On Tue, May 19, 2020 at 12:43 PM Clément OUDOT <[email protected]> wrote: > > > Le 19/05/2020 à 10:29, Lior Dotan a écrit : > > On Tue, May 19, 2020 at 11:21 AM Clément OUDOT > > <[email protected]> wrote: > >> > >> Le 19/05/2020 à 10:14, Lior Dotan a écrit : > >>> On Tue, May 19, 2020 at 11:03 AM Clément OUDOT > >>> <[email protected]> wrote: > >>>> Le 18/05/2020 à 18:04, Lior Dotan a écrit : > >>>>> Hi, > >>>>> > >>>>> My original setting had the users base DN set as: > >>>>> OU=test,DC=example,DC=com > >>>>> > >>>>> But since it returned too many users I changed it to: > >>>>> OU=ActiveUsers,OU=test,DC=example,DC=com > >>>>> > >>>>> However, all the users from other OUs are still present. > >>>>> This happens because my getOneFilter looks like this: > >>>>> &(mail={mail})(objectClass=user)) > >>>>> > >>>>> And this filter finds any user. > >>>>> Since I cant use distinguishedName with wildcards, how can i refine > >>>>> the filter to only return users that are under the users base DN? > >>>> This should be the case, LSC will only search entries below the baseDn. > >>> This is not what I'm seeing. LSC uses the getOneFilter which only > >>> filters by mail > >>> and if the mail exists in AD it doesnt delete the user regardless of > >>> the user full DN. > >> > >> See https://lsc-project.org/documentation/latest/basics#clean_phase > >> > >> LSC uses cleanFilter on source to match the user. > > My clean filter looks like this: > > <cleanFilter>(mail={mail})</cleanFilter> > > > > So when LSC tries to fetch the user from the source it will find it > > because I only > > changed users base DN and the user still exists in AD. > > The base DN is not part of the clean filter. > > > I just made a test and this works well on my side. Did you set the > baseDN on source service side?
I have the baseDN set in the LDAP URL and also in the task _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
