2010/6/4 Alexey Wasilyev <awasil...@griddynamics.com>: > Hello > > With your help, syncing of users from ldap to ad works ok. Now it's tyme to > sync groups. > I try to write config according to > http://lsc-project.org/wiki/documentation/1.1/tutorials/synchronizegroups > Can you explain me javascript, used for > lsc.syncoptions.group.member.force_value? > Here is my config: > > lsc.tasks.group.bean = org.lsc.beans.SimpleBean > lsc.tasks.group.dn = "cn=" + srcBean.getAttributeValueById("cn") + > ",ou=groups" > lsc.tasks.group.srcService = org.lsc.jndi.SimpleJndiSrcService > lsc.tasks.group.srcService.attrs = cn description memberUid > lsc.tasks.group.srcService.baseDn = ou=groups > lsc.tasks.group.srcService.filterAll = (objectClass=groupOfNames) > lsc.tasks.group.srcService.filterId = (&(objectClass=groupOfNames)(cn={cn})) > lsc.tasks.group.srcService.pivotAttrs = cn > lsc.tasks.group.dstService = org.lsc.jndi.SimpleJndiDstService > lsc.tasks.group.dstService.attrs = cn description member objectClass > lsc.tasks.group.dstService.baseDn = ou=groups > lsc.tasks.group.dstService.filterAll = (objectClass=group) > lsc.tasks.group.dstService.filterId = (&(objectClass=group)(cn={cn})) > lsc.tasks.group.dstService.pivotAttrs = cn > lsc.syncoptions.group = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions > lsc.syncoptions.group.default.action = F > lsc.syncoptions.group.objectClass.force_value = "top";"group" > lsc.syncoptions.group.member.delimiter = $ > lsc.syncoptions.group.member.force_value = \ > var umembers = srcBean.getAttributeValuesById("member").toArray() ; \ > for (var i=0; i<umembers.length; i++ ) { \ > try { \ > umembers[i] = ldap.attribute(ldap.list( > "cn=users","(sAMAccountName=" + (srcLdap.attribute(umembers[i], > 'uid').get(0) + ")")).get(0), 'distinguishedname').get(0) \ > } catch (e) { \ > umembers[i]=null \ > } \ > } \ > var members = new Array(); \ > var j=0; \ > for (var i=0; i<umembers.length; i++) { \ > if (umembers[i]!=null) members[j++]=umembers[i] \ > } \ > members > > Our openldap don't have uniqueMember attribute, i change it with Member. > Same thing for groupOfUniqueNames -> groupOfNames. > Also, we don't have distinguishedname attribute in openldap, and i don't > know how to replace it. > In this configuration groups syncing ok, but withous memberships.
Hi, the distinguishedname is the AD attribute name in which we can find user DN. This is used to store the AD user DN in the AD group; So the javascript code seems good. Clément. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list lsc-users@lists.lsc-project.org http://lists.lsc-project.org/listinfo/lsc-users
