On 21/11/2019 19:06, Jonathan Swaelens wrote: > Hello everyone, > > I'm trying to use LSC to create roles from some users entries. > > Example: > > uid=a,dc=source > authorizedService: application > authorizedService: application1 > authorizedService: application2 > authorizedService: application3 > > My idea is to use LSC so that for each authorizedService he creates a > roles cn=application,ou=roles,dc=destination > > Can LSC be used in this kind of way ? >
Standard LSC cannot be use for this kind of task; it maps one (and only one) source entry to one (and only one) potential destination entry, so you cannot synchronize 1 source entry to several destination entries out of the box. For this taks, you could look into the executable plugins (https://lsc-project.org/documentation/plugins/executable), to mock a list of role calculated from user entries, with two bash scripts : - a list script that would return a list of consolidated roles names from ldap source user entries; - a get script that return the role name as an ldap entity, ready to push to destination. Check out example of bash scripts here, note you can use other languages : https://lsc-project.org/documentation/plugins/executable/bash_ldapclients https://github.com/lsc-project/lsc-executable-plugin/tree/master/src/test/resources/org/lsc/plugins/connectors/executable Another solution to look into would be to create these roles during sync/calculation of role attributes in dataset. Someone has posted some javascript code that connect to LDAP and do some work during calculation of an attribute, see https://lists.lsc-project.org/pipermail/lsc-users/2019-August/003997.html. Regards > Cheers. > -- Soisik Froger | Software Architect soisik.fro...@worteks.com Worteks | https://www.worteks.com _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list lsc-users@lists.lsc-project.org https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users