Le 01/04/2020 à 13:44, Arnaud Gymnase a écrit :
>
> Hello all,
>
> I'm testing de modification of using ldap entries.
>
> My pivot is :
>
> pivotAttributes>
> <string>uidnumber</string>
> </pivotAttributes>
>
> and my filters are the following :
>
>
> <getAllFilter>(&(objectClass=PosixAccount)(sambaDomainName=GFB))</getAllFilter>
>
> <getOneFilter>(&(objectClass=Posixaccount)(uidnumber={Evento-id}))</getOneFilter>
>
>
>
> finally, my main identifier is :
>
> <mainIdentifier>"cn=" + srcBean.getDatasetFirstValueById("cn") +
> ",ou=Users,ou=Accounts,dc=GFB,dc=LAN"</mainIdentifier>
>
> I like this way because, in my ldap admin too, I've directly the name
> of my users. but, if a user change his name (get married for example),
> the tool is going to create a new entry in my Openldap.
>
> the only thing that I'm sur will remain always the same is the uidnumber.
>
> Is there a way to still display my ldap with user names (and not
> uidnumber) but just compare the uidnumber to decide when to create or
> not a new entry ?
>
Hello,
you did the correct thing: using uidNumber as pivot and cn in your DN.
When LSC compares 2 entries, it uses the pivot attribute to match them.
If there is no match, LSC creates a new entry, if there is a match, LSC
modifies the entry. If LSC see that the DN must be updated, then it
performs a rename. Other modifications of the entry will be delayed to
next LSC execution.
So if in your connector, LSC is trying entries instead of renaming them,
then you should have a problem in your configuration.
--
Clément Oudot | Identity Solutions Manager
[email protected]
Worteks | https://www.worteks.com
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
