Hello, I have tested a solution to update a Unix LDAP server with LSC on mail attribute from an Active Directory.
The solution retrieve the mail information from Active Directory but only for the users present inside my getAllFilter of my source Unix LDAP server. And so the LSC task use the same source and the same destination, the Unix LDAP server. To update the mail attribute i execute a Javascript function for the mail dataset on each entry found by the getOneFilter. This javascript code open an LDAP session with Java javax.naming.directory API (like french tutorial https://www.jmdoudoux.fr/java/dej/chap-jndi.htm). The code run correctly but the main drawback is that Javascript code is executed at each entry so it open the same number of connection to the Active Directory than the entries inside my Unix LDAP server. Is there a way to maintain an LDAP session active that i could use inside Javascript of dataset ? And so having a single session, a single authentication, and serialized searches ? Here is "some" parts of the Java code inside Javascript : var env = new java.util.Hashtable(); var ldapUser = 'Bind DN of Active Directory'; var ldapPasswd = 'secret'; var keystorePath = "/usr/lsc/etc/cacerts"; env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(javax.naming.Context.PROVIDER_URL, "ldaps://A.B.C.D:389"); env.put("com.sun.jndi.ldap.read.timeout", "5000"); env.put(javax.naming.Context.SECURITY_PRINCIPAL, ldapUser); env.put(javax.naming.Context.SECURITY_PROTOCOL, "ssl"); env.put(javax.naming.Context.SECURITY_CREDENTIALS, ldapPasswd); java.lang.System.setProperty("javax.net.ssl.trustStore", keystorePath); java.lang.System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); var ctx = new javax.naming.directory.InitialDirContext(env); var base = "DC=example,DC=com; var sc = new javax.naming.directory.SearchControls(); var attributeList = [ "cn", "mail" ]; sc.setReturningAttributes(attributeList); sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE); var pivotAttribute = srcBean.getDatasetFirstValueById("pivotAttribute"); var mailOrig = srcBean.getDatasetFirstValueById("mail"); var filter = "(pivotAttribute=" + pivotAttribute + ")"; var sr = null; try { var results = ctx.search(base, filter, sc); } catch (e) { return mailOrig; } var mailNew; if ( results.hasMoreElements() ) { sr = results.next(); if ( ! results.hasMoreElements() ) { var attrs = sr.getAttributes(); var attr = attrs.get("mail"); mailNew = attr.get().toLowerCase(); } } if ( mail !== mailNew ) { return mailNew; } else { return mailOrig; } Thanks in advance for your suggestions ! <signaturebeforequotedtext></signaturebeforequotedtext><signatureafterquotedtext>-- Frederic Poisson </signatureafterquotedtext>
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list lsc-users@lists.lsc-project.org https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
