Hi all I trying to do a sync users and groups from my OpenLDAP to ActiveDirectory 2008 R2.
When I run bin/lsc -f etc/ -s all , it work's fine, all of my openldap users are sync to my ActiveDirectory. The problem is when i run bin/lsc -f etc/ -c all , only all of my users are deleted, the groups stay ok in AD. So, just the groups work fine, if a delete the group "Developers" from my OpenLDAP and run bin/lsc -f etc/ -c all , just this group is deleted from ActiveDirectory, but the users are all deleted. this is my lsc.properties Thanks ! ### Source ### src.java.naming.security.principal=cn=Manager,dc=domain,dc=test src.java.naming.security.credentials=supersecret src.java.naming.security.authentication=simple src.java.naming.referral=ignore src.java.naming.provider.url=ldap://localhost/dc=domain,dc=test src.java.naming.ldap.version=3 src.java.naming.ldap.derefAliases=never src.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory ### Destination ### dst.java.naming.security.principal=CN=LSC,CN=Users,dc=ad,dc=test dst.java.naming.security.credentials=supersecret dst.java.naming.security.authentication=simple dst.java.naming.referral=ignore dst.java.naming.provider.url=ldap://10.1.190.17/dc=ad,dc=test dst.java.naming.ldap.version=3 dst.java.naming.ldap.derefAliases=never dst.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory dst.java.naming.ldap.pageSize = 1000 #dst.java.naming.tls = true ### Tasks ### lsc.tasks=user lsc.tasks=group ### User ### lsc.tasks.user.condition.create = 1 lsc.tasks.user.condition.update = 1 lsc.tasks.user.condition.delete = 1 lsc.tasks.user.condition.modrdn = 1 lsc.tasks.user.bean=org.lsc.beans.SimpleBean lsc.tasks.user.dn = "CN=" + srcBean.getAttributeValueById("uid") + ",CN=Users" # Source lsc.tasks.user.srcService=org.lsc.jndi.SimpleJndiSrcService lsc.tasks.user.srcService.filterAll=(&(objectClass=inetOrgPerson)(uid=*)) lsc.tasks.user.srcService.filterId = (&(objectClass=inetOrgPerson)(|(uid={uid})(uid={sAMAccountName}))) lsc.tasks.user.srcService.baseDn=ou=Pessoas lsc.tasks.user.srcService.attrs= uid sambaLogonScript homeDirectory lsc.tasks.user.srcService.pivotAttrs = uid # Destination lsc.tasks.user.dstService=org.lsc.jndi.SimpleJndiDstService lsc.tasks.user.dstService.baseDn=cn=Users lsc.tasks.user.dstService.attrs = sAMAccountName userAccountControl objectClass userPrincipalName pwdLastSet scriptPath homeDirectory lsc.tasks.user.dstService.filterAll=(&(objectClass=person)(sAMAccountName=*)(!(sAMAccountName=Administrator))(!(sAMAccountName=Guest))(!(sAMAccountName=krbtgt))(!(sAMAccountName=LSC))) lsc.tasks.user.dstService.filterId = (&(objectClass=person)(sAMAccountName={uid})) lsc.tasks.user.dstService.pivotAttrs = uid ### Group ### lsc.tasks.group.condition.create = 1 lsc.tasks.group.condition.update = 1 lsc.tasks.group.condition.delete = 1 lsc.tasks.group.condition.modrdn = 1 lsc.tasks.group.dn = "CN=" + srcBean.getAttributeValueById("cn") + ",CN=Users" lsc.tasks.group.bean=org.lsc.beans.SimpleBean # Source lsc.tasks.group.srcService=org.lsc.jndi.SimpleJndiSrcService lsc.tasks.group.srcService.filterAll = (&(objectClass=posixGroup)(cn=*)) lsc.tasks.group.srcService.filterId = (&(objectClass=posixGroup)(cn={cn})) lsc.tasks.group.srcService.baseDn=ou=Grupos lsc.tasks.group.srcService.attrs=cn objectClass memberUid lsc.tasks.group.srcService.pivotAttrs = cn # Destination lsc.tasks.group.dstService=org.lsc.jndi.SimpleJndiDstService lsc.tasks.group.dstService.baseDn=cn=Users lsc.tasks.group.dstService.attrs = cn objectClass member sAMAccountName lsc.tasks.group.dstService.pivotAttrs = cn lsc.tasks.group.dstService.filterAll = (&(objectClass=group)(sAMAccountName=*)(!(sAMAccountName=DnsAdmins))(!(sAMAccountName=DnsUpdateProxy))(!(sAMAccountName=Domain Computers))(!(sAMAccountName=Domain Controllers))(!(sAMAccountName=Schema Admins))(!(sAMAccountName=Enterprise Admins))(!(sAMAccountName=Cert Publishers))(!(sAMAccountName=Domain Admins))(!(sAMAccountName=Domain Users))(!(sAMAccountName=Domain Guests))(!(sAMAccountName=Group Policy Creator Owners))(!(sAMAccountName=RAS and IAS Servers))(!(sAMAccountName=Allowed RODC Password Replication Group))(!(sAMAccountName=Denied RODC Password Replication Group))(!(sAMAccountName=Read-only Domain Controllers))(!(sAMAccountName=Enterprise Read-only Domain Controllers))) lsc.tasks.group.dstService.filterId = (&(objectClass=group)(cn={cn})) ### Syncoptions ### ### User ### lsc.syncoptions.user = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions lsc.syncoptions.user.default.action = K lsc.syncoptions.user.objectClass.action = F lsc.syncoptions.user.objectClass.force_value = "top";"user";"person";"organizationalPerson" lsc.syncoptions.user.sAMAccountName.create_value = srcBean.getAttributeValueById("uid") lsc.syncoptions.user.scriptPath.create_value = srcBean.getAttributeValueById("sambaLogonScript") lsc.syncoptions.user.userPrincipalName.force_value = srcBean.getAttributeValueById("uid") + "@ad.test" lsc.syncoptions.user.userAccountControl.create_value = AD.userAccountControlSet( "0", [ AD.UAC_SET_PASSWD_NOTREQD,AD.UAC_SET_NORMAL_ACCOUNT ]) lsc.syncoptions.user.pwdLastSet.create_value = "-1" ### Group ### lsc.syncoptions.group = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions lsc.syncoptions.group.sAMAccountName.create_value = srcBean.getAttributeValueById("cn") lsc.syncoptions.group.default.action = K lsc.syncoptions.group.objectClass.force_value = "top";"group" lsc.syncoptions.group.member.delimiter = $ lsc.syncoptions.group.member.force_value = \ var umembers = \ srcBean.getAttributeValuesById("memberUid").toArray() ; \ for (var i=0; i<umembers.length; i++ ) { \ try { \ umembers[i] = ldap.attribute(ldap.list("CN=Users","(sAMAccountName=" + (umembers[i]) + ")").get(0), 'distinguishedName').get(0) \ } catch (e) { \ umembers[i]=null; \ } \ } \ var members = new Array(); \ var j=0; \ for (var i=0; i<umembers.length; i++) { \ if (umembers[i]!=null) members[j++]=umembers[i]; \ } \ members;
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
