I havent declared any of the attributes provided by myCustomObjectClass. So
I dont know what I can do else here. Am I still missing something?
when I specify this:
<fetchedAttributes>
<string>cn</string>
<string>userPassword</string>
<string>objectClass</string>
...
</fetchedAttributes>
I get error: "LDAP: error code 16 - 0000200A: objectclass KstmPerson is not
a valid objectClass in schema"
If I omit <string>objectClass</string> in fetchedAttributes section I get:
ERROR - Error while adding entry CN=XX,CN=Users,DC=X,DC=Y in directory
:javax.naming.directory.SchemaViolationException: [LDAP: error code 65 -
00002014: objectclass: Cannot add CN=XX...]
Am Mi., 23. Okt. 2019 um 11:56 Uhr schrieb Soisik Froger <
[email protected]>:
> On 23/10/2019 11:23, Marian Thieme wrote:
> > Hello everybody,
> >
> > first of all: thank you very much for this great project.
> > Right now I am trying to populate an AD with data coming from an
> Openldap Directory as suggest like here:
> https://lsc-project.org/documentation/tutorial/openldaptoactivedirectory
> > My question is, what is a good way to skip some of my object classes I
> have in my source directory.
> > Example:
> > In the source directory there are a few objectClasses, as like follows
> > ...
> > objectClass: inetOrgPerson
> > objectClass: posixAccount
> > objectClass: myCustomObjectClass
> > ...
> >
> > However, now I decided not to use objectClass: myCustomObjectClass
> anymore. Is it possible to just to skip this ObjectClass and its
> corresponding attributes during the sync/import task ?
> >
> > Regards.
> > Marian
>
> Hi,
>
> If you don't want to sync an attribute, don't declare it in the fetched
> attributes of your destination service.
>
> If you want to sync objectClass attribute between AD and OpenLDAP, you
> have to define a specific strategy for this attribute, which is declared in
> a dataSet. A very common strategy when syncing directories is to keep
> existing values and only set values at creation, using values that are
> supported by the destination directory. For AD users, and from the
> documentation you pointed at, it usually looks like this:
>
> <dataset>
> <name>objectclass</name>
> <policy>KEEP</policy>
> <createValues>
> <string>"user"</string>
> <string>"organizationalPerson"</string>
> <string>"person"</string>
> <string>"top"</string>
> </createValues>
> </dataset>
>
> With such strategy, the object classes of your source object will be
> ignored when syncing to destination.
>
> --
> Soisik Froger | Software Architect
>
> [email protected]
>
> Worteks | https://www.worteks.com
> _______________________________________________________________
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>
> lsc-users mailing list
> [email protected]
> https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
