Differences

This shows you the differences between two versions of the page.

--- docpublic:systemes:ldap:ldap_lsc [2015/11/29 11:15]
procacci@tem-tsp.eu [Scenario ldap to ldap]
+++ docpublic:systemes:ldap:ldap_lsc [2015/12/01 15:43] (current)
procacci@tem-tsp.eu [suppression]
@@ Line 95: / Line 95: @@
 </code>
-a suivre ... plus bas
+a suivre [[.:ldap_lsc&#config_lsc_synchro_ldap2ldap|ldap2ldap lsc config plus bas ]]
 ==== installation openldap-servers ====
@@ Line 240: / Line 240: @@
 </code>
+===== Config LSC synchro ldap2ldap =====
+le principe ici est de synchroniser des annuaires ldap vers un annuaire mutualisé assurant la fusion des annuaires d'etablissements dans des sous branches propres a l'etablissement .
+Ici , on fait une exclusion des objectclass et attributs non indispensables a un annuaire pages blanches via le <dataset> objectclass :
+<code>
+[root@lscimt ldapevry2ldapimt]# cat lsc.xml
+<?xml version="1.0" ?>
+<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd" revision="0">
+  <connections>
+    <ldapConnection>
+      <name>tem-tsp</name>
+      <url>ldap://ldapze.int.fr:389/dc=int,dc=fr</url>
+      <username>cn=adm,dc=int,dc=fr</username>
+      <password>secret</password>
+      <authentication>SIMPLE</authentication>
+      <referral>IGNORE</referral>
+      <derefAliases>NEVER</derefAliases>
+      <version>VERSION_3</version>
+      <pageSize>-1</pageSize>
+      <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
+      <tlsActivated>false</tlsActivated>
+    </ldapConnection>
+    <ldapConnection>
+      <name>mines-telecom</name>
+      <url>ldap://127.0.0.1:389/dc=mines-telecom,dc=fr</url>
+      <username>cn=adm,dc=mines-telecom,dc=fr</username>
+      <password>secret</password>
+      <authentication>SIMPLE</authentication>
+      <referral>THROW</referral>
+      <derefAliases>NEVER</derefAliases>
+      <version>VERSION_3</version>
+      <pageSize>-1</pageSize>
+      <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
+      <tlsActivated>false</tlsActivated>
+    </ldapConnection>
+  </connections>
+  <tasks>
+    <task>
+      <name>user</name>
+      <bean>org.lsc.beans.SimpleBean</bean>
+       <ldapSourceService>
+        <name>user-source-service</name>
+        <connection reference="tem-tsp" />
+        <baseDn>ou=people,dc=int,dc=fr</baseDn>
+        <pivotAttributes>
+          <string>cn</string>
+        </pivotAttributes>
+        <fetchedAttributes>
+          <string>cn</string>
+          <string>mail</string>
+          <string>sn</string>
+          <string>departmentNumber</string>
+          <string>employeeType</string>
+          <string>givenName</string>
+          <string>telephoneNumber</string>
+        </fetchedAttributes>
+        <getAllFilter><![CDATA[(&(cn=*)(objectClass=inetOrgPerson)(uid=martin*))]]></getAllFilter>
+        <getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(cn={cn}))]]></getOneFilter>
+        <cleanFilter><![CDATA[(&(objectClass=inetOrgPerson)(cn={cn}))]]></cleanFilter>
+    </ldapSourceService>
+    <ldapDestinationService>
+        <name>user-dest-service</name>
+        <connection reference="mines-telecom" />
+        <baseDn>ou=evry,ou=people,dc=mines-telecom,dc=fr</baseDn>
+        <pivotAttributes>
+          <string>cn</string>
+        </pivotAttributes>
+        <fetchedAttributes>
+          <string>cn</string>
