This is very kind to you....
thanks very much
Le 02.04.2020 à 12:20, Clément OUDOT a écrit :
Le 02/04/2020 à 12:09, Arnaud Gymnase a écrit :
I delete all my entries, change the mainIdentifer using cn= and
createa a new user.
At first run, my user has been added into my LDAP, no problem.
/# Thu Apr 02 11:46:27 CEST 2020
dn: cn=Barbara Michel,ou=Users,ou=Accounts,dc=GFB,dc=LAN
changetype: add
userPassword: {sha}Ux0iyV2/Azpr1sjfpgQ+Xl5T/uk=
preferredLanguage: FR
mail: [email protected]
SambaBadPasswordCount: 0
SambaDomainName: GFB
SambaPwdLastSet: 1585820786
uid: barbara.michel
givenname: Barbara
clearSHA1Password: 531d22c95dbf033a6bd6c8dfa6043e5e5e53fee9
clearSHAPassword: {sha}Ux0iyV2/Azpr1sjfpgQ+Xl5T/uk=
sn: Michel
SambaBadPasswordTime: 0
SambaSID: S-1-5-21-3459211373-2572735173-4185727138-14200
homeDirectory: /users/barbara.michel
clearMicrosoftNTPassword: F696AFA354223132583D5C3A1136ADFC
clearAccountStatus: enabled
SambaNTPassword: F696AFA354223132583D5C3A1136ADFC
objectClass: top
objectClass: posixAccount
objectClass: InetOrgPerson
objectClass: shadowAccount
objectClass: clearAccount
objectClass: sambaSamAccount
cn: Barbara Michel
sambaAcctFlags: [U ]
employeeType: Lehrer
uidNumber: 14200
SambaPrimaryGroupSID:
S-1-5-21-3459211373-2572735173-4185727138-513
businessCategory: GBSL
gidNumber: 63000
/
I then edited my database and changed the /sn /and /givenname
/values and restarted the process :
/
//avr. 02 11:56:10 - INFO - Logging configuration successfully
loaded from /etc/lsc/logback.xml/
/avr. 02 11:56:10 - INFO - LSC configuration successfully loaded
from /etc/lsc//
/avr. 02 11:56:10 - INFO - Connecting to LDAP server
ldap://localhost:389/dc=GFB,dc=LAN as
cn=manager,ou=Internal,dc=GFB,dc=LAN/
/avr. 02 11:56:10 - INFO - Starting sync for ClearOS-IBM/
/avr. 02 11:56:12 - INFO - All entries: 1, to modify entries: 0,
successfully modified entries: 0, errors: 0/
Nothing found to modify
I checked my filters and everything seems to be fine ...
<getAllFilter>(&(objectClass=PosixAccount)(sambaDomainName=GFB))</getAllFilter>
<getOneFilter>(&(objectClass=Posixaccount)(uidnumber={uidnumber}))</getOneFilter>
Maybe not important for your current issue, but it would be better to
have to correct case for the objectClass values. Use "posixAccount" in
your filters. Use also "uidNumber".
I checked the configuration file of the connexion to my database,
problem should come from here I think but ...
<sqlMap namespace="InetOrgPerson">
<select id="getInetOrgPerson"
resultClass="java.util.HashMap" parameterClass="java.util.Map">
Select
pers.EventoID as uidnumber,
pers.Login as uid,
pers.Vorname as givenName,
pers.Nachname as sn,
pers.Mailadresse as mail,
CONCAT(pers.VorName , ' ',pers.Nachname) as cn,
pers.Login as HomeDirectory,
pers.Veranstalter as businessCategory,
pers.Typ as employeeType,
pers.Sprache as preferredLanguage
FROM Evento pers WHERE pers.EventoID = #uidnumber#
</select>
<select id="checkPersonForClean"
resultClass="java.util.HashMap" parameterClass="java.util.Map">
Select pers.EventoID as uidnumber
FROM Evento pers WHERE pers.EventoID = #uidnumber#
</select>
<select id="getInetOrgPersonList"
resultClass="java.util.HashMap">
SELECT pers.EventoID as uidnumber
FROM Evento pers
</select>
</sqlMap>
Thanks very very much
Could you send also your full lsc.xml (minus passwords)? Check the
defaultPolicy and also the policy of each dataset.
