Le 19/05/2020 à 11:47, Lior Dotan a écrit :
> On Tue, May 19, 2020 at 12:43 PM Clément OUDOT
> <clement.ou...@worteks.com> wrote:
>>
>> Le 19/05/2020 à 10:29, Lior Dotan a écrit :
>>> On Tue, May 19, 2020 at 11:21 AM Clément OUDOT
>>> <clement.ou...@worteks.com> wrote:
>>>> Le 19/05/2020 à 10:14, Lior Dotan a écrit :
>>>>> On Tue, May 19, 2020 at 11:03 AM Clément OUDOT
>>>>> <clement.ou...@worteks.com> wrote:
>>>>>> Le 18/05/2020 à 18:04, Lior Dotan a écrit :
>>>>>>> Hi,
>>>>>>>
>>>>>>> My original setting had the users base DN set as:
>>>>>>> OU=test,DC=example,DC=com
>>>>>>>
>>>>>>> But since it returned too many users I changed it to:
>>>>>>> OU=ActiveUsers,OU=test,DC=example,DC=com
>>>>>>>
>>>>>>> However, all the users from other OUs are still present.
>>>>>>> This happens because my getOneFilter looks like this:
>>>>>>> &(mail={mail})(objectClass=user))
>>>>>>>
>>>>>>> And this filter finds any user.
>>>>>>> Since I cant use distinguishedName with wildcards, how can i refine
>>>>>>> the filter to only return users that are under the users base DN?
>>>>>> This should be the case, LSC will only search entries below the baseDn.
>>>>> This is not what I'm seeing. LSC uses the getOneFilter which only
>>>>> filters by mail
>>>>> and if the mail exists in AD it doesnt delete the user regardless of
>>>>> the user full DN.
>>>> See https://lsc-project.org/documentation/latest/basics#clean_phase
>>>>
>>>> LSC uses cleanFilter on source to match the user.
>>> My clean filter looks like this:
>>> <cleanFilter>(mail={mail})</cleanFilter>
>>>
>>> So when LSC tries to fetch the user from the source it will find it
>>> because I only
>>> changed users base DN and the user still exists in AD.
>>> The base DN is not part of the clean filter.
>>
>> I just made a test and this works well on my side. Did you set the
>> baseDN on source service side?
> I have the baseDN set in the LDAP URL and also in the taskThen the issue is in your Directory. Try an ldapsearch with the same filter as LSC a see which entries are returned. -- Clément Oudot | Identity Solutions Manager clement.ou...@worteks.com Worteks | https://www.worteks.com _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list lsc-users@lists.lsc-project.org https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
