2012/9/28 Chris Visser <[email protected]> > Hi,**** > > ** >
Hi, > ** > > After the help and stating that I need to check my sync options. I went > back to the documentation, but I’m unable to figure out what to do.**** > > I’m trying to sync the sAMAccount to uid, and mail entries for Active > Directory users to my local Open LDAP server.**** > > ** ** > > Please look at what what’s wrong with my tasks since I can’t see or > understand what I’m missing, the documentation is just to unclear.**** > > ** > Documentation for the source LDAP service is http://lsc-project.org/wiki/documentation/2.0/configuration/service/sourceldap Documentation for the destination LDAP service is http://lsc-project.org/wiki/documentation/2.0/configuration/service/destinationldap You can see in this two files how configure filters to match yout entries. > ** > > The error I get is: **** > > ERROR - Unable to get object for > id=CN=Username,OU=GSSIT,OU=Users,OU=JHB,OU=Infrastructure,OU=Divisions,DC=RTT,DC=co,DC=za > **** > > For every user it finds in the AD, where CN=Username is equal to the CN > for that user.**** > LSC could not find you user in your source LDAP. Your getOneFilter is wrong. See further. > ** ** > > <task>**** > > <name>ad-src-task</name>**** > > <bean>org.lsc.beans.SimpleBean</bean>**** > > <ldapSourceService>**** > > <name>ad-src-service</name>**** > > <connection reference="AD" />**** > > <baseDn>ou=Divisions,dc=rtt,dc=co,dc=za</baseDn>**** > > <pivotAttributes>**** > > <string>samAccountName</string>**** > > </pivotAttributes>**** > > <fetchedAttributes>**** > > <string>sAMAccountName</string>**** > > <string>mail</string>**** > > </fetchedAttributes>**** > > <getAllFilter>(objectClass=person)</getAllFilter> > -> OK > **** > > > <getOneFilter>(&(objectClass=person)(uid={sAMAccountName}))</getOneFilter> > **** > -> KO ! (uid=..) will not work on AD. Use this instead: <getOneFilter>(&( objectClass=person)(sAMAccountName={sAMAccountName}))</getOneFilter> > > <getCleanFilter>(&(objectClass=person)(uid={sAMAccountName}))</getCleanFilter> > -> KO. Bad filter and bad pivot. <getCleanFilter>(&(objectClass=person)(sAMAccountName={uid}))</getCleanFilter> **** > > <interval>15</interval> > -> Delete it, it should not to be used with a simple LDAP source service. **** > > </ldapSourceService>**** > > <ldapDestinationService>**** > > <name>ldap-dst-service</name>**** > > <connection reference="OpenLDAP" />**** > > <baseDn>ou=Divisions,dc=rtt,dc=co,dc=za</baseDn>**** > > <pivotAttributes>**** > > <string>uid</string>**** > > </pivotAttributes>**** > > <fetchedAttributes>**** > > <string>objectClass</string>**** > > <string>uid</string>**** > > <string>mail</string>**** > > </fetchedAttributes>**** > > <getAllFilter>(objectClass=inetorgperson)</getAllFilter>**** > > <getOneFilter>((objectClass=inetorgperson))</getOneFilter>**** > How do you filter entries with such filter? Use: <getOneFilter>(&(objectClass=inetorgperson)(uid={sAMAccountName))</getOneFilter> > <getCleanFilter>((objectClass=inetorgperson))</getCleanFilter> > -> KO, this does not exists for a destination LDAP service. > **** > > </ldapDestinationService>**** > > <propertiesBasedSyncOptions>**** > > > <mainIdentifier>srcBean.getMainIdentifier("sAMAccountName")</mainIdentifier> > **** > -> KO, you should build the full DN here: <mainIdentifier>"uid=" + srcBean.getDatasetFirstValueById("sAMAccountName") + ",ou=Divisions,dc=rtt, dc=co,dc=za "</mainIdentifier> > <defaultDelimiter>;</defaultDelimiter>**** > > <defaultPolicy>FORCE</defaultPolicy>**** > > <dataset>**** > > <name>objectClass</name>**** > > <policy>FORCE</policy>**** > > <forceValues>**** > > <string>"top";"user";"person";"organizationalPerson"</string>**** > > </forceValues>**** > > </dataset>**** > > <dataset>**** > > <name>uid</name>**** > > <policy>FORCE</policy>**** > > <createValues>**** > > <string>srcBean.getDatasetFirstValueById("sAMAccountName")</string>* > *** > > </createValues>**** > > </dataset> > This a little short. You need at least to creat cn and sn attributes which are mandatory in inetorgperson entry. > **** > > </propertiesBasedSyncOptions>**** > > ** ** > > </task> > Clément.
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
