2012/9/28 Chris Visser <[email protected]>

>  Hi,****
>
> **
>

Hi,


> **
>
> After the help and stating that I need to check my sync options. I went
> back to the documentation, but I’m unable to figure out what to do.****
>
> I’m trying to sync the sAMAccount to uid, and mail entries for Active
> Directory users to my local Open LDAP server.****
>
> ** **
>
> Please look at what what’s wrong with my tasks since I can’t see or
> understand what I’m missing, the documentation is just to unclear.****
>
> **
>


Documentation for the source LDAP service is
http://lsc-project.org/wiki/documentation/2.0/configuration/service/sourceldap

Documentation for the destination LDAP service is
http://lsc-project.org/wiki/documentation/2.0/configuration/service/destinationldap

You can see in this two files how configure filters to match yout entries.

>  **
>
> The error I get  is: ****
>
> ERROR - Unable to get object for
> id=CN=Username,OU=GSSIT,OU=Users,OU=JHB,OU=Infrastructure,OU=Divisions,DC=RTT,DC=co,DC=za
> ****
>
> For every user it finds in the AD, where CN=Username is equal to the CN
> for that user.****
>

LSC could not find you user in your source LDAP. Your getOneFilter is
wrong. See further.



> ** **
>
> <task>****
>
>       <name>ad-src-task</name>****
>
>       <bean>org.lsc.beans.SimpleBean</bean>****
>
>        <ldapSourceService>****
>
>         <name>ad-src-service</name>****
>
>         <connection reference="AD" />****
>
>         <baseDn>ou=Divisions,dc=rtt,dc=co,dc=za</baseDn>****
>
>         <pivotAttributes>****
>
>           <string>samAccountName</string>****
>
>         </pivotAttributes>****
>
>         <fetchedAttributes>****
>
>           <string>sAMAccountName</string>****
>
>           <string>mail</string>****
>
>         </fetchedAttributes>****
>
>         <getAllFilter>(objectClass=person)</getAllFilter>
>

-> OK


> ****
>
>
> <getOneFilter>(&amp;(objectClass=person)(uid={sAMAccountName}))</getOneFilter>
> ****
>

-> KO ! (uid=..) will not work on AD. Use this instead:

  <getOneFilter>(&amp;(

objectClass=person)(sAMAccountName={sAMAccountName}))</getOneFilter>




>
> <getCleanFilter>(&amp;(objectClass=person)(uid={sAMAccountName}))</getCleanFilter>
>

-> KO. Bad filter and bad pivot.

 
<getCleanFilter>(&amp;(objectClass=person)(sAMAccountName={uid}))</getCleanFilter>



****
>
>         <interval>15</interval>
>

-> Delete it, it should not to be used with a simple LDAP source service.


****
>
>      </ldapSourceService>****
>
>      <ldapDestinationService>****
>
>         <name>ldap-dst-service</name>****
>
>         <connection reference="OpenLDAP" />****
>
>         <baseDn>ou=Divisions,dc=rtt,dc=co,dc=za</baseDn>****
>
>         <pivotAttributes>****
>
>           <string>uid</string>****
>
>         </pivotAttributes>****
>
>         <fetchedAttributes>****
>
>           <string>objectClass</string>****
>
>           <string>uid</string>****
>
>           <string>mail</string>****
>
>         </fetchedAttributes>****
>
>         <getAllFilter>(objectClass=inetorgperson)</getAllFilter>****
>
>         <getOneFilter>((objectClass=inetorgperson))</getOneFilter>****
>

How do you filter entries with such filter? Use:


<getOneFilter>(&amp;(objectClass=inetorgperson)(uid={sAMAccountName))</getOneFilter>



>         <getCleanFilter>((objectClass=inetorgperson))</getCleanFilter>
>

-> KO, this does not exists for a destination LDAP service.


> ****
>
>      </ldapDestinationService>****
>
>    <propertiesBasedSyncOptions>****
>
>
> <mainIdentifier>srcBean.getMainIdentifier("sAMAccountName")</mainIdentifier>
> ****
>

-> KO, you should build the full DN here:

<mainIdentifier>"uid=" +
srcBean.getDatasetFirstValueById("sAMAccountName") + ",ou=Divisions,dc=rtt,

dc=co,dc=za
"</mainIdentifier>



>     <defaultDelimiter>;</defaultDelimiter>****
>
>     <defaultPolicy>FORCE</defaultPolicy>****
>
>     <dataset>****
>
>      <name>objectClass</name>****
>
>      <policy>FORCE</policy>****
>
>      <forceValues>****
>
>       <string>"top";"user";"person";"organizationalPerson"</string>****
>
>      </forceValues>****
>
>     </dataset>****
>
> <dataset>****
>
>      <name>uid</name>****
>
>      <policy>FORCE</policy>****
>
>      <createValues>****
>
>       <string>srcBean.getDatasetFirstValueById("sAMAccountName")</string>*
> ***
>
>      </createValues>****
>
>     </dataset>
>


This a little short. You need at least to creat cn and sn attributes which
are mandatory in inetorgperson entry.


> ****
>
>    </propertiesBasedSyncOptions>****
>
> ** **
>
>     </task>
>


Clément.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to