Hi Frédéric,
Could you explain why you did not simply set up Active Directory as the source
for your synchronization? You can target only existing destination user by
setting the create conditions to false and update to true, setting
mainIdentifier to empty string (""), and use the src pivot attribute in the
destination getOneFilter to find a match.
LSC will take care of keeping the connection alive for you.
I don't know if it is possible to persist object such as a connexion between
each sync. You could give it a try using a lib containing an object you
instantiate and trace if it is instanciate for each entry or on task entry (but
I'm pretty sure it won't work)
A simple fix may be to use the LSC command option -t 1, so you have only one
thread (each entry are synced one after the other), so you will have only one
connection open at the time.
Regards
On 23/08/2019 16:12, "POISSON Frédéric" wrote:
> Hello,
>
> I have tested a solution to update a Unix LDAP server with LSC on mail
> attribute from an Active Directory.
>
> The solution retrieve the mail information from Active Directory but only for
> the users present inside my getAllFilter of my source Unix LDAP server. And
> so the LSC task use the same source and the same destination, the Unix LDAP
> server.
>
> To update the mail attribute i execute a Javascript function for the mail
> dataset on each entry found by the getOneFilter. This javascript code open an
> LDAP session with Java javax.naming.directory API (like french tutorial
> https://www.jmdoudoux.fr/java/dej/chap-jndi.htm). The code run correctly but
> the main drawback is that Javascript code is executed at each entry so it
> open the same number of connection to the Active Directory than the entries
> inside my Unix LDAP server.
>
> *Is there a way to maintain an LDAP session active that i could use inside
> Javascript of dataset ? And so having a single session, a single
> authentication, and serialized searches ?*
>
> Here is "some" parts of the Java code inside Javascript :
>
> /var env = new java.util.Hashtable();/
> /var ldapUser = 'Bind DN of Active Directory';
> var ldapPasswd = 'secret';/
> /var keystorePath = "/usr/lsc/etc/cacerts";/
> /env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY,
> "com.sun.jndi.ldap.LdapCtxFactory");
> env.put(javax.naming.Context.PROVIDER_URL, "ldaps://A.B.C.D:389");
> env.put("com.sun.jndi.ldap.read.timeout", "5000");/
> /env.put(javax.naming.Context.SECURITY_PRINCIPAL, ldapUser);
> env.put(javax.naming.Context.SECURITY_PROTOCOL, "ssl");
> env.put(javax.naming.Context.SECURITY_CREDENTIALS, ldapPasswd);
> java.lang.System.setProperty("javax.net.ssl.trustStore", keystorePath);
> java.lang.System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
> var ctx = new javax.naming.directory.InitialDirContext(env);/
> /var base = "DC=example,DC=com;
>
> var sc = new javax.naming.directory.SearchControls();
> var attributeList = [ "cn", "mail" ];
> sc.setReturningAttributes(attributeList);
> sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);/
> /
> /
> /var pivotAttribute = srcBean.getDatasetFirstValueById("pivotAttribute");
> /
> //var mailOrig = srcBean.getDatasetFirstValueById("mail");//
> //
> //
> /var filter = "(pivotAttribute=" + pivotAttribute + ")";
> var sr = null;/
> /
> /
> /
> try {
> var results = ctx.search(base, filter, sc);
> } catch (e) {
> return mailOrig;
> }
>
> var mailNew;
> if ( results.hasMoreElements() ) {
> sr = results.next();
> if ( ! results.hasMoreElements() ) {
> var attrs = sr.getAttributes();
> var attr = attrs.get("mail");
> mailNew = attr.get().toLowerCase();
> }
> }
> /
> /
> /
> / if ( mail !== mailNew ) {
> return mailNew;
> } else {
> return mailOrig;
> }/
>
>
> Thanks in advance for your suggestions !
>
> --
>
> *Frederic Poisson*
>
>
>
>
> _______________________________________________________________
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>
> lsc-users mailing list
> lsc-users@lists.lsc-project.org
> https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
>
--
Soisik Froger | Software Architect
soisik.fro...@worteks.com
+33 6 49 00 09 55
Worteks | https://www.worteks.com
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
