Re: [lsc-users] Need help with the filters

Thu, 09 May 2019 05:32:13 -0700 

Le 09/05/2019 à 14:03, Pilling, Michael a écrit :
> Hello Soisik,
>
> thanks a lot for your reply. It brought me an big step forward!
> -ldaps is fixed

Great!

>
> But I still have trouble to understand the Filters and how to build them.
> For example     
> <getOneFilter><![CDATA[(&(objectClass=user)(sAMAccountName={sAMAccountName}))]]></getOneFilter>
>  and I look at the part (sAMAccountName={sAMAccountName})
> Could you explain what it exactly does or where I can read something about it?


What you put into {} is the pivot attribute. You can have some
explanation here: https://lsc-project.org/documentation/latest/basics


> A second big problem is with my cn. 
> Somebody changed the way users are created, so if I look at my account the 
> distinguishedName looks like:
> CN=Pilling\, Michael,OU=IT,OU=Firenze,DC=xxx,DC=xx,DC=it 
>
> I think this is the reason that the main Identifier doesn't work. I have 
> created all needed OUs and changed the settings for the accounts  at the 
> destination side but the mainIdentifier <mainIdentifier>"cn=" + 
> srcBean.getDatasetValueById("cn") + 
> ",DC=AD01,DC=xxx,DC=xx,DC=it"</mainIdentifier> doesn't work.
> I still get this error:
> May 09 13:38:42 - ERROR - Fail to compute expression: "cn=" + 
> srcBean.getDatasetValueById("distinguishedName") + 
> ",DC=AD01,DC=xxx,DC=xx,DC=it" on id=CN=Pilling\, 
> Michael,OU=IT,OU=Firenze,DC=xxx,DC=xx,DC=it
> Reason: javax.script.ScriptException: TypeError: srcBean.getDatasetValueById 
> is not a function in <eval> at line number 5
> May 09 13:38:42 - ERROR - Error while synchronizing ID 
> {samaccountname=xxxxxxxxxxxxxx}: org.lsc.exception.LscServiceException: 
> javax.script.ScriptException: TypeError: srcBean.getDatasetValueById is not a 
> function in <eval> at line number 5


You can use "getDatasetFirstValueById" to get the first value of an
attribute.

Note that to construct a DN you must escape special character. So you
mainIdentifier should be:

<mainIdentifier>"cn=" +
javax.naming.ldap.Rdn.escapeValue(srcBean.getDatasetFirstValueById("cn"))
+ ",DC=AD01,DC=xxx,DC=xx,DC=it"</mainIdentifier>

See https://lsc-project.org/documentation/latest/upgrade#dn_escaping


-- 
Clément Oudot | Identity Solutions Manager

[email protected]

Worteks | https://www.worteks.com

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users

Reply via email to