--
Clément Oudot | Identity Solutions Manager
[email protected]
Worteks |https://www.worteks.com
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
<?xml version="1.0" ?>
<!--
In the following file, comments are describing each node. Elements are
referenced through XPath expression, whereas attributes are prefixed with
'@'
//lsc Root node of the XML configuration file
@xmlns XML Schema validation is not ready yet (Reserved for futur use)
@id optional, added by XML API
@revision mandatory, used by the Web Administration Interface to version
this file
-->
<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0">
<!-- ./connections Connections list node, must contain at least two connections -->
<connections>
<databaseConnection>
<name>Local-MariaDB</name>
<url>jdbc:mariadb://127.0.0.1:3306/LSC</url>
<username>LSC</username>
<password>LSC</password>
<driver>org.mariadb.jdbc.Driver</driver>
</databaseConnection>
<ldapConnection>
<name>ldap-dst-conn</name>
<url>ldap://localhost:389/dc=GFB,dc=LAN</url>
<username>cn=manager,ou=Internal,dc=GFB,dc=LAN</username>
<password>---REMOVED--/password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>-1</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
</ldapConnection>
</connections>
<!-- ./audits Audits list node -->
<audits>
<csvAudit>
<name>Evento</name>
<append>true</append>
<operations>create, delete</operations>
<file>/tmp/dump.csv</file>
<datasets>cn, dn</datasets>
<separator>,</separator>
</csvAudit>
</audits>
<!-- ./tasks Task list node, must contain at least one task -->
<tasks>
<task>
<name>ClearOS-IBM</name>
<bean>org.lsc.beans.SimpleBean</bean>
<databaseSourceService>
<name>MariaDB-Source-Service</name>
<connection reference="Local-MariaDB" />
<requestNameForList>getInetOrgPersonList</requestNameForList>
<requestNameForObject>getInetOrgPerson</requestNameForObject>
<requestNameForClean>checkPersonForClean</requestNameForClean>
</databaseSourceService>
<ldapDestinationService>
<name>ldap-dst-service</name>
<connection reference="ldap-dst-conn" />
<baseDn>ou=Users,ou=Accounts,dc=GFB,dc=LAN</baseDn>
<pivotAttributes>
<string>uidnumber</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>sn</string>
<string>userPassword</string>
<string>objectClass</string>
<string>uid</string>
<string>uidNumber</string>
<string>givenname</string>
<string>homeDirectory</string>
<string>gidNumber</string>
<string>mail</string>
<string>employeeType</string>
<string>businessCategory</string>
<string>clearAccountStatus</string>
<string>SambaPwdLastSet</string>
<string>SambaDomainName</string>
<string>SambaNTPassword</string>
<string>SambaSID</string>
<string>SambaPwdMustChange</string>
<string>sambaAcctFlags</string>
<string>SambaPrimaryGroupSID</string>
<string>SambaBadPasswordCount</string>
<string>SambaBadPasswordTime</string>
<string>preferredLanguage</string>
<string>clearSHAPassword</string>
<string>clearSHA1Password</string>
<string>clearMicrosoftNTPassword</string>
</fetchedAttributes>
<getAllFilter>(&(objectClass=PosixAccount)(sambaDomainName=GFB))</getAllFilter>
<getOneFilter>(&(objectClass=PosixAccount)(uidnumber={uidnumber}))</getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>"cn=" + srcBean.getDatasetFirstValueById("cn") + ",ou=Users,ou=Accounts,dc=GFB,dc=LAN"</mainIdentifier>
<!-- <mainIdentifier>"uidnumber=" + srcBean.getDatasetFirstValueById("uidnumber") + ",ou=Users,ou=Accounts,dc=GFB,dc=LAN"</mainIdentifier> -->
<defaultDelimiter>;</defaultDelimiter>
<!-- ./defaultPolicy This mandatory node must contain a string Javascript expression that will enforce the object main identifier.-->
