:
<getAllFilter><![CDATA[(&(objectClass=person)(telephoneNumber=*))]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=person)(sAMAccountName={sAMAccountName}))]]></getOneFilter>
<cleanFilter><![CDATA[(&(objectClass=person)(sAMAccountName={uid}))]]></cleanFilter>
And in destination :
<getAllFilter><![CDATA[(objectClass=inetOrgPerson)]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(uid={sAMAccountName}))]]></getOneFilter>
--
Clément Oudot | Identity Solutions Manager
[email protected]
Worteks | https://www.worteks.com
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
