Issue #710 has been updated by Dave John.
Sorry!
here it is:
<?xml version="1.0" ?>
<!--
In the following file, comments are describing each node. Elements are
referenced through XPath expression, whereas attributes are prefixed
with
'@'
//lsc Root node of the XML configuration file
@xmlns XML Schema validation is not ready yet (Reserved for futur use)
@id optional, added by XML API
@revision mandatory, used by the Web Administration Interface to version
this file
-->
<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd"; revision="0">
<!-- ./connections Connections list node, must contain at least two
connections -->
<connections>
<!--
./connection Connection node, include definition of the required
parameters.
Depending on the connection type,
properties vary.
Existing class type are :
ldapConnection, databaseConnnection
Plugins also provides : nisConnection,
jndiExecDstConnection
-->
<ldapConnection>
<name>AD</name>
<!-- ./url mandatory, the JNDI URL -->
<url>ldaps://ad.dev.tmb.cd/dc=ad,dc=dev,dc=cd</url>
<!-- ./username mandatory, the DN to bind with -->
<username>cn=test,ou=admin,dc=ad,dc=dev,dc=cd</username>
<!-- ./password mandatory, credentials to bind with -->
<password>**********</password>
<!-- ./authentication mandatory, must contain either ANONYMOUS, SIMPLE, SASL,
GSSAPI or DIGEST_MD5 -->
<authentication>SIMPLE</authentication>
<!-- ./referral mandatory, must contain either IGNORE, THROUGH, THROW or
FOLLOW -->
<referral>IGNORE</referral>
<!-- ./derefAliases mandatory, must contain either NEVER, SEARCH, FIND, ALWAYS
-->
<derefAliases>NEVER</derefAliases>
<!-- ./version mandatory, must contain either VERSION_2, VERSION_3 -->
<version>VERSION_3</version>
<!-- ./pageSize optional, specify the paged size when searching -->
<pageSize>-1</pageSize>
<!-- ./factory mandatory, points to LDAP Context Factory,
com.sun.jndi.ldap.LdapCtxFactory for a SUN JDK -->
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<!-- ./tlsActivated optional, specify if SSL/TLS is activated to connect to
the LDAP server -->
<tlsActivated>false</tlsActivated>
</ldapConnection>
<ldapConnection>
<name>LDAP</name>
<!-- ./url mandatory, the JNDI URL -->
<url>ldap://172.25.7.251/dc=prod,dc=cd</url>
<!-- ./username mandatory, the DN to bind with -->
<username>cn=Manager,dc=prod,dc=cd</username>
<!-- ./password mandatory, credentials to bind with -->
<password>********</password>
<!-- ./authentication mandatory, must contain either ANONYMOUS, SIMPLE, SASL,
GSSAPI or DIGEST_MD5 -->
<authentication>SIMPLE</authentication>
<!-- ./referral mandatory, must contain either IGNORE, THROUGH, THROW or
FOLLOW -->
<referral>IGNORE</referral>
<!-- ./derefAliases mandatory, must contain either NEVER, SEARCH, FIND, ALWAYS
-->
<derefAliases>NEVER</derefAliases>
<!-- ./version mandatory, must contain either VERSION_2, VERSION_3 -->
<version>VERSION_3</version>
<!-- ./pageSize optional, specify the paged size when searching -->
<pageSize>-1</pageSize>
<!-- ./factory mandatory, points to LDAP Context Factory,
com.sun.jndi.ldap.LdapCtxFactory for a SUN JDK -->
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<!-- ./tlsActivated optional, specify if SSL/TLS is activated to connect to
the LDAP server -->
<tlsActivated>true</tlsActivated>
</ldapConnection>
</connections>
<tasks>
<task>
<name>adUser</name>
<bean>org.lsc.beans.SimpleBean</bean>
<ldapSourceService>
<name>openldap-source-service</name>
<connection reference="LDAP" />
<baseDn>ou=utilisateurs,dc=prod,dc=tmb,dc=cd</baseDn>
<pivotAttributes>
<string>uid</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>description</string>
<string>givenName</string>
<string>mail</string>
<string>sn</string>
<string>uid</string>
<string>userPassword</string>
</fetchedAttributes>
<getAllFilter><![CDATA[(objectClass=inetOrgPerson)]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(uid={uid}))]]></getOneFilter>
<cleanFilter><![CDATA[(&(objectClass=inetOrgPerson)(uid={sAMAccountName}))]]></cleanFilter>
</ldapSourceService>
<ldapDestinationService>
<name>ad-dst-service</name>
<connection reference="AD" />
<baseDn>ou=utilisateurs,dc=ad,dc=dev,dc=tmb,dc=cd</baseDn>
<pivotAttributes>
<string>sAMAccountName</string>
</pivotAttributes>
<fetchedAttributes>
<string>cn</string>
<string>description</string>
<string>givenName</string>
<string>mail</string>
<string>objectclass</string>
<string>pwdLastSet</string>
<string>sAMAccountName</string>
<string>sn</string>
<string>unicodePwd</string>
<string>userAccountControl</string>
