On 12/06/2019 13:56, Matjaz Premerl wrote: > I've managed to call external script, thanks a lot. > Below is part of output, what could be send further to some command > ldapmodify. > But as I see for the changetype there is "delete". I know that this is a > delete operation, but in my case I want to achieve just "disable" the user, > even if it's deleted in the source database. > Can you please help with some idea, how to change the changetype for my case. > > Jun 12 13:47:14 - INFO - # Removing object CN=Milica > Petek,OU=Uporabniki,DC=idp,DC=local for ADUserDeactivate > # Wed Jun 12 13:47:14 CEST 2019 > dn: CN=Milica Petek,OU=Uporabniki,DC=idp,DC=local > changetype: delete > > Regards, > Matjaž
Hi, You need to write a script that extract DN and CN from input, and send some other LDIF commands to your AD to perform what you want. - to disable the account, first get the current attribute useraccountcontrol for this dn in AD (with ldapsearch), then add 2, and finally set the result back using ldapmodify dn: CN=Milica Petek,OU=Uporabniki,DC=idp,DC=local changetype: modify replace: useraccountcontrol useraccountcontrol: $useraccountcontrol - to move the account, using ldapmodify : dn: CN=Milica Petek,OU=Uporabniki,DC=idp,DC=local changetype: modrdn newRDN: cn=$cn deleteOldRDN: 1 newsuperior: ou=new,dc=example,dc=com Regards -- Soisik Froger | Software Architect [email protected] Worteks | https://www.worteks.com _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
