|
|
|
### XML
|
|
|
|
|
|
|
|
Un exemple de configuration en XML
|
|
|
|
|
|
|
|
```xml
|
|
|
|
<?xml version="1.0" ?>
|
|
|
|
<lsc xmlns="http://lsc-project.org/XSD/lsc-core-2.1.xsd" revision="0">
|
|
|
|
|
|
|
|
<connections>
|
|
|
|
<!-- OpenLDAP connection -->
|
|
|
|
<ldapConnection>
|
|
|
|
<name>openldap</name>
|
|
|
|
<url>ldap://192.168.56.103/dc=nodomain</url>
|
|
|
|
<username>cn=admin,dc=nodomain</username>
|
|
|
|
<password>tester</password>
|
|
|
|
<authentication>SIMPLE</authentication>
|
|
|
|
<referral>IGNORE</referral>
|
|
|
|
<derefAliases>NEVER</derefAliases>
|
|
|
|
<version>VERSION_3</version>
|
|
|
|
<pageSize>-1</pageSize>
|
|
|
|
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
|
|
|
|
<tlsActivated>false</tlsActivated>
|
|
|
|
</ldapConnection>
|
|
|
|
<!-- AD connection -->
|
|
|
|
<ldapConnection>
|
|
|
|
<name>ad</name>
|
|
|
|
<url>ldaps://dc.test.opensides.be/DC=test,DC=opensides,DC=be</url>
|
|
|
|
<username>administrator@test.opensides.be</username>
|
|
|
|
<password>jonathan0#</password>
|
|
|
|
<authentication>SIMPLE</authentication>
|
|
|
|
<pageSize>1000</pageSize>
|
|
|
|
</ldapConnection>
|
|
|
|
</connections>
|
|
|
|
|
|
|
|
<audits>
|
|
|
|
<csvAudit>
|
|
|
|
<name>csv</name>
|
|
|
|
<append>true</append>
|
|
|
|
<operations>create, delete</operations>
|
|
|
|
<file>/tmp/dump.csv</file>
|
|
|
|
<datasets>cn, dn</datasets>
|
|
|
|
<separator>,</separator>
|
|
|
|
</csvAudit>
|
|
|
|
</audits>
|
|
|
|
|
|
|
|
<tasks>
|
|
|
|
<task>
|
|
|
|
<name>samba4</name>
|
|
|
|
<bean>org.lsc.beans.SimpleBean</bean>
|
|
|
|
<ldapSourceService>
|
|
|
|
<name>openldap-source-service</name>
|
|
|
|
<connection reference="openldap" />
|
|
|
|
<baseDn>ou=people,dc=nodomain</baseDn>
|
|
|
|
<pivotAttributes>
|
|
|
|
<string>uid</string>
|
|
|
|
</pivotAttributes>
|
|
|
|
<fetchedAttributes>
|
|
|
|
<string>cn</string>
|
|
|
|
<string>givenName</string>
|
|
|
|
<string>sn</string>
|
|
|
|
<string>userPassword</string>
|
|
|
|
<string>uid</string>
|
|
|
|
</fetchedAttributes>
|
|
|
|
<getAllFilter>(&(objectClass=sambaSamAccount)(uid=_UID_))</getAllFilter>
|
|
|
|
<getOneFilter>(&(objectClass=sambaSamAccount)(uid={uid}))</getOneFilter>
|
|
|
|
<cleanFilter>(&(objectClass=sambaSamAccount)(uid=_UID_))</cleanFilter>
|
|
|
|
</ldapSourceService>
|
|
|
|
|
|
|
|
<ldapDestinationService>
|
|
|
|
<name>ad-dst-service</name>
|
|
|
|
<connection reference="ad" />
|
|
|
|
<baseDn>CN=Users,DC=test,DC=opensides,DC=be</baseDn>
|
|
|
|
<pivotAttributes>
|
|
|
|
<string>sAMAccountName</string>
|
|
|
|
</pivotAttributes>
|
|
|
|
<fetchedAttributes>
|
|
|
|
<string>cn</string>
|
|
|
|
<string>givenName</string>
|
|
|
|
<string>objectclass</string>
|
|
|
|
<string>pwdLastSet</string>
|
|
|
|
<string>sAMAccountName</string>
|
|
|
|
<string>sn</string>
|
|
|
|
<string>userPrincipalName</string>
|
|
|
|
<string>unicodePwd</string>
|
|
|
|
<string>userAccountControl</string>
|
|
|
|
</fetchedAttributes>
|
|
|
|
<getAllFilter><![CDATA[(&(objectClass=user)(sAMAccountName=_UID_))]]></getAllFilter>
|
|
|
|
<getOneFilter><![CDATA[(&(objectClass=user)(sAMAccountName={uid}))]]></getOneFilter>
|
|
|
|
</ldapDestinationService>
|
|
|
|
|
|
|
|
<propertiesBasedSyncOptions>
|
|
|
|
<mainIdentifier>"CN=" + srcBean.getDatasetFirstValueById("uid") + ",CN=Users,DC=test,DC=opensides,DC=be"</mainIdentifier>
|
|
|
|
<defaultDelimiter>;</defaultDelimiter>
|
|
|
|
<defaultPolicy>FORCE</defaultPolicy>
|
|
|
|
<conditions>
|
|
|
|
<create>true</create>
|
|
|
|
<update>true</update>
|
|
|
|
<delete>true</delete>
|
|
|
|
<changeId>false</changeId>
|
|
|
|
</conditions>
|
|
|
|
<dataset>
|
|
|
|
