Is it possible that the decision to create/update is made before the RDN change?
Is changing the mainidentifier the right way to go about this, is the concept possible? -Joel On Wed, Aug 22, 2012 at 12:31 AM, dunkan <[email protected]> wrote: > I believe it is found. > > The logs show: > "cn=acme-dev,ou=group,dc=example,dc=com": List of > attributes considered for > > writing in destination: [cn, memberUid, gidNumber, objectClass] > > That is what I expect the destination to be. My destination service is > pretty generic and matches. > > The get one filter will be reading the dn on the destination right, so > the cn will already be the proper one. > > <ldapDestinationService> > <name>openldapgroup-dst-service</name> > <connection reference="openLDAP" /> > <baseDn>ou=group,dc=example,dc=com</baseDn> > <pivotAttributes><string>cn</string></pivotAttributes> > <fetchedAttributes> > <string>objectClass</string> > <string>cn</string> > <string>gidNumber</string> > <string>memberUid</string> > </fetchedAttributes> > <getAllFilter>(objectClass=posixGroup)</getAllFilter> > > <getOneFilter>(&(objectClass=posixGroup)(cn={cn}))</getOneFilter> > </ldapDestinationService> > > Any suggestion on what I should change? > > On Tue, Aug 21, 2012 at 11:56 PM, Clément OUDOT <[email protected]>wrote: > >> 2012/8/21 dunkan <[email protected]>: >> > Hey there, >> > >> > The RDN for a group object has to change when going from AD to ldap, I >> see >> > how I can do this but everytime it tries to add a new entry instead of >> > update it. Am I missing something that you can see? >> > >> > Before forcing the RDN change the group does update members as expected. >> > >> > Looking at my example I need to modify my cn attribute as well, but I >> don't >> > think that is triggering the add, it would just be another attribute to >> > update. >> > >> > LSC: 2.0 >> > >> > AD object DN: role.ldap.groupname >> > LDAP object DN: groupname >> > >> > Here is what my config looks like: >> > >> > <propertiesBasedSyncOptions> >> > <mainIdentifier>var sname = >> srcBean.getDatasetFirstValueById("cn"); >> > var tmpname = sname.replaceAll("role.ldap.", ""); "cn=" + tmpname + >> > ",ou=group,dc=example,dc=com"</mainIdentifier> >> > <defaultDelimiter>$</defaultDelimiter> >> > <defaultPolicy>FORCE</defaultPolicy> >> > <conditions> >> > <create>true</create> >> > <update>true</update> >> > <delete>false</delete> >> > </conditions> >> > <dataset> >> > <name>cn</name> >> > <policy>KEEP</policy> >> > <createValues> >> > <string>srcBean.getDatasetFirstValueById("cn")</string> >> > </createValues> >> > </dataset> >> > <dataset> >> > <name>gidNumber</name> >> > <createValues> >> > <string>srcBean.getDatasetFirstValueById("gidNumber")</string> >> > </createValues> >> > </dataset> >> > <dataset> >> > <name>objectClass</name> >> > <policy>FORCE</policy> >> > <forceValues> >> > <string>"posixGroup"</string> >> > <string>"top"</string> >> > </forceValues> >> > </dataset> >> > <dataset> >> > <name>memberUid</name> >> > <forceValues> >> > <string> >> > var umembers = srcBean.getAttributeValuesById("member").toArray() ; for >> (var >> > i=0; i<umembers.length; i++ ) { try { var tokens = >> > umembers[i].split(",");(umembers[i] = srcLdap.attribute(tokens[0] + "," >> + >> > tokens[1], 'sAMAccountName').get(0)) } catch (e) {umembers[i]=null} } >> > umembers.toString(); umembers >> > </string> >> > </forceValues> >> > </dataset> >> > </propertiesBasedSyncOptions> >> > >> > The logs show what I expect, except for the add instead of update: >> > >> > g 21 20:29:15 - DEBUG - Loading XML configuration from: >> > /usr/src/lsc-2.0/etc/lsc.xml >> > Aug 21 20:29:15 - INFO - Reflections took 215 ms to scan 2 urls, >> producing >> > 64 keys and 249 values >> > Aug 21 20:29:15 - DEBUG - Importing XML schema file: >> > schemas/lsc-core-2.0.xsd >> > Aug 21 20:29:15 - DEBUG - Importing XML schema file: >> > schemas/lsc-nis-plugin-1.0.xsd >> > Aug 21 20:29:15 - INFO - Logging configuration successfully loaded from >> > /usr/src/lsc-2.0/etc/logback.xml >> > Aug 21 20:29:15 - INFO - LSC configuration successfully loaded from >> > /usr/src/lsc-2.0/etc/ >> > Aug 21 20:29:15 - INFO - Connecting to LDAP server >> > ldap://localhost/dc=example,dc=com as cn=manager,dc=example,dc=com >> > Aug 21 20:29:15 - INFO - Connecting to LDAP server >> > ldap://10.101.252.60/dc=itlab,dc=example,dc=com as jfoote@itlab >> > Aug 21 20:29:15 - INFO - Starting async for adGroup >> > Aug 21 20:29:15 - DEBUG - Asynchronous synchronize adGroup >> > Aug 21 20:29:15 - DEBUG - Using pagedResults control for 1000 entries >> at a >> > time >> > Aug 21 20:29:15 - DEBUG - In object >> > "cn=acme-dev,ou=group,dc=example,dc=com": List of attributes >> considered for >> > writing in destination: [cn, memberUid, gidNumber, objectClass] >> > Aug 21 20:29:15 - DEBUG - In object >> > "cn=acme-dev,ou=group,dc=example,dc=com": Attribute "cn" is in KEEP >> status >> > Aug 21 20:29:15 - DEBUG - In object >> > "cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute "cn" with >> values >> > [role.ldap.acme-dev] >> > Aug 21 20:29:15 - DEBUG - In object >> > "cn=acme-dev,ou=group,dc=example,dc=com": Attribute "memberUid" is in >> FORCE >> > status >> > Aug 21 20:29:15 - DEBUG - In object >> > "cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute "memberUid" >> with >> > values [newtest] >> > Aug 21 20:29:15 - DEBUG - In object >> > "cn=acme-dev,ou=group,dc=example,dc=com": Attribute "gidNumber" is in >> FORCE >> > status >> > Aug 21 20:29:15 - DEBUG - In object >> > "cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute "gidNumber" >> with >> > values [10001] >> > Aug 21 20:29:15 - DEBUG - In object >> > "cn=acme-dev,ou=group,dc=example,dc=com": Attribute "objectClass" is in >> > FORCE status >> > Aug 21 20:29:15 - DEBUG - In object >> > "cn=acme-dev,ou=group,dc=example,dc=com": Adding attribute >> "objectClass" >> > with values [posixGroup, top] >> > Aug 21 20:29:15 - ERROR - Error while adding entry >> > cn=acme-dev,ou=group,dc=example,dc=com in directory >> > :javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - Entry >> > Already Exists]; remaining name 'cn=acme-dev,ou=group' >> > >> > >> >> Are you sure the group in the destination is found by LSC? Don't you >> have a destination filter problem? >> >> Clément. >> > >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
