Hello,
On 02/05/2019 12:18, Pilling, Michael wrote:
> May 02 10:19:02 - ERROR - Empty or non existant source (no IDs found)
>
> <getAllFilter><![CDATA[(&(objectClass=user)(objectCategory=person)(memberof=CN=TEST-RADIUS,OU=_Sicherheitsgruppen,OU=Firenze,DC=xxx,DC=xx,DC=it))]]></getAllFilter>
> <getOneFilter>(&(objectClass=group)(cn={cn}))</getOneFilter>
Your ldapSourceService getAllFilter do not return any entries : check that the
baseDn is correct (users are within this branch) and that the filter works on
that branch. And fix the getOneFilter that is looking for a group with a user's
DN.
> <pivotAttributes>
> <string>cn</string>
> </pivotAttributes>
Define sAMAccountName as pivot, like in you destination.
> <fetchedAttributes>
> <string>cn</string>
> <string>member</string>
> </fetchedAttributes>
Fetch attributes you intend to use to create/update entities in destination
directory (cn, description, sn, givenName). Member is not a user attribute.
> <mainIdentifier>"group=" + srcBean.getDatasetValueById("group") +
> ",DC=edu,DC=xxx,DC=xx,DC=it"</mainIdentifier>
"mainIdentifier" defines the DN of the user you want to create or update in
destination (eg. cn=...,ou=users,dc=destination,dc=com). There is no such
attribute named "group" in your fetched source attribute. It should be more
like "cn=" + srcBean.getDatasetValueById("cn") + ",DC=edu,DC=xxx,DC=xx,DC=it"
> <!-- unicodePwd = "changeit" at creation (requires SSL connection to AD) -->
> <name>unicodePwd</name>
To set a password you need a ldaps:// connection (you're using ldap://)
If you need sync a group, create another task that load the source group and
update the member attribute in the destination group (using a merge strategy if
some members are already set in the destination and you want to keep them).
The clean phase will be useful if you need to remove users from destination
that have been removed from the group in the source. Set up a getAllFilter in
destination that will only return the users that you have synced from source.
If using the cleanFilter LSC cannot find them in source, they will be deleted
in destination. So be extra careful to not return every users of the directory
during the cleaning phase, otherwise they all be deleted. You can test LSC with
-n option to run dry mode for tests. You need to set delete conditions to true
in order to use the clean phase.
--
Soisik Froger | Software Architect
[email protected]
Worteks | https://www.worteks.com
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
