It looks like FORCE, with forcevalues will always put what I need, so that part is working out now.
I'm not sure about the async job though. How does it determine that it needs to update? The logs give the indication that it is searching every 5 seconds, but changes don't show up. If I stop and re-run it again they are always picked up. -Joel On Mon, Aug 6, 2012 at 7:02 PM, dunkan <[email protected]> wrote: > Hey there, > > I am working on one way syncing AD to OpenLDAP. I am seeing a difference > in operation between using lsc in async vs sync mode. > > If I start lsc like so: > > # bin/lsc -f etc -a all > > users are read from active directory using my filter correctly, and > attributes are updated as I would expect. > > If I start lsc in async like so: > > # bin/lsc -f etc -s all > > lsc attempts to create users every time, and I will get a failure to add > as the entry already exists. > > From what I have read this sort of behavior shouldn't change using sync vs > async, is that correct? > It seems like an easy work around for now is to just use async and trigger > an event. > > > My second issue I believe is configuration. I have been using > http://lsc-project.org/wiki/documentation/2.0/configuration/syncoptions as > my guide for this. > > AD has a different objectclass than OpenLDAP. > > So in AD the objectClass will be OrgainzationalPerson, person > In OpenLDAP it is Account, PossixAccount. > > I want the values in OpenLDAP to always be the OpenLDAP values, leave > existing entries alone, and create new users with those values. > > I thought the way to do this would be to set policy to FORCE and > defaultvalues to my requested values. > This creates a new user ok, but existing users get trampled. > > If I set it to KEEP and defaultvalues to the requested values, existing > users don't get messed with, but new users use the AD objectclass. > > I tried using forcevalues and createvalues with KEEP/FORCE as well, but am > not having any luck getting the behavior I am looking for. > > Any tips? > > Thanks, > Joel > > >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
