Hello Soisik, Sorry for the late response, i had some troubles with our antispam engine.
So i respond from the archive :-) Could you explain why you did not simply set up Active Directory as the source for your synchronization? Yes i know this solution but i have two constraints to not using this solution : - First the number of all entries on this Active Directory is very huge in comparison with oiur Unix LDAP server, i do the test this morning and it takes 10 times more to run the task ! - Second and the most important i forgot to give you, the entries inside Unix LDAP server are not unique with our pivotAttribute. So the LSC task has result logically in ERROR with "Too many entries returned"... Your questions and responses confirm my first idea, the only way to correctly implement that feature, should be to create a new plugin as documented https://lsc-project.org/documentation/latest/development/addingplugin I will try to take a look at this option, tell me if you have advices. Thanks a lot Regards Le 26/08/19 11:06, "POISSON Frédéric" <frederic.pois...@admin.gmessaging.net> a écrit : > > > Hello, > > I have tested a solution to update a Unix LDAP server with LSC on mail > attribute from an Active Directory. > > > The solution retrieve the mail information from Active Directory but only for > the users present inside my getAllFilter of my source Unix LDAP server. And > so the LSC task use the same source and the same destination, the Unix LDAP > server. > > > To update the mail attribute i execute a Javascript function for the mail > dataset on each entry found by the getOneFilter. This javascript code open an > LDAP session with Java javax.naming.directory API (like french tutorial > https://www.jmdoudoux.fr/java/dej/chap-jndi.htm). The code run correctly but > the main drawback is that Javascript code is executed at each entry so it > open the same number of connection to the Active Directory than the entries > inside my Unix LDAP server. > > > Is there a way to maintain an LDAP session active that i could use inside > Javascript of dataset ? And so having a single session, a single > authentication, and serialized searches ? > > > Here is "some" parts of the Java code inside Javascript : > > > var env = new java.util.Hashtable(); > var ldapUser = 'Bind DN of Active Directory'; > var ldapPasswd = 'secret'; > var keystorePath = "/usr/lsc/etc/cacerts"; > env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, > "com.sun.jndi.ldap.LdapCtxFactory"); > env.put(javax.naming.Context.PROVIDER_URL, "ldaps://A.B.C.D:389"); > env.put("com.sun.jndi.ldap.read.timeout", "5000"); > env.put(javax.naming.Context.SECURITY_PRINCIPAL, ldapUser); > env.put(javax.naming.Context.SECURITY_PROTOCOL, "ssl"); > env.put(javax.naming.Context.SECURITY_CREDENTIALS, ldapPasswd); > java.lang.System.setProperty("javax.net.ssl.trustStore", keystorePath); > java.lang.System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); > var ctx = new javax.naming.directory.InitialDirContext(env); > var base = "DC=example,DC=com; > > var sc = new javax.naming.directory.SearchControls(); > var attributeList = [ "cn", "mail" ]; > sc.setReturningAttributes(attributeList); > sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE); > > > var pivotAttribute = srcBean.getDatasetFirstValueById("pivotAttribute"); > > var mailOrig = srcBean.getDatasetFirstValueById("mail"); > > > var filter = "(pivotAttribute=" + pivotAttribute + ")"; > var sr = null; > > > > try { > var results = ctx.search(base, filter, sc); > } catch (e) { > return mailOrig; > } > > var mailNew; > if ( results.hasMoreElements() ) { > sr = results.next(); > if ( ! results.hasMoreElements() ) { > var attrs = sr.getAttributes(); > var attr = attrs.get("mail"); > mailNew = attr.get().toLowerCase(); > } > } > > > > if ( mail !== mailNew ) { > return mailNew; > } else { > return mailOrig; > } > > > > Thanks in advance for your suggestions ! > > -- > > Frederic Poisson > > > > > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > lsc-users@lists.lsc-project.org > https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users > > <signatureafterquotedtext>-- Frederic Poisson </signatureafterquotedtext>
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list lsc-users@lists.lsc-project.org https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
