Here is the script I use in production to convert the AD group members to
the LDAP group. It is a little heavy since it needs to look up every member
to get their samacountname, since the the members in AD use the CN (full
name) and in LDAP use just the login (samaccountname). The IF statement
was to work around some problem that I came across that I don't remember
what it was now, so you might be able to ditch that.
This works great for me so far though.
Hope that helps.
<string>
var umembers =
srcBean.getAttributeValuesById("member").toArray() ; for (var i=0;
i<umembers.length; i++ ) { try { var tokens =
umembers[i].split(",");if(tokens.length >5){var sname = tokens[0]; var
tmpname = sname.replaceAll("CN=", "");umembers[i] = tmpname;} else
{(umembers[i] = srcLdap.attribute(tokens[0] + "," + tokens[1],
'sAMAccountName').get(0));} } catch (e) {umembers[i]=null} }
umembers.toString(); umembers
</string>
-Joel
On Mon, Oct 22, 2012 at 2:23 AM, Christian Bösch <[email protected]> wrote:
>
> On Oct 22, 2012, at 9:31 , Clément OUDOT <[email protected]> wrote:
>
> > 2012/10/22 Christian Bösch <[email protected]>:
> >>
> >> On Oct 19, 2012, at 14:36 , Clément OUDOT <[email protected]> wrote:
> >>
> >>> 2012/10/19 Christian Bösch <[email protected]>:
> >>>> Hi Clement,
> >>>>
> >>>> This had the effect that all the members have been deleted in the AD
> group.
> >>>>
> >>>> Oct 19 14:19:15 - INFO - # Updating object
> CN=ou-is,OU=FHgroups,DC=ad,DC=abc,DC=net for groups
> >>>> dn: CN=ou-is,OU=FHgroups,DC=ad,DC=abc,DC=net
> >>>> changetype: modify
> >>>> delete: member
> >>>>
> >>>
> >>> So try with :
> >>>
> >>> var members = [];
> >>>
> >>> You should just get a compliant javacript code, LSC will jsut run it
> into Rhino.
> >>
> >> Hi Clement,
> >>
> >> Still no success.
> >> So to test I set members manually:
> >>
> >> <string><![CDATA[
> >> var members = ['CN=Lastname
> Firstname,OU=FHusers,DC=ad,DC=abc,DC=net'];
> >> members
> >> ]]></string>
> >>
> >> But there is still the error:
> >>
> >> ERROR - Error while modifying entry
> CN=ou-is,OU=FHgroups,DC=ad,DC=abc,DC=net in directory
> :javax.naming.OperationNotSupportedException: [LDAP: error code 53 -
> 0000054F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0
> >> ]; remaining name 'CN=ou-is,OU=FHgroups'
> >> ERROR - Error while synchronizing ID
> CN=ou-is,OU=FHgroups,DC=ad,DC=abc,DC=net: java.lang.NullPointerException
> >> dn: CN=ou-is,OU=FHgroups,DC=ad,DC=abc,DC=net
> >> changetype: modify
> >> replace: member
> >> member: sun.org.mozilla.javascript.NativeArray@f052d5
> >>
> >
> > Here is a sample code that transform uniqueMember values (DN) into
> > memberUid values (uid) :
> >
> > <dataset>
> > <name>memberUid</name>
> > <policy>FORCE</policy>
> > <defaultValues></defaultValues>
> > <forceValues>
> > <string>
> > <![CDATA[
> > var membersSrcDn =
> srcBean.getDatasetValuesById("uniqueMember");
> > var memberUidValues = [];
> > for (var i=0; i<membersSrcDn.size(); i++) {
> > var memberSrcDn = membersSrcDn.get(i);
> > var agriUid = "";
> > try {
> > agriUid =
> > srcLdap.attribute(memberSrcDn, "uid").get(0);
> > } catch(e) {
> > continue;
> > }
> > var destMembersDn = ldap.search("ou=users",
> > "(agriUid=" + agriUid + ")");
> > if (destMembersDn.size() == 0 ||
> > destMembersDn.size() > 1) {
> > continue;
> > }
> > var destMemberDn = destMembersDn.get(0);
> > var memberUid = ldap.attribute(destMemberDn,
> > "uid").get(0);
> > memberUidValues.push (memberUid);
> > }
> > memberUidValues
> > ]]>
> > </string>
> > </forceValues>
> > <createValues></createValues>
> > </dataset>
> >
> >
> > Hope this can help you to get a correct script.
>
> I don't think that the reason is the script itself.
> If I set only one member static with:
> var members = "CN=Name1,OU=FHusers,DC=ad,DC=abc,DC=net";
> members
> it works.
>
> As soon as I use an array (with only 2 static entries) the problem occurs.
> var members =
> ["CN=Name1,OU=FHusers,DC=ad,DC=abc,DC=net","CN=Name2,OU=FHusers,DC=ad,DC=abc,DC=net"];
> members
>
> I also tried to change the defaultDelimiter, but without success...
>
> Chris
> >
> > Clément.
>
>
> _______________________________________________________________
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>
> lsc-users mailing list
> [email protected]
> http://lists.lsc-project.org/listinfo/lsc-users
>
>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
