[lsc-changes] [Ldap Synchronization Connector (LSC)] page changed: documentation:tutorials:synchronizegroups

webmaster at lsc-project.org webmaster at lsc-project.org
Fri Jul 3 11:01:16 CEST 2009


A page in your DokuWiki was added or changed. Here are the details:

Date        : 2009/07/03 11:01
Browser     : Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11
IP-Address  : 90.53.219.60
Hostname    : ALyon-751-1-32-60.w90-53.abo.wanadoo.fr
Old Revision: http://lsc-project.org/wiki/documentation/tutorials/synchronizegroups?rev=1246533548
New Revision: http://lsc-project.org/wiki/documentation/tutorials/synchronizegroups
Edit Summary: 
User        : coudot

@@ -1,21 +1,21 @@
  ====== Group membership synchronization ======
  
  ===== Presentation =====
  
- LSC can help you to synchronize groups from one directory to another. The problematics is that most of the time, group membership is managed by DN (that means the DN of the users are the values of the membre attribute of the group entry). Of course user DN is not the same in the source directory and in the destination directory: so we have to map each user DN for each membership value.
+ LSC can help you to synchronize groups from one directory to another. The problem is that most of the time, group membership is managed by DN (that means the DN of the users are the values of the member attribute of the group entry). Of course user DN is not the same in the source directory and in the destination directory: so we have to map each user DN for each membership value.
  
  The major real use case is to synchronize groups from OpenLDAP to Active Directory. This tutorial describe it.
  
  ===== LSC requirement =====
  
  We will use groupOfUniqueNames as source object and group as destination object, so you have to run LSC wizard to get:
- * org.lsc.objects.groupOfUniqueNames
- * org.lsc.beans.groupBean
+   * org.lsc.objects.groupOfUniqueNames
+   * org.lsc.beans.groupBean
  
  The connector will be "ldap2ldap".
  
- You should have a first task that synchronize users from OpenLDAP to AD, in ordre to make the DN mapping works. [[documentation:tutorials:openldaptoactivedirectory|See this tutorial to achieve this.]]
+ You should have a first task that synchronize users from OpenLDAP to AD, in order to make the DN mapping works. [[documentation:tutorials:openldaptoactivedirectory|See this tutorial to achieve this]].
  
  So we will create a second task in the connector to manage groups.
  
  ===== LSC configuration =====
@@ -58,13 +58,13 @@
  lsc.tasks.group.dstService.pivotAttrs = cn
  </file>
  
  Now we add syncoptions to manage the member attribute. What we want is:
- * For each uniqueMember value (which is a user DN) of the srcBean entry:
-   * Find uid value of the user entry on source directory
-   * Search corresponding entry in destination directory with the filter (sAMAccountName=$uid)
-   * Find DN of the found entry in destination directory
-   * Check if this value is not null and push it in member values
+   * For each uniqueMember value (which is a user DN) of the srcBean entry:
+     * Find uid value of the user entry on source directory
+     * Search corresponding entry in destination directory with the filter (sAMAccountName=$uid)
+     * Find DN of the found entry in destination directory
+     * Check if this value is not null and push it in member values
  
  We must use LQL to do that (see [[http://lsc-project.org/apidocs/org/lsc/jndi/ScriptableJndiServices.html|ScriptableJndiServices javadoc]]). ANd as we will use some javascript code, we must change the default delimiter (which is ';').
  
  Here is the correct syntax:
@@ -90,4 +90,5 @@
    ")")).get(0), 'distinguishedname').get(0) } catch (e) {umembers[s]=null} } \
    var members = new Array(); var j=0; for (var i=0; i<umembers.length; i++) \
    { if (umembers[i]!=null) members[j++]=umembers[i] } members
  </file>
+ 



-- 
This mail was generated by DokuWiki at
http://lsc-project.org/wiki/



More information about the lsc-changes mailing list