Hi,
On 22/05/2019 16:55, Pilling, Michael wrote:
> 1. my cleanFilter for the user isn't working.
> I would like to delete an account if it is removed from TEST-RADIUS
1. The source cleanFilter is used to check whether entries return by
destination getAllFilter still exists in source. If it cannot be found, it will
be deleted in destination. Since your cleanFilter will return an entry even if
it was removed from the TEST-RADIUS group, it will not be deleted. cleanFilter
should have the same memberOf filter as your getOneFilter has.
>
> 2. my group TEST-RADIUS always produce an error:
>
> May 22 16:36:04 - ERROR - Error while modifying entry
> CN=TEST-RADIUS,OU=_Sicherheitsgruppen,OU=Bologna,DC=ad01,DC=xxx,DC=xx,DC=it
> in directory :javax.naming.NameAlreadyBoundException: [LDAP: error code 68 -
> 00000562: UpdErr: DSID-031A11E2, problem 6005 (ENTRY_EXISTS), data 0
> ]; remaining name 'CN=TEST-RADIUS,OU=_Sicherheitsgruppen,OU=Bologna'
> May 22 16:36:04 - ERROR - Error while synchronizing ID
> CN=TEST-RADIUS,OU=_Sicherheitsgruppen,OU=Bologna,DC=ad01,DC=xxx,DC=xx,DC=it:
> java.lang.Exception: Technical problem while applying modifications to the
> destination
>
> Is this because the group exist? Can I avoid that the group is always new
> created?
> Sure the member should be updated...
2. I don't see why LSC tries to create a new entry. Best guess, LSC cannot find
a matching group in destination using
<getOneFilter><![CDATA[(&(objectClass=group)(cn=*RADIUS*)(cn={cn}))]]></getOneFilter>
searching in the baseDn "OU=Bologna,DC=ad01,DC=xxx,DC=xx,DC=it", so it tries
to create it and fails because it is already there. Does this filter work with
the cn TEST-RADIUS when applied on this baseDn, using the account LSC uses to
request AD? Also
- try remove empty pivot attribute in group task source service :
<string></string>.
- You can also forbid group creation by setting it to false in conditions,
unless you want to create new groups.
- Activating debug level in logback.xml may help you figure it out.
>
> 3. I would like to create a description, but <string>"Access
> for" + srcBean.getDatasetFirstValueById("sn")+
> srcBean.getDatasetFirstValueById("givenName")</string>
> Doesn't work.
3. You have 2 datasets for description , try unifying them in one dataset, if
you need to set a multiple attribute, return an array instead of string.
>
> 4. I think every user account should be created in it's OU I have created the
> OU's but they always created in OU=Bologna,DC=ad01,DC=xxx,DC=xx,DC=it.
> It is not a big Problem my colleagues likes the behavior...
4. You can change the destination OU for your user by changing it in the
mainIdentifier and baseDn of destination service.
--
Soisik Froger | Software Architect
[email protected]
Worteks | https://www.worteks.com
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
