Hello Soisik,
thanks a lot for your reply. It brought me an big step forward!
-ldaps is fixed
But I still have trouble to understand the Filters and how to build them.
For example
<getOneFilter><![CDATA[(&(objectClass=user)(sAMAccountName={sAMAccountName}))]]></getOneFilter>
and I look at the part (sAMAccountName={sAMAccountName})
Could you explain what it exactly does or where I can read something about it?
A second big problem is with my cn.
Somebody changed the way users are created, so if I look at my account the
distinguishedName looks like:
CN=Pilling\, Michael,OU=IT,OU=Firenze,DC=xxx,DC=xx,DC=it
I think this is the reason that the main Identifier doesn't work. I have
created all needed OUs and changed the settings for the accounts at the
destination side but the mainIdentifier <mainIdentifier>"cn=" +
srcBean.getDatasetValueById("cn") +
",DC=AD01,DC=xxx,DC=xx,DC=it"</mainIdentifier> doesn't work.
I still get this error:
May 09 13:38:42 - ERROR - Fail to compute expression: "cn=" +
srcBean.getDatasetValueById("distinguishedName") +
",DC=AD01,DC=xxx,DC=xx,DC=it" on id=CN=Pilling\,
Michael,OU=IT,OU=Firenze,DC=xxx,DC=xx,DC=it
Reason: javax.script.ScriptException: TypeError: srcBean.getDatasetValueById is
not a function in <eval> at line number 5
May 09 13:38:42 - ERROR - Error while synchronizing ID
{samaccountname=xxxxxxxxxxxxxx}: org.lsc.exception.LscServiceException:
javax.script.ScriptException: TypeError: srcBean.getDatasetValueById is not a
function in <eval> at line number 5
Could you still give me a hint?
Thanks a lot!
Best regards,
Michael
-----Ursprüngliche Nachricht-----
Von: lsc-users <[email protected]> Im Auftrag von Soisik
Froger
Gesendet: Donnerstag, 2. Mai 2019 16:10
An: [email protected]
Betreff: Re: [lsc-users] Need help with the filters
Hello,
On 02/05/2019 12:18, Pilling, Michael wrote:
> May 02 10:19:02 - ERROR - Empty or non existant source (no IDs found)
>
> <getAllFilter><![CDATA[(&(objectClass=user)(objectCategory=person)(memberof=CN=TEST-RADIUS,OU=_Sicherheitsgruppen,OU=Firenze,DC=xxx,DC=xx,DC=it))]]></getAllFilter>
> <getOneFilter>(&(objectClass=group)(cn={cn}))</getOneFilter>
Your ldapSourceService getAllFilter do not return any entries : check that the
baseDn is correct (users are within this branch) and that the filter works on
that branch. And fix the getOneFilter that is looking for a group with a user's
DN.
> <pivotAttributes>
> <string>cn</string>
> </pivotAttributes>
Define sAMAccountName as pivot, like in you destination.
> <fetchedAttributes>
> <string>cn</string>
> <string>member</string>
> </fetchedAttributes>
Fetch attributes you intend to use to create/update entities in destination
directory (cn, description, sn, givenName). Member is not a user attribute.
> <mainIdentifier>"group=" + srcBean.getDatasetValueById("group") +
> ",DC=edu,DC=xxx,DC=xx,DC=it"</mainIdentifier>
"mainIdentifier" defines the DN of the user you want to create or update in
destination (eg. cn=...,ou=users,dc=destination,dc=com). There is no such
attribute named "group" in your fetched source attribute. It should be more
like "cn=" + srcBean.getDatasetValueById("cn") + ",DC=edu,DC=xxx,DC=xx,DC=it"
> <!-- unicodePwd = "changeit" at creation (requires SSL connection to AD) -->
> <name>unicodePwd</name>
To set a password you need a ldaps:// connection (you're using ldap://)
If you need sync a group, create another task that load the source group and
update the member attribute in the destination group (using a merge strategy if
some members are already set in the destination and you want to keep them).
The clean phase will be useful if you need to remove users from destination
that have been removed from the group in the source. Set up a getAllFilter in
destination that will only return the users that you have synced from source.
If using the cleanFilter LSC cannot find them in source, they will be deleted
in destination. So be extra careful to not return every users of the directory
during the cleaning phase, otherwise they all be deleted. You can test LSC with
-n option to run dry mode for tests. You need to set delete conditions to true
in order to use the clean phase.
--
Soisik Froger | Software Architect
[email protected]
Worteks | https://www.worteks.com
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
