[lsc-users] After renaming openLDAP groups the groups in the AD are rewritten ccompletely at every sync

cain at gmx.at cain at gmx.at
Fri Sep 16 15:46:35 CEST 2011


Hello,

after solving the last mystery i have another issue that i do not
understand;

i sync groups from an opneldap to ad. From one OU to another OU

While it worked fine before, i now had to change a lot of the group names on
the open ldap. and now he synchronises the groups every time into the ad
when i start lsc. I find this very irritating and i do not understand it.
Why was it ok before and now it is not?

Although it does not seem to cause problems i would rather not have that
behaviour.

Below my script:

#############
### Group ###
#############

lsc.tasks.group.bean = org.lsc.beans.SimpleBean

# Source
lsc.tasks.group.srcService = org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.group.srcService.attrs = cn description member
lsc.tasks.group.srcService.baseDn = ou=groups
lsc.tasks.group.srcService.filterAll = (objectClass=groupOfNames)
lsc.tasks.group.srcService.filterId =
(&(objectClass=groupOfNames)(description={description}))
lsc.tasks.group.srcService.pivotAttrs = description
# Destination
lsc.tasks.group.dstService = org.lsc.jndi.SimpleJndiDstService
lsc.tasks.group.dstService.attrs = cn description member objectClass
sAMAccountName
lsc.tasks.group.dstService.baseDn = ou=badorg
lsc.tasks.group.dstService.filterAll = (objectClass=group)
lsc.tasks.group.dstService.filterId =
(&(objectClass=group)(description={description}))
lsc.tasks.group.dstService.pivotAttrs = description
lsc.tasks.group.dn = "cn=" + srcBean.getAttributeValueById("cn") +
",OU=groups"

#############
### Group ###
#############

lsc.syncoptions.group = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.group.default.action = F

# Direct link - no need to specify syncoptions
# cn <- cn
# description <- description

# sAMAccountName <- cn
lsc.syncoptions.group.sAMAccountName.create_value =
srcBean.getAttributeValueById("cn")

# objectClass <- top/group
lsc.syncoptions.group.objectClass.force_value = "top";"group"

# member to AD <- member from OpenLDAP (groupOfNames)
# The line "lsc.syncoptions.group.member.force_value" helps to find the
corresponding groupmembers in AD
# 1. Find memberUid value of the user entry on source directory (OpenLDAP)
# 2. Search corresponding entry in destination directory (AD) with the
filter (sAMAccountName=$memberUid)
# 3. Find DN of the found entry in destination directory (AD)
# 4. Check if this value is not null and push it in member values

# member(AD) <- member(openLDAP) Users
lsc.syncoptions.group.member.delimiter = $
lsc.syncoptions.group.member.force_value = var umembers =
srcBean.getAttributeValuesById("member").toArray() ; for (var i=0;
i<umembers.length; i++ ) { try { umembers[i] = ldap.attribute(ldap.list(
"ou=users", "(sAMAccountName=" + (srcLdap.attribute(umembers[i],
'uid').get(0) + ")")).get(0), 'distinguishedname').get(0) } catch (e) {
umembers[i]=null }} var members = new Array(); var j=0; for (var i=0;
i<umembers.length; i++) { if (umembers[i]!=null) members[j++]=umembers[i] }
members
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lsc-project.org/pipermail/lsc-users/attachments/20110916/892ccbb6/attachment.htm>


More information about the lsc-users mailing list