Hey there, I am working on one way syncing AD to OpenLDAP. I am seeing a difference in operation between using lsc in async vs sync mode.
If I start lsc like so: # bin/lsc -f etc -a all users are read from active directory using my filter correctly, and attributes are updated as I would expect. If I start lsc in async like so: # bin/lsc -f etc -s all lsc attempts to create users every time, and I will get a failure to add as the entry already exists. >From what I have read this sort of behavior shouldn't change using sync vs async, is that correct? It seems like an easy work around for now is to just use async and trigger an event. My second issue I believe is configuration. I have been using http://lsc-project.org/wiki/documentation/2.0/configuration/syncoptions as my guide for this. AD has a different objectclass than OpenLDAP. So in AD the objectClass will be OrgainzationalPerson, person In OpenLDAP it is Account, PossixAccount. I want the values in OpenLDAP to always be the OpenLDAP values, leave existing entries alone, and create new users with those values. I thought the way to do this would be to set policy to FORCE and defaultvalues to my requested values. This creates a new user ok, but existing users get trampled. If I set it to KEEP and defaultvalues to the requested values, existing users don't get messed with, but new users use the AD objectclass. I tried using forcevalues and createvalues with KEEP/FORCE as well, but am not having any luck getting the behavior I am looking for. Any tips? Thanks, Joel
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