<defaultPolicy>FORCE</defaultPolicy>
<!-- ./conditions This optional node may contain one or more of the four node : create, update, delete and changeId -->
<conditions>
<!-- ./create This optional node may contain a boolean Javascript expression that will indicate whenever a new entry must be created or not -->
<create>true</create>
<!-- ./update This optional node may contain a boolean Javascript expression that will indicate whenever a existing entry must be updated or not -->
<update>true</update>
<!-- ./delete This optional node may contain a boolean Javascript expression that will indicate whenever a existing entry must be deleted or not -->
<delete>true</delete>
<!-- ./changeId This optional node may contain a boolean Javascript expression that will indicate whenever an existing object main identifier must be changed or not -->
<changeId>false</changeId>
</conditions>
<!-- ./dataset This multi-valued node may contain a structure that will describe how to synchronize the corresponding dataset -->
<dataset>
<!-- ./name Mandatory node containing the dataset name -->
<name>objectClass</name>
<!-- ./policy Mandatory node containing the policy to apply to this dataset. Contains KEEP, FORCE or MERGE value -->
<policy>FORCE</policy>
<!-- ./defaultValues Optional node containing a list of string values that will be used if noone is provided by datasource -->
<defaultValues></defaultValues>
<!-- ./forceValues Optional node containing a list of string values that will be used to force destination service dataset values -->
<forceValues>
</forceValues>
<!-- ./createValues Optional node containing a list of string values that will be used to force destination service dataset values when creating object -->
<createValues>
<string>"top"</string>
<string>"posixAccount"</string>
<string>"InetOrgPerson"</string>
<string>"shadowAccount"</string>
<string>"clearAccount"</string>
<string>"sambaSamAccount"</string>
</createValues>
</dataset>
<dataset>
<name>gidNumber</name>
<policy>KEEP</policy>
<defaultValues>
</defaultValues>
<forceValues>
<string>"63000"</string>
</forceValues>
<createValues>
</createValues>
</dataset>
<dataset>
<name>sn</name>
<policy>FORCE</policy>
<defaultValues>
</defaultValues>
<forceValues>
<string>srcBean.getDatasetFirstValueById("sn")</string>
</forceValues>
<createValues>
</createValues>
</dataset>
<dataset>
<name>userPassword</name>
<policy>KEEP</policy>
<defaultValues>
</defaultValues>
<forceValues>
</forceValues>
<createValues>
<string>"{sha}"+SecurityUtils.hash(SecurityUtils.HASH_SHA1,srcBean.getDatasetFirstValueById("uid"))</string>
</createValues>
</dataset>
<dataset>
<name>homeDirectory</name>
<policy>FORCE</policy>
<defaultValues>
</defaultValues>
<forceValues>
<string>"/users/"+srcBean.getDatasetFirstValueById("homeDirectory")</string>
</forceValues>
<createValues></createValues>
</dataset>
<dataset>
<name>uidnumber</name>
<policy>FORCE</policy>
<defaultValues>
</defaultValues>
<forceValues>
</forceValues>
<createValues>
<string>srcBean.getDatasetFirstValueById("uidnumber")</string>
</createValues>
</dataset>
<dataset>
<name>uid</name> <!-- Ce sera le login utilisateur -->
<policy>FORCE</policy>
<defaultValues>
</defaultValues>
<forceValues>
</forceValues>
<createValues>
<string>srcBean.getDatasetFirstValueById("uid")</string>
</createValues>
</dataset>
<dataset>
<name>givename</name>
<policy>FORCE</policy>
<defaultValues>
</defaultValues>
<forceValues>
</forceValues>
<createValues>
<string>srcBean.getDatasetFirstValueById("givenName")</string>
</createValues>
</dataset>
<!-- Ajout du 12.02.2020 -->
<dataset>
