Le 19/05/2020 à 11:47, Lior Dotan a écrit : > On Tue, May 19, 2020 at 12:43 PM Clément OUDOT > <clement.ou...@worteks.com> wrote: >> >> Le 19/05/2020 à 10:29, Lior Dotan a écrit : >>> On Tue, May 19, 2020 at 11:21 AM Clément OUDOT >>> <clement.ou...@worteks.com> wrote: >>>> Le 19/05/2020 à 10:14, Lior Dotan a écrit : >>>>> On Tue, May 19, 2020 at 11:03 AM Clément OUDOT >>>>> <clement.ou...@worteks.com> wrote: >>>>>> Le 18/05/2020 à 18:04, Lior Dotan a écrit : >>>>>>> Hi, >>>>>>> >>>>>>> My original setting had the users base DN set as: >>>>>>> OU=test,DC=example,DC=com >>>>>>> >>>>>>> But since it returned too many users I changed it to: >>>>>>> OU=ActiveUsers,OU=test,DC=example,DC=com >>>>>>> >>>>>>> However, all the users from other OUs are still present. >>>>>>> This happens because my getOneFilter looks like this: >>>>>>> &(mail={mail})(objectClass=user)) >>>>>>> >>>>>>> And this filter finds any user. >>>>>>> Since I cant use distinguishedName with wildcards, how can i refine >>>>>>> the filter to only return users that are under the users base DN? >>>>>> This should be the case, LSC will only search entries below the baseDn. >>>>> This is not what I'm seeing. LSC uses the getOneFilter which only >>>>> filters by mail >>>>> and if the mail exists in AD it doesnt delete the user regardless of >>>>> the user full DN. >>>> See https://lsc-project.org/documentation/latest/basics#clean_phase >>>> >>>> LSC uses cleanFilter on source to match the user. >>> My clean filter looks like this: >>> <cleanFilter>(mail={mail})</cleanFilter> >>> >>> So when LSC tries to fetch the user from the source it will find it >>> because I only >>> changed users base DN and the user still exists in AD. >>> The base DN is not part of the clean filter. >> >> I just made a test and this works well on my side. Did you set the >> baseDN on source service side? > I have the baseDN set in the LDAP URL and also in the task
Then the issue is in your Directory. Try an ldapsearch with the same filter as LSC a see which entries are returned. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list lsc-users@lists.lsc-project.org https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users