If you can't read please download the document
Upload
oudot-clement
View
12.101
Download
12
Embed Size (px)
Citation preview
2.
3. The LSC project 4. Active Directory specificities 5. Advanced LDAP functionalities 6. Demonstration Table of contents 7.
8. Having just Open Source in our information system is dream 9. But drive Active Directory from OpenLDAP is now a reality, thanks to LSC project Introduction 10. The LSC project
11. BSD licence 12. Java 13. LDAP provisioning from databases, flat files and LDAP directories 14. Extended functions for Active Directory 15. LDAP Query Language (LQL) 16. Overview 17. Input
18. SQL (JDBC) Three inputs:
19. Databases (SQL queries) 20. CSV files (injected in local HSQLDB) 21. LSC engine 22. Create a connector
23. Run maven to get dependencies 24. Run the code generation wizard 25. Configure your rules in lsc.properties 26. LDAP connection
27. Paged search result 28. Recursive delete 29. All JNDI options:
30. Aliases dereferencing 31. Extended matching filters src.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory src.java.naming.ldap.derefAliases = never src.java.naming.ldap.version = 3 src.java.naming.provider.url = ldap://localhost/dc=example,dc=com src.java.naming.referral = ignore src.java.naming.security.authentication = simple src.java.naming.security.principal = cn=admin,dc=example,dc=com src.java.naming.security.credentials = secret Example 32. Definition of a task
33. Task type (db2ldap or ldap2ldap) 34. Bean for destination (dstBean) 35. Object for source (mapped in srcBean) 36. DN template 37. Conditions for create/delete/modify/modrdn 38. For source and destination:
39. Filter (All and and Id) 40. Attributes 41. Pivot attributes 42. Definition of a task lsc.tasks = user lsc.tasks.user.type = ldap2ldap lsc.tasks.user.bean = org.lsc.beans.userBean lsc.tasks.user.object = org.lsc.objects.inetOrgPerson lsc.tasks.user.dn = "cn=" + srcBean.getAttributeValueById("cn") + ",ou=users" lsc.tasks.user.srcService = org.lsc.jndi.SimpleJndiSrcService lsc.tasks.user.srcService.attrs = uid cn sn givenName mail o lsc.tasks.user.srcService.baseDn = ou=users lsc.tasks.user.srcService.filterAll = (objectClass=inetOrgPerson) lsc.tasks.user.srcService.filterId = (&(objectClass=inetOrgPerson)(|(uid={samaccountname})(uid={uid}))) lsc.tasks.user.srcService.pivotAttrs = uid lsc.tasks.user.dstService = org.lsc.jndi.SimpleJndiDstService lsc.tasks.user.dstService.attrs = cn sn givenName mail company objectClass sAMAccountNamelsc.tasks.user.dstService.baseDn = ou=users lsc.tasks.user.dstService.filterAll = (objectClass=user) lsc.tasks.user.dstService.filterId = (&(objectClass=user)(|(sAMAccountName={uid})(sAMAccountName={samaccountname}))) lsc.tasks.user.dstService.pivotAttrs = sAMAccountName Example 43. Synchronization options
44. Value modification type: Create/Default/Force 45. SrcBean and dstBean methods:
46. getAttributeValueById Multi-valued attributes with configurable delimiter (';' by default) 47. Rhino Javascript engine 48. Synchronization options lsc.syncoptions.user = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions lsc.syncoptions.user.default.action = F lsc.syncoptions.user.company.force_value = srcBean.getAttributeValueById("o") lsc.syncoptions.user.name.force_value = srcBean.getAttributeValueById("cn") lsc.syncoptions.user.displayName.force_value = srcBean.getAttributeValueById("cn") lsc.syncoptions.user.objectClass.force_value = "top";"user";"person";"organizationalPerson" lsc.syncoptions.user.sAMAccountName.create_value = srcBean.getAttributeValueById("uid") lsc.syncoptions.user.userPrincipalName.create_value = srcBean.getAttributeValueById("uid") + "@example.com" lsc.syncoptions.user.scriptPath.create_value = "demo.bat" Example 49. Active Directory
50. UserAccountControl:
51. userAccountControlCheck 52. userAccountControlTooglePassword:
LastLogon:
53. LDAP Query Language
54. Special functions:
55. search(base, filter) 56. list(base, filter) 57. read(base, filter) 58. sup(DN, level) lsc.syncoptions.user.givenName.force_value =srcLdap.attribute( srcLdap.list( "ou=services", "uniqueMember=" + srcBean.getDistinguishName() + "" ), 'description').get(0) Example 59. See also
60. LDAP Tool Box project :
61. OpenLDAP RPM 62. LDAP scripts 63. Web application for user to change their password (OpenLDAP and Active Directory) 64. http://ltb-project.org 65. Thank you for your attention Visit us at our stand 107 - hall 7.2b