<name>objectclass</name>
|
|
|
|
<policy>KEEP</policy>
|
|
|
|
<createValues>
|
|
|
|
<string>"user"</string>
|
|
|
|
<string>"organizationalPerson"</string>
|
|
|
|
<string>"person"</string>
|
|
|
|
<string>"top"</string>
|
|
|
|
</createValues>
|
|
|
|
</dataset>
|
|
|
|
<dataset>
|
|
|
|
<name>sAMAccountName</name>
|
|
|
|
<policy>KEEP</policy>
|
|
|
|
<createValues>
|
|
|
|
<string>srcBean.getDatasetFirstValueById("uid")</string>
|
|
|
|
</createValues>
|
|
|
|
</dataset>
|
|
|
|
<dataset>
|
|
|
|
<name>userPrincipalName</name>
|
|
|
|
<policy>FORCE</policy>
|
|
|
|
<forceValues>
|
|
|
|
<string>srcBean.getDatasetFirstValueById("uid") + "@test.opensides.be"</string>
|
|
|
|
</forceValues>
|
|
|
|
</dataset>
|
|
|
|
<dataset>
|
|
|
|
<name>cn</name>
|
|
|
|
<policy>FORCE</policy>
|
|
|
|
<forceValues>
|
|
|
|
<string>srcBean.getDatasetFirstValueById("uid")</string>
|
|
|
|
</forceValues>
|
|
|
|
</dataset>
|
|
|
|
<dataset>
|
|
|
|
<name>userAccountControl</name>
|
|
|
|
<policy>KEEP</policy>
|
|
|
|
<createValues>
|
|
|
|
<string>AD.userAccountControlSet("0", [AD.UAC_SET_NORMAL_ACCOUNT])</string>
|
|
|
|
</createValues>
|
|
|
|
</dataset>
|
|
|
|
<dataset>
|
|
|
|
<name>pwdLastSet</name>
|
|
|
|
<policy>KEEP</policy>
|
|
|
|
<createValues>
|
|
|
|
<string>"-1"</string>
|
|
|
|
</createValues>
|
|
|
|
</dataset>
|
|
|
|
<dataset>
|
|
|
|
<name>unicodePwd</name>
|
|
|
|
<policy>FORCE</policy>
|
|
|
|
<createValues>
|
|
|
|
<string>AD.getUnicodePwd("_USERPASSWORD_")</string>
|
|
|
|
</createValues>
|
|
|
|
</dataset>
|
|
|
|
</propertiesBasedSyncOptions>
|
|
|
|
</task>
|
|
|
|
</tasks>
|
|
|
|
|
|
|
|
<security>
|
|
|
|
<encryption>
|
|
|
|
<keyfile>etc/lsc.key</keyfile>
|
|
|
|
<algorithm>AES</algorithm>
|
|
|
|
<strength>128</strength>
|
|
|
|
</encryption>
|
|
|
|
</security>
|
|
|
|
</lsc>
|
|
|
|
```
|
|
|
|
|
|
|
|
### Backend LDAP
|
|
|
|
|
|
|
|
#### Connections OpenLDAP
|
|
|
|
|
|
|
|
La partie connections peut être rataché aux différents services qu'on à dans FD car on aura déjà les informations nécessaire
|
|
|
|
|
|
|
|
* nom arbitraire (dn du service)
|
|
|
|
* ldapConnection: on peut se baser sur le fait que c'est un service LDAP (donc ldapConnection)
|
|
|
|
* url : goLdapURI + '/' + goLdapBase
|
|
|
|
* username : objet dans les DSA car c'est une lecture dans le LDAP
|
|
|
|
* password : ecriture directement
|
|
|
|
* authentication : liste déroulante des différents choix
|
|
|
|
* referral : liste déroulante
|
|
|
|
* derefAliases : goLdapDeref
|
|
|
|
* version : ecriture a la main
|
|
|
|
* pageSize : ecriture a la main
|
|
|
|
* factory : liste déroulante
|
|
|
|
* tlsActivated : on peut se basé soit sur goLdapURI ou alors si on a les attributs (key, ca, cert)
|
|
|
|
|
|
|
|
On pourrait également passé authentification, referral et version dans le service LDAP pour plus de facilité
|
|
|
|
|
|
|
|
#### Connections AD
|
|
|
|
|
|
|
|
* Ce qui change, c'est le pagesize mais il peut être adapté manuellement.
|
|
|
|
* La partie du username peut être écrite sous la forme de DN `CN=FusionDirectory.O,OU=Users FusionDirectory,DC=local` mais il faudrait voir si on pourrait pas proposer une remplissage manuel si le serveur LDAP n'est pas un de ceux gerer par FD car ça ne fait pas vraiment sens de créer le DSA dans ce cas la
|
|
|
|
|
|
|
|
### Audit est optionnel (à vérifier)
|
|
|
|
|
|
|
|
### Tâches
|
|
|
|
|
|
|
|
On créer des entrée "lscTask" qu'on pourra ajouter dans un objet "lscConfig"
|
|
|
|
|
|
|
|
Une tâche contient différent noeud
|
|
|
|
|
|
|
|
* Service source
|
|
|
|
* Service destination
|
|
|
|
* propertiesBasedSyncOptions |
|
|
|
\ No newline at end of file |