About

Ldap Synchronization Connector reads from any data source including databases, LDAP directories or files and transforms and compares this data to an LDAP directory. These connectors can then be used to continuously synchronize a data source to a directory, for a one shot import or just to compare differences by outputting CSV or LDIF format reports.

LSC offers a powerful transformation engine, based on a scripting language, to easily manipulate data on the fly.

Various identity management functions are included for directory-specific compatibility — most notably Active Directory (changing passwords, account status, last logon, etc …).

LSC is an open source project written in Java, available under the BSD license.

Clearly, it is not:

• a meta directory (a sort of giant spider synchronizing many systems)
• a directory to database synchronization engine

At least not yet.

Make it possible: The main goal is to provide a simple and efficient way of synchronizing any data source to a LDAP directory quickly.

Make it stable and safe: Many companies use home-grown scripts for this kind of synchronization. LSC is an open source tool, and all the bugs you might write in your scripts have been fixed already (and a few more). The code is in use worldwide and is heavily tested. Simply put, LSC is about not reinventing the wheel to synchronize data.

Make it faster and simpler: The added-value of LSC resides in the focus on identity management tools - common transformations and directory-specific behaviour come as part of the software. These functions are extensible to include your own, to integrate into your existing infrastructure. Save time, by reusing!

• Multiple source connectors: any LDAPv3 server, any database with a JDBC connector, flat files (or anything else you write a connector for)
• Support for LDAPv3 niceties and extensions: StartTLS, LDAPS, paged results, schema retrieval
• Graphical installation tool (use is optional)
• Fully configurable through plain text configuration files
• Written in Java, leveraging the ecosystem of available tools
• Simple wrapper shell scripts are provided, to ease use and system integration
• Runs on any Java-enabled platform - tested on Windows, Linux and MacOS X
• Simple attribute mapping from source to destination
• Three policies to update attributes, including forcing values, non-destructive updates and merging
• Advanced attribute manipulation via a built-in JavaScript engine
• Predefined libraries for use in JavaScript attribute manipulation:
  • LDAP server tools: standard bind operation can be checked on any LDAPv3 server
  • Active Directory tools: password update (unicodePwd attribute), account type and status manipulation (userAccountControl), unused account detection (lastLogonTimestamp)
  • String manipulation: formatting for common tasks in identity management, such as capitalizing first letters in a complex name, filtering accents for login names, etc …
  • Security tools: password hashing, bi-directional encryption
• Conditions to only create, update, rename or delete entries depending on current values
• Detailed and configurable logging in LDIF (fully RFC-compliant) and CSV formats
• Monitoring plugin for Nagios
• Possibility to extend any Java class to implement your own specific synchronization needs

The basic principles LSC was created for, with regard to synchronizing identities are as follows.

Two levels of identity information can be distinguished:

1. A person's identity: this is the existence of an individual, frequently assimilated to an account (equivalent to an object in a LDAP directory).
2. The information defining a person's identity: these are the various details concerning one person, for example their name, address and phone numbers (equivalent to attributes within an object in a LDAP directory).

Matching source and destination entries requires a common piece of information. In LSC we call this the pivot.

The pivot can be one or several attributes, that form a unique combinaison (similar to a primary key in a database). Commonly used pivots are UIDs and email adresses.

When reconciliating two identity repositories, three operations are possible for each individual identity:

1. Create: If the identity exists in only one repository, it may be created in the other. In this case all information within the identity originates from the repository containing the identity, or from default values specified on a general basis.
2. Update: If the identity exists in both repositories, the information within must be updated, thus synchronizing each element from one repository towards the other. Different repositories may have precedence over different elements of information.
3. Delete: If the identity exists in only one repository, it may be deleted in the other. In this case, the identity and all information within is completely removed.

Here is what Ohloh thinks about LSC:

We keep a list of successful installations that we know about. Please let us know of any more by emailing the dev list.

Find out who's behind the project. In case this list is out of date, remember there's no better way of finding out who's doing what than reading the mailing lists!