+          <string>objectClass</string>
+          <string>mail</string>
+          <string>sn</string>
+          <string>departmentNumber</string>
+          <string>employeeType</string>
+          <string>givenName</string>
+          <string>telephoneNumber</string>
+        </fetchedAttributes>
+        <getAllFilter><![CDATA[(&(cn=*)(objectClass=inetOrgPerson))]]></getAllFilter>
+        <getOneFilter><![CDATA[(&(objectClass=inetOrgPerson)(cn={cn}))]]></getOneFilter>
+    </ldapDestinationService>
+      <propertiesBasedSyncOptions>
+        <mainIdentifier>js:"cn=" + javax.naming.ldap.Rdn.escapeValue(srcBean.getDatasetFirstValueById("cn")) + ",ou=evry,ou=people,dc=mines-telecom,dc=fr"</mainIdentifier>
+        <defaultDelimiter>;</defaultDelimiter>
+        <defaultPolicy>FORCE</defaultPolicy>
+        <conditions>
+          <create>true</create>
+          <update>true</update>
+          <delete>true</delete>
+          <changeId>true</changeId>
+        </conditions>
+         <dataset>
+          <name>objectclass</name>
+          <policy>KEEP</policy>
+          <createValues>
+            <string>"inetOrgPerson"</string>
+            <string>"organizationalPerson"</string>
+            <string>"person"</string>
+            <string>"top"</string>
+          </createValues>
+        </dataset>
+      </propertiesBasedSyncOptions>
+    </task>
+  </tasks>
+</lsc>
+</code>
+===== synchro =====
+<code>
+[root@lsc ldapevry2ldapimt]# lsc -s user --config /etc/lsc/ldapevry2ldapimt/
+:41:14,248 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT find resource [logback-test.xml]
+:41:14,248 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Found resource [logback.xml] at [file:/etc/lsc/ldapevry2ldapimt/logback.xml]
+:41:14,249 |-WARN in ch.qos.logback.classic.LoggerContext[default] - Resource [logback.xml] occurs multiple times on the classpath.
+:41:14,249 |-WARN in ch.qos.logback.classic.LoggerContext[default] - Resource [logback.xml] occurs at [file:/etc/lsc/ldapevry2ldapimt/logback.xml]
+:41:14,249 |-WARN in ch.qos.logback.classic.LoggerContext[default] - Resource [logback.xml] occurs at [jar:file:/usr/lib/lsc/lsc-core-2.1.3.jar!/logback.xml]
+nov. 30 11:41:14 - INFO  - Reflections took 105 ms to scan 1 urls, producing 55 keys and 115 values
+nov. 30 11:41:15 - INFO  - Logging configuration successfully loaded from /etc/lsc/ldapevry2ldapimt/logback.xml
+nov. 30 11:41:15 - INFO  - LSC configuration successfully loaded from /etc/lsc/ldapevry2ldapimt/
+nov. 30 11:41:15 - INFO  - Connecting to LDAP server ldap://127.0.0.1:389/dc=mines-telecom,dc=fr as cn=adm,dc=mines-telecom,dc=fr
+nov. 30 11:41:15 - INFO  - Connecting to LDAP server ldap://ldapze.int.fr:389/dc=int-evry,dc=fr as cn=adm,dc=int,dc=fr
+nov. 30 11:41:15 - INFO  - Starting sync for user
+nov. 30 11:41:15 - INFO  - # Adding new object cn=Guy BERNARD,ou=evry,ou=people,dc=mines-telecom,dc=fr for user
+# Mon Nov 30 11:41:15 CET 2015
+dn: cn=Jacques MARTIN,ou=evry,ou=people,dc=mines-telecom,dc=fr
+changetype: add
+employeeType:: UHJvZmVzc2V1ciBpbnZpdMOp
+mail: jacques.martin@tem-tsp.eu
+sn: MARTIN
+departmentNumber: INFO
+cn: Jacques MARTIN
+telephoneNumber: +33161764567
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+givenName: Jacques
+nov. 30 11:41:15 - INFO  - All entries: 5, to modify entries: 5, successfully modified entries: 5, errors: 0
