Le 7 mai 2013 21:36, "Sebastian Krieger" <[email protected]> a
écrit :
>
> Hey Community,
>
> I want to choose LSC for an internal project to grep all our AD Users and
hold them in sync with the projects OpenLDAP server.
> Now we run into a problem, where I stuck for a few days now.
>
> I can successfully sync our AD Users in the OpenLDAP. But when the sync
job is restarted, the LSC tries to create them again in the LDAP Server.
This seems not a Problem normally, since the DN already exists in LDAP and
the creation fails.
>
> But in our scenario, we have to create Posix users from the
sAMAccountName with Unique UIDNumber.
> For this I used the tutorial on the LSC project page (
http://lsc-project.org/wiki/documentation/2.0/configuration/syncoptions/sequences)
to have a counter available.
>
> My Problem is, that on every run when the Users should be synced, the
counter for the UIDNumber is increased by 1 for every user nether he must
be created or not.
>
> Has any one solved that problem in the past?
>
> I run LSC 2.0.2 in syncronous mode if.
>
> Here is the relevant xml task snippet.
>
> >>
>
> <tasks>
> <!-- BEGIN: TASK: Sync AD User -->
> <task>
> <name>CreateAdUser</name>
> <bean>org.lsc.beans.SimpleBean</bean>
>
> <ldapSourceService>
> <name>ad-src-service</name>
> <connection reference="AD" />
> <baseDn>dc=company,dc=group</baseDn>
>
> <pivotAttributes>
> <string>sAMAccountName</string>
> </pivotAttributes>
>
> <fetchedAttributes>
> <string>sAMAccountName</string>
> <string>cn</string>
> <string>givenName</string>
> <string>sn</string>
> </fetchedAttributes>
>
>
<getAllFilter>(&(objectClass=User)(objectCategory=Person)(|(sAMAccountName=b*)(sAMAccountName=e*))(!(sAMAccountName=company*)))</getAllFilter>
>
<getOneFilter>(&(objectClass=User)(objectCategory=Person)(sAMAccountName={sAMAccountName}))</getOneFilter>
> </ldapSourceService>
>
> <ldapDestinationService>
> <name>openldap-dst-service</name>
> <connection reference="OpenLDAP" />
> <baseDn>dc=lnxcim,dc=company,dc=group</baseDn>
>
> <pivotAttributes>
> <string>uid</string>
> </pivotAttributes>
>
> <fetchedAttributes>
> <string>dn</string>
> <string>sn</string>
> <string>cn</string>
> <string>uid</string>
> <string>givenName</string>
> <string>ObjectClass</string>
> <string>uidNumber</string>
> <string>gidNumber</string>
> <string>homeDirectory</string>
> <string>userPassword</string>
> </fetchedAttributes>
>
> <getAllFilter>(&(uid=*)(objectClass=inetOrgPerson))</getAllFilter>
> <getOneFilter>(&(objectClass=inetOrgPerson)(uid={uid}))</getOneFilter>
> </ldapDestinationService>
>
> <propertiesBasedSyncOptions>
>
> <!-- choose UID as DN in OpenLDAP -->
> <mainIdentifier>"uid=" +
srcBean.getDatasetFirstValueById("sAMAccountName") +
",ou=users,dc=lnxcim,dc=company,dc=group"</mainIdentifier>
>
> <defaultDelimiter>;</defaultDelimiter>
> <defaultPolicy>FORCE</defaultPolicy>
>
> <!-- ObjectClass -->
> <dataset>
> <name>objectClass</name>
> <policy>FORCE</policy>
> <forceValues>
> <string>"top"</string>
> <string>"person"</string>
> <string>"organizationalPerson"</string>
> <string>"inetOrgPerson"</string>
> <string>"posixAccount"</string>
> </forceValues>
> </dataset>
>
> <!-- sAMAccountName == UID -->
> <dataset>
> <name>uid</name>
> <policy>FORCE</policy>
> <createValues>
> <string>srcBean.getDatasetFirstValueById("sAMAccountName")</string>
> </createValues>
> </dataset>
>
> <!-- count up the uidNumber for every user
created, for this we have a cn with serialNumber attribute for count up in
the LDAP -->
> <dataset>
> <name>uidNumber</name>
> <policy>KEEP</policy>
> <createValues>
>
<string>SequencesFactory.getInstance(ldap.getJndiServices()).getNextValue("cn=uidNumberSequenceUnix,ou=LSC,ou=services,dc=lnxcim,dc=company,dc=group","serialNumber")</string>
> </createValues>
> </dataset>
>
> <!-- set users home -->
> <dataset>
> <name>homeDirectory</name>
> <policy>FORCE</policy>
> <createValues>
> <string>"/home/" +
srcBean.getDatasetFirstValueById("sAMAccountName")</string>
> </createValues>
> </dataset>
>
> <dataset>
> <name>givenName</name>
> <policy>FORCE</policy>
> <createValues>
> <string>srcBean.getDatasetFirstValueById("givenName")</string>
> </createValues>
> </dataset>
>
> <dataset>
> <name>sn</name>
> <policy>FORCE</policy>
> <createValues>
> <string>srcBean.getDatasetFirstValueById("sn")</string>
> </createValues>
> </dataset>
>
> <dataset>
> <name>cn</name>
> <policy>FORCE</policy>
> <createValues>
> <string>srcBean.getDatasetFirstValueById("cn")</string>
> </createValues>
> </dataset>
>
> <!-- create userPassword as SASL auth -->
> <dataset>
> <name>userPassword</name>
> <policy>FORCE</policy>
> <createValues>
> <string>"{SASL}" +
srcBean.getDatasetFirstValueById("sAMAccountName") +
"@company.group"</string>
> </createValues>
> </dataset>
> </propertiesBasedSyncOptions>
> </task>
> <!-- END: Task: Sync AD User -->
> </tasks>
>
Hi,
In the getOneFilter of destination service, use {samaccountname} instead of
{uid}.
Clément.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
