I need to give myself a wait 2 hours rule before posting, I was able to
figure this out. I think the documentation in this could use a bit of work
:)
This is the clean filter that works:
<cleanFilter>(& (uidNumber=*) (sAMAccountName={uid}))</cleanFilter>
So it searches the source directory, for the source attribute, with the
destination value.
Hope this helps someone else in the future.
-Joel
On Mon, Sep 17, 2012 at 6:36 PM, dunkan <[email protected]> wrote:
> Hey there,
>
> I am nearly ready to use LSC in production syncing our AD to
> LDAP environment. There is one last problem that I thought I had a handle
> one, but testing is leaving me baffled.
>
> I can add and update entries without a problem, but deleting them does not
> seem to work out. I believe I need to use the clean phase in order to
> delete, but regardless of the cleanfilter I set it always deletes all
> entries.
>
> I tried both of these:
>
> <getAllFilter>(& (objectClass=user) (sAMAccountName=*)
> (uidNumber=*))</getAllFilter>
> <getOneFilter>(& (objectClass=user)
> (uidNumber=*)(sAMAccountName={sAMAccountName}) )</getOneFilter>
>
> <cleanFilter>(&(objectClass=posixAccount)(uid={sAMAccountName}))</cleanFilter>
>
> <getAllFilter>(& (objectClass=user) (sAMAccountName=*)
> (uidNumber=*))</getAllFilter>
> <getOneFilter>(& (objectClass=user)
> (uidNumber=*)(sAMAccountName={sAMAccountName}) )</getOneFilter>
> <cleanFilter>(& (objectClass=user)
> (uidNumber=*)(sAMAccountName={sAMAccountName}) )</cleanFilter>
>
> I saw another user recently mention that changing the pivot attribute to
> samaccountname works, (I don't understand why) but that didnt make any
> difference.
>
> Should the clean filter be looking for what exists in the destination
> directory using the source attributes? Anything that matches should be
> left alone right?
>
> One other thing to mention, when looking at the ldap logs, I'm not sure if
> the search is quite right:
>
> Sep 18 01:35:18 netops-dev-2 slapd[12236]: conn=11587 op=1 SRCH
> base="dc=example,dc=com" scope=0 deref=0 filter="(objectClass=*)"
> Sep 18 01:35:18 netops-dev-2 slapd[12236]: conn=11587 op=1 SEARCH RESULT
> tag=101 err=0 nentries=1 text=
> Sep 18 01:35:18 netops-dev-2 slapd[12236]: conn=11587 op=2 SRCH
> base="ou=people,dc= example,dc=com" scope=2 deref=0
> filter="(objectClass=posixAccount)"
> Sep 18 01:35:18 netops-dev-2 slapd[12236]: conn=11587 op=2 SRCH
> attr=sAMAccountName objectClass javaSerializedData javaClassName
> javaFactory javaCodeBase javaReferenceAddress javaClassNames
> javaRemoteLocation
>
>
> Thanks for the help,
>
> Joel
>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
