Re: [lsc-users] openldap to AD sync

Fri, 23 Aug 2013 01:27:34 -0700 

2013/8/22 N E N U <[email protected]>

> Hi,
>
> I am having trouble syncing users from openldap to AD, below is the config
> i am using.
> error: synchronization aborted because no source object has been found !
> can you direct me through my errors.
>
> lsc.xml
>
>
> <?xml version="1.0" ?>
> <lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.0.xsd"; id="1"
> revision="0">
>   <connections>
>     <ldapConnection>
>       <name>AD</name>
>       <url>xxxxxx</url>
>       <username>xxxxxxxx</username>
>       <password>xxxxxxxxx</password>
>       <authentication>SIMPLE</authentication>
>       <pageSize>1000</pageSize>
>     </ldapConnection>
>     <ldapConnection>
>       <name>openldap</name>
>       <url>xxxxxxxxxxxxxxxx</url>
>       <username>xxxxxxxxxxxxxxxxxxxxx</username>
>       <password>xxxxxxxxxxxxxxxxxxxx</password>
>       <authentication>SIMPLE</authentication>
>       <pageSize>1000</pageSize>
>     </ldapConnection>
>   </connections>
>   <tasks>
>     <task>
>       <name>FullAD</name>
>       <bean>org.lsc.beans.SimpleBean</bean>
> <ldapSourceService>
>         <name>openldap-source-service</name>
>         <connection reference="openldap" />
>         <baseDn>ou=People,dc=xx,dc=xx</baseDn>
>         <pivotAttributes>
>           <string>uid</string>
>         </pivotAttributes>
>         <fetchedAttributes>
>           <string>description</string>
>           <string>cn</string>
>           <string>sn</string>
>           <string>userPassword</string>
>           <string>objectClass</string>
>           <string>uid</string>
>           <string>mail</string>
>         </fetchedAttributes>
>
> <getAllFilter>(&amp;(uid=*)(objectClass=inetOrgPerson))</getAllFilter>
>
> <getOneFilter>(&amp;(objectClass=user)(sAMAccountName={uid}))</getOneFilter>
>       </ldapSourceService>
>       <ldapDestinationService>
>         <name>opends-dst-service</name>
>         <connection reference="AD" />
>         <baseDn>ou=Users,ou=test,dc=yy,dc=yy</baseDn>
>         <pivotAttributes>
>           <string>saMAccountName</string>
>         </pivotAttributes>
>          <fetchedAttributes>
>           <string>description</string>
>           <string>cn</string>
>           <string>sn</string>
>           <string>userPassword</string>
>           <string>objectClass</string>
>           <string>uid</string>
>           <string>mail</string>
>         </fetchedAttributes>
>
> <getAllFilter>(&amp;(sAMAccountName=*)(objectClass=user))</getAllFilter>
>
> <getOneFilter>(&amp;(objectClass=inetOrgPerson)(uid={uid}))</getOneFilter>
> </ldapDestinationService>
> <propertiesBasedSyncOptions>
>     <mainIdentifier>"cn=" + srcBean.getDatasetFirstValueById("cn") +
> ",ou=Users,ou=test,dc=yy,dc=yy"</mainIdentifier>
>     <defaultDelimiter>;</defaultDelimiter>
>     <defaultPolicy>FORCE</defaultPolicy>
>     <dataset>
>      <name>objectClass</name>
>      <policy>FORCE</policy>
>      <forceValues>
>       <string>"top";"user";"person";"organizationalPerson"</string>
>      </forceValues>
>     </dataset>
>     <dataset>
>      <name>sAMAccountName</name>
>      <policy>KEEP</policy>
>      <createValues>
>       <string>srcBean.getDatasetFirstValueById("uid")</string>
>      </createValues>
>     </dataset>
>     <dataset>
>      <!-- userPrincipalName = uid + "@lsc-project.org" -->
>       <name>userPrincipalName</name>
>      <policy>FORCE</policy>
>      <forceValues>
>       <string>srcBean.getDatasetFirstValueById("uid") + "@lsc-project.org
> "</string>
>      </forceValues>
>     </dataset>
>     <dataset>
>      <name>userAccountControl</name>
>      <policy>KEEP</policy>
>      <createValues>
>       <string>AD.userAccountControlSet( "0",
> [AD.UAC_SET_NORMAL_ACCOUNT])</string>
>      </createValues>
>     </dataset>
>     <dataset>
>      <!-- pwdLastSet = 0 to force user to change password on next
> connection -->
>      <name>pwdLastSet</name>
>      <policy>KEEP</policy>
>      <createValues>
>       <string>"0"</string>
>      </createValues>
>     </dataset>
>     <dataset>
>       <!-- unicodePwd = "changeit" at creation (requires SSL connection to
> AD) -->
>      <name>unicodePwd</name>
>      <policy>KEEP</policy>
>      <createValues>
>       <string>AD.getUnicodePwd("changeit")</string>
>      </createValues>
>     </dataset>
>  </propertiesBasedSyncOptions>
>     </task>
>   </tasks>
> </lsc>
>
>
>
>
> sample ldap user ldif
>
> dn: uid=at,ou=People,dc=xx,dc=xx
> uid: at
> cn: Service Batch jobs daemon
> sn: Service Batch jobs daemon
> objectClass: person
> objectClass: inetorgPerson
> objectClass: organizationalPerson
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> userPassword: {crypt}!
> shadowLastChange: 14265
> shadowMax: 99999
> shadowWarning: 7
> loginShell: /bin/bash
> uidNumber: 25
> gidNumber: 25
> homeDirectory: /var/spool/atjobs
> gecos: Service Batch jobs daemon
>
>
>

Hi,

use pageSize -1 in OpenLDAP connection definition.


Clément.

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to