<name>clearAccountStatus</name>
<policy>FORCE</policy>
<defaultValues>
</defaultValues>
<forceValues>
</forceValues>
<createValues>
<string>"enabled"</string>
</createValues>
</dataset>
<dataset>
<name>SambaPwdLastSet</name>
<policy>FORCE</policy>
<defaultValues>
</defaultValues>
<forceValues>
<string>js:TimeInSecond()</string>
</forceValues>
<createValues>
</createValues>
</dataset>
<dataset>
<name>SambaDomainName</name>
<policy>FORCE</policy>
<defaultValues>
</defaultValues>
<forceValues>
</forceValues>
<createValues>
<string>"GFB"</string>
</createValues>
</dataset>
<dataset>
<name>SambaNTPassword</name>
<policy>KEEP</policy>
<defaultValues>
</defaultValues>
<forceValues>
</forceValues>
<createValues>
<string>
SecurityUtils.computeSambaNTPassword(srcBean.getDatasetFirstValueById("uid"))
</string>
</createValues>
</dataset>
<dataset>
<name>SambaSID</name>
<policy>FORCE</policy>
<defaultValues>
</defaultValues>
<forceValues>
</forceValues>
<createValues>
<string>"S-1-5-21-3459211373-2572735173-4185727138-"+srcBean.getDatasetFirstValueById("uidnumber")</string>
</createValues>
</dataset>
<dataset>
<name>sambaAcctFlags</name>
<policy>FORCE</policy>
<defaultValues>
</defaultValues>
<forceValues>
</forceValues>
<createValues>
<string>"[U ]"</string>
</createValues>
</dataset>
<dataset>
<name>sambaBadPasswordCount</name>
<policy>FORCE</policy>
<defaultValues>
</defaultValues>
<forceValues>
</forceValues>
<createValues>
<string>"0"</string>
</createValues>
</dataset>
<dataset>
<name>sambaBadPasswordTime</name>
<policy>FORCE</policy>
<defaultValues>
</defaultValues>
<forceValues>
</forceValues>
<createValues>
<string>"0"</string>
</createValues>
</dataset>
<dataset>
<name>sambaPrimaryGroupSID</name>
<policy>FORCE</policy>
<defaultValues>
</defaultValues>
<forceValues>
</forceValues>
<createValues>
<string>"S-1-5-21-3459211373-2572735173-4185727138-513"</string>
</createValues>
</dataset>
<dataset>
<name>ClearSHAPassword</name>
<policy>FORCE</policy>
<defaultValues>
</defaultValues>
<forceValues>
</forceValues>
<createValues>
<string>"{sha}"+SecurityUtils.hash(SecurityUtils.HASH_SHA1,srcBean.getDatasetFirstValueById("uid"))</string>
</createValues>
</dataset>
<dataset>
<name>mail</name>
<policy>KEEP</policy>
<defaultValues>
</defaultValues>
<forceValues>
</forceValues>
<createValues>
<string>srcBean.getDatasetFirstValueById("mail")</string>
</createValues>
</dataset>
<dataset>
<name>ClearSHA1Password</name>
<policy>FORCE</policy>
<defaultValues>
</defaultValues>
<forceValues>
</forceValues>
<createValues>
<string>js:SHA1(srcBean.getDatasetFirstValueById("uid"))</string>
</createValues>
</dataset>
<dataset>
<name>ClearMicrosoftNTPassword</name>
<policy>FORCE</policy>
<defaultValues>
</defaultValues>
<forceValues>
</forceValues>
<createValues>
<string>SecurityUtils.computeSambaNTPassword(srcBean.getDatasetFirstValueById("uid"))</string>
</createValues>
</dataset>
</propertiesBasedSyncOptions>
<scriptInclude>
<string>sha1.js</string>
<string>TimeInSecond.js</string>
</scriptInclude>
</task>
</tasks>
<!-- ./security This mandatory node contains the security settings used by LSC -->
<security>
<!-- ./encryption This optional node contains the encryption settings -->
<encryption>
<!-- ./keyfile This optional node contains the keyfile location -->
<keyfile>etc/lsc.key</keyfile>
<!-- ./algorithm This optional node contains the encryption algorithm -->
<algorithm>AES</algorithm>
<!-- ./strength This optional node contains the algorithm key length -->
<strength>128</strength>
</encryption>
</security>
</lsc>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
