On 23/10/2019 11:23, Marian Thieme wrote:
> Hello everybody,
>
> first of all: thank you very much for this great project.
> Right now I am trying to populate an AD with data coming from an Openldap
> Directory as suggest like here:
> https://lsc-project.org/documentation/tutorial/openldaptoactivedirectory
> My question is, what is a good way to skip some of my object classes I have
> in my source directory.
> Example:
> In the source directory there are a few objectClasses, as like follows
> ...
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: myCustomObjectClass
> ...
>
> However, now I decided not to use objectClass: myCustomObjectClass anymore.
> Is it possible to just to skip this ObjectClass and its corresponding
> attributes during the sync/import task ?
>
> Regards.
> Marian
Hi,
If you don't want to sync an attribute, don't declare it in the fetched
attributes of your destination service.
If you want to sync objectClass attribute between AD and OpenLDAP, you have to
define a specific strategy for this attribute, which is declared in a dataSet.
A very common strategy when syncing directories is to keep existing values and
only set values at creation, using values that are supported by the destination
directory. For AD users, and from the documentation you pointed at, it usually
looks like this:
<dataset>
<name>objectclass</name>
<policy>KEEP</policy>
<createValues>
<string>"user"</string>
<string>"organizationalPerson"</string>
<string>"person"</string>
<string>"top"</string>
</createValues>
</dataset>
With such strategy, the object classes of your source object will be ignored
when syncing to destination.
--
Soisik Froger | Software Architect
soisik.fro...@worteks.com
Worteks | https://www.worteks.com
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
lsc-users@lists.lsc-project.org
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