+</code>
+==== modification d'attributs ====
+il est possible de modifier à la volée des valeurs d'attribut pour les rendre conforme a une syntaxte et nomenclature commune .
+Exemple d'ajout d'un dataset qui modifie lors de la synchro la valeur d'attribut departmentNumber ,
+ici si à la source departmentNumber contient MCI alors le transformer en DSI :
+<code>
+ <dataset>
+          <name>departmentNumber</name>
+          <policy>FORCE</policy>
+          <forceValues>
+            <string><![CDATA[js:
+                var department = srcBean.getDatasetFirstValueById("departmentNumber");
+                if ( department == "MCI" ) { department = "DSI"; }
+                department;
+            ]]></string>
+          </forceValues>
+       </dataset>
+</code>
+log associés a cette synchro
+<code>
+nov. 30 14:45:17 - INFO  - # Updating object cn=Jacques MARTIN,ou=evry,ou=people,dc=mines-telecom,dc=fr for user
+nov. 30 14:45:17 - INFO  - # Updating object cn=Albert MARTIN,ou=evry,ou=people,dc=mines-telecom,dc=fr for user
+# Mon Nov 30 14:45:17 CET 2015
+dn: cn=Jacques MARTIN,ou=evry,ou=people,dc=mines-telecom,dc=fr
+changetype: modify
+replace: departmentNumber
+departmentNumber: DSI
+-
+# Mon Nov 30 14:45:17 CET 2015
+dn: cn=Albert MARTIN,ou=evry,ou=people,dc=mines-telecom,dc=fr
+changetype: modify
+replace: departmentNumber
+departmentNumber: DSI
+-
+nov. 30 14:45:17 - INFO  - All entries: 5, to modify entries: 2, successfully modified entries: 2, errors: 0
+</code>
+===== suppression =====
+pour supprimer un compte il faut ajouter l'option
+<code>
+-c,--clean <arg>                      Cleaning type (one of the available
+                                       tasks or 'all')
+</code>
+et aussi s'assurer qu'il n'y a pas zero entrée dans la source , autrement lsc par sécurité ne supprime rien .
+<code>
+déc. 01 14:29:00 - INFO  - Starting sync for user
+déc. 01 14:29:00 - ERROR - Empty or non existant source (no IDs found)
+</code>
+voici l'exemple de suppression d'une entrée à la source .
+<code>
+[root@lsc ldap2ldapmintel]# lsc -s user -c user --config /etc/lsc/ldap2ldapmintel/
+...
+déc. 01 15:21:52 - INFO  - Reflections took 104 ms to scan 1 urls, producing 55 keys and 115 values
+déc. 01 15:21:52 - INFO  - Logging configuration successfully loaded from /etc/lsc/ldap2ldapmintel/logback.xml
+déc. 01 15:21:52 - INFO  - LSC configuration successfully loaded from /etc/lsc/ldap2ldapmintel/
+déc. 01 15:21:52 - INFO  - Connecting to LDAP server ldap://127.0.0.1:389/dc=mines-telecom,dc=fr as cn=adm,dc=mines-telecom,dc=fr
+déc. 01 15:21:52 - INFO  - Connecting to LDAP server ldap://ldap4.tem-tsp.eu:389/dc=int-evry,dc=fr as cn=adm,dc=int,dc=fr
+déc. 01 15:21:52 - INFO  - Starting sync for user
+déc. 01 15:21:52 - ERROR - Empty or non existant source (no IDs found)
+déc. 01 15:21:52 - INFO  - Starting clean for user
+déc. 01 15:21:52 - INFO  - # Removing object cn=Jacques MARTIN,ou=evry,ou=people,dc=mines-telecom,dc=fr for user
+# Tue Dec 01 15:21:52 CET 2015
+dn: cn=Jacques MARTIN,ou=evry,ou=people,dc=mines-telecom,dc=fr
+changetype: delete
+déc. 01 15:21:52 - INFO  - All entries: 6, to modify entries: 1, successfully modified entries: 1, errors: 0
+</code>

docpublic/systemes/ldap/ldap_lsc.1448795740.txt.gz · Last modified: 2015/11/29 11:15 by procacci@tem-tsp.eu

Show page Old revisions

[unknown link type]Back to top