I havent declared any of the attributes provided by myCustomObjectClass. So
I dont know what I can do else here. Am I still missing something?

when I specify this:
<fetchedAttributes>
                                        <string>cn</string>
                                        <string>userPassword</string>
                                       <string>objectClass</string>
...
</fetchedAttributes>

I get error: "LDAP: error code 16 - 0000200A: objectclass KstmPerson is not
a valid objectClass in schema"

If I omit <string>objectClass</string> in fetchedAttributes section I get:

ERROR - Error while adding entry CN=XX,CN=Users,DC=X,DC=Y in directory
:javax.naming.directory.SchemaViolationException: [LDAP: error code 65 -
00002014: objectclass: Cannot add CN=XX...]

Am Mi., 23. Okt. 2019 um 11:56 Uhr schrieb Soisik Froger <
[email protected]>:

> On 23/10/2019 11:23, Marian Thieme wrote:
> > Hello everybody,
> >
> > first of all: thank you very much for this great project.
> > Right now I am trying to populate an AD with data coming from an
> Openldap Directory as suggest like here:
> https://lsc-project.org/documentation/tutorial/openldaptoactivedirectory
> > My question is, what is a good way to skip some of my object classes I
> have in my source directory.
> > Example:
> > In the source directory there are a few objectClasses, as like follows
> > ...
> > objectClass: inetOrgPerson
> > objectClass: posixAccount
> > objectClass: myCustomObjectClass
> > ...
> >
> > However, now I decided not to use objectClass: myCustomObjectClass
> anymore. Is it possible to just to skip this ObjectClass and its
> corresponding attributes during the sync/import task ?
> >
> > Regards.
> > Marian
>
> Hi,
>
> If you don't want to sync an attribute, don't declare it in the fetched
> attributes of your destination service.
>
> If you want to sync objectClass attribute between AD and OpenLDAP, you
> have to define a specific strategy for this attribute, which is declared in
> a dataSet. A very common strategy when syncing directories is to keep
> existing values and only set values at creation, using values that are
> supported by the destination directory. For AD users, and from the
> documentation you pointed at, it usually looks like this:
>
>     <dataset>
>       <name>objectclass</name>
>       <policy>KEEP</policy>
>       <createValues>
>         <string>"user"</string>
>         <string>"organizationalPerson"</string>
>         <string>"person"</string>
>         <string>"top"</string>
>       </createValues>
>     </dataset>
>
> With such strategy, the object classes of your source object will be
> ignored when syncing to destination.
>
> --
> Soisik Froger | Software Architect
>
> [email protected]
>
> Worteks | https://www.worteks.com
> _______________________________________________________________
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>
> lsc-users mailing list
> [email protected]
> https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users

Reply via email to