<string>userPrincipalName</string>
</fetchedAttributes>
<getAllFilter><![CDATA[(objectClass=user)]]></getAllFilter>
<getOneFilter><![CDATA[(&(objectClass=user)(sAMAccountName={uid}))]]></getOneFilter>
</ldapDestinationService>
<propertiesBasedSyncOptions>
<mainIdentifier>"cn=" + srcBean.getDatasetFirstValueById("cn") +
",ou=utilisateurs,dc=ad,dc=dev,dc=tmb,dc=cd"</mainIdentifier>
<defaultDelimiter>;</defaultDelimiter>
<defaultPolicy>FORCE</defaultPolicy>
<conditions>
<create>true</create>
<update>true</update>
<delete>true</delete>
<changeId>true</changeId>
</conditions>
<dataset>
<name>objectclass</name>
<policy>KEEP</policy>
<createValues>
<string>"user"</string>
<string>"organizationalPerson"</string>
<string>"person"</string>
<string>"top"</string>
</createValues>
</dataset>
<dataset>
<name>sAMAccountName</name>
<policy>KEEP</policy>
<createValues>
<string>srcBean.getDatasetFirstValueById("uid")</string>
</createValues>
</dataset>
<dataset>
<!-- userPrincipalName = uid + "@lsc-project.org" -->
<name>userPrincipalName</name>
<policy>FORCE</policy>
<forceValues>
<string>srcBean.getDatasetFirstValueById("uid") +
"@ad.dev.tmb.cd"</string>
</forceValues>
</dataset>
<dataset>
<name>userAccountControl</name>
<policy>KEEP</policy>
<createValues>
<string>AD.userAccountControlSet("0",
[AD.UAC_SET_PASSWD_NOTREQD,AD.UAC_SET_NORMAL_ACCOUNT])</string>
</createValues>
</dataset>
<dataset>
<!-- pwdLastSet = 0 to force user to change password on next connection
-->
<name>pwdLastSet</name>
<policy>KEEP</policy>
<createValues>
<string>"0"</string>
</createValues>
</dataset>
<dataset>
<!-- unicodePwd = "changeit" at creation (requires SSL connection to AD)
-->
<name>unicodePwd</name>
<policy>KEEP</policy>
<createValues>
<string>AD.getUnicodePwd(srcBean.getDatasetFirstValueById("userPassword"))</string>
</createValues>
</dataset>
</propertiesBasedSyncOptions>
</task>
</tasks>
<!-- ./audits Audits list node -->
<audits>
<!--./audit Audit node, here a CSV audit, may also be a LDIF or any contributed
audit type -->
<csvAudit>
<!-- ./name mandatory, audit name -->
<name>csv</name>
<!-- ./append optional, default to false, specify to create a new log file
or to append to the existing one -->
<append>true</append>
<!-- ./operations optional, comma separated list of operations (create,
delete, update or rename) -->
<operations>create, delete</operations>
<!-- ./file mandatory, define the location of the file where the CSV data
will be written -->
<file>/tmp/dump.csv</file>
<!-- ./datasets optional, comma separated list of datasets modification to
log -->
<datasets>cn, dn</datasets>
<!-- ./separator optional, default to ";", specify the values separator -->
<separator>,</separator>
</csvAudit>
</audits>
<!-- ./tasks Task list node, must contain at least one task -->
<!-- ./security This mandatory node contains the security settings used by LSC
-->
<security>
<!-- ./encryption This optional node contains the encryption settings -->
<encryption>
<!-- ./keyfile This optional node contains the keyfile location -->
<keyfile>etc/lsc.key</keyfile>
<!-- ./algorithm This optional node contains the encryption algorithm -->
<algorithm>AES</algorithm>
<!-- ./strength This optional node contains the algorithm key length -->
<strength>128</strength>
</encryption>
</security>
</lsc>
----------------------------------------
Bug #710: Cannot Update Password on Active Directory
http://tools.lsc-project.org/issues/710
Author: Dave John
Status: New
Priority: Normal
Assigned to:
Category:
Target version:
Problem in version:
hello everybody,
i'm new here so i beg your indulgence if i ever get to break any rules.
My problem is quite simple, well, i guess:
So I have an Active Directory on Windows Server 2003 and An OpenLDAP on CentOS
6.3, i'm trying to sync entries from OpenLDAP to AD.
So far so good, everything is working just fine with the right password but my
concern is that when i modify the 'userPassword' attribute on an OpenLDAP entry
and run LSC, it doesn't detect that a modification has been made. It's curious
because it doesn't have the same behavior with other attributes, i mean, when i
modify for instance the CN attribute on OpenLDAP, LSC does detect the change
and update the entry on AD.
So if you can help me out on this that'd be great.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://tools.lsc-project.org/my/account
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-dev mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-dev
