[lsc-users] OU sync

Soisik Froger soisik.froger at savoirfairelinux.com
Fri Jan 12 11:42:41 CET 2018


On 12/01/2018 09:30, Thorn, Colin wrote:
> Hello,
> 
> I have a question regarding the sync of OUs.
> 
> Currently I have a OU I sync called External. In this OU some Users were, which I did not want to sync, so I moved them into a OU called Partner one level lower.
> 
> The structure looks somewhat like this.
> Server
> 
>              Users
> 
>                          Employees
> 
>                                     External
> 
>                                                 Partner
> 
> When syncing the OU External it sync all Users from External and Partner. Users of both OUs are put on the destination Server into the OU External.
> 
> Is there a possibility to stop this from happening. I only want the Users in External to be synced.
> 
> Moving the OU Partner onto the same level as External is unfortunately not an option.
> 
> Extract of my lsc.xml:
> 
>        <ldapDestinationService>
> 
>          <name>OpenLDAP-dst</name>
> 
>          <connection reference="projectLDAP" />
> 
>          <baseDn>ou=External,ou=Employees,ou=Users,dc=ldap,dc=local</baseDn>
> 
> Kind Regards,
> 
> Colin Thorn
> 

Hi,

Depending on the kind of ldap source directory you are using, you could try to exclude this lower OU in your LSC getAllFilter attribute using wildcard expression. See https://stackoverflow.com/questions/1101144/ldap-using-a-filter-to-avoid-a-sub-ou-in-active-directory.

If your ldap source directory is an AD, it will be more tricky. This response from above thread  (https://stackoverflow.com/a/7050535) suggest adding an attribute "ou" within each user entry in your AD so you can use them in your filter to exclude people from ou=partner or restrict to ou=external, I think it should work if you can get your AD to populate this attribute.

--
Soisik


More information about the lsc-users mailing list