Hello Clement,

thanks very much for the information. I better understand the way it works.

Ok, just have to find where I made a mistake in my config.

What is really strange for me is, without having change the pivot attribute, i changed (for testing purpose) the dn line with :

<mainIdentifier>"uidnumber=" + srcBean.getDatasetFirstValueById("uidnumber") + ",ou=Users,ou=Accounts,dc=GFB,dc=LAN"</mainIdentifier>

this time, records are modified. With the 'normal' DN, a new record was added.


Thanks for your great help :)




Le 01.04.2020 à 17:59, Clément OUDOT a écrit :


Le 01/04/2020 à 13:44, Arnaud Gymnase a écrit :

Hello all,

I'm testing de modification of using ldap entries.

My pivot is :

    pivotAttributes>
                <string>uidnumber</string>
        </pivotAttributes>

and my filters are the following :

<getAllFilter>(&amp;(objectClass=PosixAccount)(sambaDomainName=GFB))</getAllFilter>
<getOneFilter>(&amp;(objectClass=Posixaccount)(uidnumber={Evento-id}))</getOneFilter>

finally, my main identifier is :

<mainIdentifier>"cn=" + srcBean.getDatasetFirstValueById("cn") + ",ou=Users,ou=Accounts,dc=GFB,dc=LAN"</mainIdentifier>

I like this way because, in my ldap admin too, I've directly the name of my users. but, if a user change his name (get married for example), the tool is going to create a new entry in my Openldap.

the only thing that I'm sur will remain always the same is the uidnumber.

Is there a way to still display my ldap with user names (and not uidnumber) but just compare the uidnumber to decide when to create or not a new entry ?


Hello,


you did the correct thing: using uidNumber as pivot and cn in your DN. When LSC compares 2 entries, it uses the pivot attribute to match them. If there is no match, LSC creates a new entry, if there is a match, LSC modifies the entry. If LSC see that the DN must be updated, then it performs a rename. Other modifications of the entry will be delayed to next LSC execution.

So if in your connector, LSC is trying entries instead of renaming them, then you should have a problem in your configuration.


--
Clément Oudot | Identity Solutions Manager

[email protected]

Worteks |https://www.worteks.com

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users

Reply via email to