Posts Tagged ‘lsc’

LSC Use Case: synchronize telephoneNumber from Sun LDAP to Active Directory

July 21st, 2010 1 comment

At work, we are using two directories. The first one, a damn old Sun Directory 5.2, used by the mail system and VOIP. The second directory is an Active Directory used by … everything which run on Windows. At the moment, we don’t have some Identity Provisionning products, so users are created by hand in both directories. I want to make this synchronization automatic, however since it’s a complex and dangerous thing, I want to start by synchronize few attributes. The first one is the telephoneNumber, available in the Sun Directory with format “21xxx” (the internal phone number), while the one store in active directory is the public one (014070xxx), so I need to transform the attribute before sending it in AD.

Some friends of mine start the LSC Project(LDAP Synchronization Connector) few years ago, a tool to synchronize directories! Here the configuration file I used for my use case:

Define the source = ldap://sun_hostname:389/dc=rtl,dc=fr = none = = = ignore = never = com.sun.jndi.ldap.LdapCtxFactory = 3

Define the target = ldap://ad_hostname:389/dc=activedirectory,dc=domain = simple = userwithenoughperms@activedirectory.domain = secret = ignore = never = com.sun.jndi.ldap.LdapCtxFactory = 3

Define the task to manage telephoneNumber attribute

lsc.tasks = FirstTask
lsc.tasks.FirstTask.srcService = org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.FirstTask.srcService.baseDn = ou=People
lsc.tasks.FirstTask.srcService.filterAll = (inetUserStatus=ACTIVE)
lsc.tasks.FirstTask.srcService.pivotAttrs = mail
lsc.tasks.FirstTask.srcService.filterId = (mail={mail})
lsc.tasks.FirstTask.srcService.attrs = mail telephoneNumber
lsc.tasks.FirstTask.srcService.requestNameForList = getAllPeoplePivots
lsc.tasks.FirstTask.srcService.requestNameForObject = getOnePerson
lsc.tasks.FirstTask.dstService = org.lsc.jndi.SimpleJndiDstService
lsc.tasks.FirstTask.dstService.baseDn = ou=Pole radio,dc=activedirectory,dc=domain
lsc.tasks.FirstTask.dstService.filterAll = (&(sn=*)(objectClass=inetOrgPerson))
lsc.tasks.FirstTask.dstService.pivotAttrs = mail
lsc.tasks.FirstTask.dstService.filterId = (mail={mail})
lsc.tasks.FirstTask.dstService.attrs = telephoneNumber
lsc.tasks.FirstTask.bean = org.lsc.beans.SimpleBean
lsc.tasks.FirstTask.dn = ""
lsc.syncoptions.FirstTask = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.FirstTask.default.action = K
lsc.syncoptions.FirstTask.default.delimiter = $
lsc.syncoptions.FirstTask.telephoneNumber.action = F
lsc.syncoptions.FirstTask.telephoneNumber.force_value = StringUtils.replaceFromMap(srcBean.getAttributeValueById("telephoneNumber"), "telephone.csv")

I think most of properties are self-meaning, however here some explanations about few of thems

  • default.action = K, meaning the attribute is not overriden if the value is ok
  • telephoneNumber.action = F, force the attribute to be updated
  • lsc.syncoptions.FirstTask.telephoneNumber.force_value= StringUtils.replaceFromMap(srcBean.getAttributeValueById(“telephoneNumber”), “telephone.csv”) is the code to compute the new value of the telephoneNumber attribute. In that case, I use a CSV files where I specify two fields: the pattern, and the value to replace if the pattern is found. (i.e. “^21,014070”)

Output in dryrun mode

% ./bin/lsc -n -f etc -s FirstTask
juil. 21 16:24:43 - WARN - Starting sync for FirstTask
juil. 21 16:24:43 - INFO - Connecting to LDAP server ldap://sun_hostname:389/dc=rtl,dc=fr anonymously
juil. 21 16:24:44 - INFO - Connecting to LDAP server ldap://ad_hostname:389/dc=activedirectory,dc=domain as admin@activedirectory.domain
juil. 21 16:24:44 - WARN - The method getAttributeValueById() is deprecated and will be removed in a future version of LSC. Please use getAttributeFirstValueById() instead.
juil. 21 16:24:44 - DEBUG - Update condition false. Should have modified object CN=BONFILS Bruno,OU=Users,DC=activedirectory,DC=DOMAIN
dn:: CN=BONFILS Bruno,OU=Users,DC=activedirectory,DC=DOMAIN
changetype: modify
replace: telephoneNumber
telephoneNumber: 0140704049

juil. 21 16:24:44 - INFO - All entries: 1, to modify entries: 0, modified entries: 0, errors: 0

Categories: IAM Tags: