2012/8/21 dunkan <[email protected]>: > Hey there, > > The RDN for a group object has to change when going from AD to ldap, I see > how I can do this but everytime it tries to add a new entry instead of > update it. Am I missing something that you can see? > > Before forcing the RDN change the group does update members as expected. > > Looking at my example I need to modify my cn attribute as well, but I don't > think that is triggering the add, it would just be another attribute to > update. > > LSC: 2.0 > > AD object DN: role.ldap.groupname > LDAP object DN: groupname > > Here is what my config looks like: > > <propertiesBasedSyncOptions> > <mainIdentifier>var sname = srcBean.getDatasetFirstValueById("cn"); > var tmpname = sname.replaceAll("role.ldap.", ""); "cn=" + tmpname + > ",ou=group,dc=example,dc=com"</mainIdentifier> > <defaultDelimiter>$</defaultDelimiter> > <defaultPolicy>FORCE</defaultPolicy> > <conditions> > <create>true</create> > <update>true</update> > <delete>false</delete> > </conditions> > <dataset> > <name>cn</name> > <policy>KEEP</policy> > <createValues> > <string>srcBean.getDatasetFirstValueById("cn")</string> > </createValues> > </dataset> > <dataset> > <name>gidNumber</name> > <createValues> > <string>srcBean.getDatasetFirstValueById("gidNumber")</string> > </createValues> > </dataset> > <dataset> > <name>objectClass</name> > <policy>FORCE</policy> > <forceValues> > <string>"posixGroup"</string> > <string>"top"</string> > </forceValues> > </dataset> > <dataset> > <name>memberUid</name> > <forceValues> > <string> > var umembers = srcBean.getAttributeValuesById("member").toArray() ; for (var > i=0; i<umembers.length; i++ ) { try { var tokens = > umembers[i].split(",");(umembers[i] = srcLdap.attribute(tokens[0] + "," + > tokens[1], 'sAMAccountName').get(0)) } catch (e) {umembers[i]=null} } > umembers.toString(); umembers > </string> > </forceValues> > </dataset> > </propertiesBasedSyncOptions> > > The logs show what I expect, except for the add instead of update: > > g 21 20:29:15 - DEBUG - Loading XML configuration from: > /usr/src/lsc-2.0/etc/lsc.xml > Aug 21 20:29:15 - INFO - Reflections took 215 ms to scan 2 urls, producing > 64 keys and 249 values > Aug 21 20:29:15 - DEBUG - Importing XML schema file: > schemas/lsc-core-2.0.xsd > Aug 21 20:29:15 - DEBUG - Importing XML schema file: > schemas/lsc-nis-plugin-1.0.xsd > Aug 21 20:29:15 - INFO - Logging configuration successfully loaded from > /usr/src/lsc-2.0/etc/logback.xml > Aug 21 20:29:15 - INFO - LSC configuration successfully loaded from > /usr/src/lsc-2.0/etc/ > Aug 21 20:29:15 - INFO - Connecting to LDAP server > ldap://localhost/dc=example,dc=com as cn=manager,dc=example,dc=com > Aug 21 20:29:15 - INFO - Connecting to LDAP server > ldap://10.101.252.60/dc=itlab,dc=example,dc=com as jfoote@itlab > Aug 21 20:29:15 - INFO - Starting async for adGroup > Aug 21 20:29:15 - DEBUG - Asynchronous synchronize adGroup > Aug 21 20:29:15 - DEBUG - Using pagedResults control for 1000 entries at a > time > Aug 21 20:29:15 - DEBUG - In object > "cn=acme-dev,ou=group,dc=example,dc=com": List of attributes considered for > writing in destination: [cn, memberUid, gidNumber, objectClass] > Aug 21 20:29:15 - DEBUG - In object > "cn=acme-dev,ou=group,dc=example,dc=com": Attribute "cn" is in KEEP status > Aug 21 20:29:15 - DEBUG - In object > "cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute "cn" with values > [role.ldap.acme-dev] > Aug 21 20:29:15 - DEBUG - In object > "cn=acme-dev,ou=group,dc=example,dc=com": Attribute "memberUid" is in FORCE > status > Aug 21 20:29:15 - DEBUG - In object > "cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute "memberUid" with > values [newtest] > Aug 21 20:29:15 - DEBUG - In object > "cn=acme-dev,ou=group,dc=example,dc=com": Attribute "gidNumber" is in FORCE > status > Aug 21 20:29:15 - DEBUG - In object > "cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute "gidNumber" with > values [10001] > Aug 21 20:29:15 - DEBUG - In object > "cn=acme-dev,ou=group,dc=example,dc=com": Attribute "objectClass" is in > FORCE status > Aug 21 20:29:15 - DEBUG - In object > "cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute "objectClass" > with values [posixGroup, top] > Aug 21 20:29:15 - ERROR - Error while adding entry > cn=acme-dev,ou=group,dc=example,dc=com in directory > :javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - Entry > Already Exists]; remaining name 'cn=acme-dev,ou=group' > >
Are you sure the group in the destination is found by LSC? Don't you have a destination filter problem? Clément. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
