General service options

These are global configuration options to define the source and destination services. You must replace the term X in option label by src to configure source service, or dst to configure destination service. When you see XService this means srcService or dstService.

Initial context factory to use for data abstraction layer. You could specify the value com.sun.jndi.ldap.LdapCtxFactory. It should be the same value for both LDAP source and destination services.

Version of the LDAP protocol to use to connect to the LDAP server. 3 is recommended.

URI LDAP to connect to. Specifying the search base in the URI is mandatory.

Example:

dst.java.naming.provider.url = ldap://ldap.company.com:389/dc=company,dc=com

Note: You may add as many URLs here as you like, and they will tried in order until one succeeds. This allows you to specify several LDAP servers, in case one is not available. Beware, however, that you should repeat the same base DN in each.

Note: Before version 1.2.1, if your search base contains spaces, JNDI requires you to escape them with the sequence “\\20”, for example “o=My Company” would become “o=My\\20Company”. This escape sequence is not required in other properties.

LDAP authentication mechanism to use. This value can take one of the following value : either simple to use a simple configuration bind DN, or none to use an anonymous authentication. Defaults to none.

LSC uses a DN on the LDAP server to authenticate itself and get rights on LDAP data. The value is a complete DN of an existing entry in the specified LDAP server.

The appropriate password for the DN used above, in case you use simple LDAP authentication.

Choose how to follow LDAP referrals. Values could be ignore, follow, or throw.

Choose how to follow LDAP aliases. Values could be never, always, search or find.

If set, use the Paged Results control to read a maximum of N entries at a time from the server. This is most useful if the LDAP server has a maximum size limit of search results.

Example:

dst.java.naming.ldap.pageSize = 1000

Use STARTTLS extended operation on this LDAP connection. Set to true to enable. Default is false.

See SSL and TLS HOWTO for more details, including how to configure certificate trusting.

Example:

dst.java.naming.tls = true

src.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory
src.java.naming.ldap.derefAliases = never
src.java.naming.ldap.version = 3
src.java.naming.provider.url = ldap://localhost:1390/dc=AD,dc=net
src.java.naming.referral = ignore
src.java.naming.security.authentication = simple
src.java.naming.security.credentials = secret
src.java.naming.security.principal = cn=manager,dc=AD,dc=net

Java class name of the JDBC driver to use for this database.

Connection URL. This must include the database name.

User name to connect to the database with.

Password to connect to the database with.

src.database.driver = org.hsqldb.jdbcDriver
src.database.url = jdbc:hsqldb:file:hsqldb/lsc
src.database.username = elilly
src.database.password = lost

The full name of the Java class to use to retrieve information from source and destination.

Simple services for LDAP and database (via JDBC) are available:

• org.lsc.jndi.SimpleJndiSrcService: basic service to search source directory by using sub searches with configurable filters. See below for configuration parameters.
• org.lsc.jndi.SimpleJndiDstService: basic service to search destination directory by using sub searches with configurable filters. See below for configuration parameters.
• org.lsc.jndi.FullDNJndiDstService: basic service to search destination directory by full DN. This assumes you can obtain the full DN from your data source.
• org.lsc.jndi.EmptyJndiDstService: service that simulates an empty directory. All searches return no results. This can be useful to output logs only, by reading a source, and pretending to create all entries.
• org.lsc.service.SimpleJdbcSrcService: basic service to search source database by using SQL requests defined in separate XML configuration files. See below for details.

Each service accepts different parameters. They are detailed below, by service type.

• lsc.tasks.TASKNAME.[src|dst]Service.baseDn

The portion of the DN to base all operations for this task on, relative to the context DN specified in the LDAP URI. Example:

lsc.tasks.userWithMail.srcService.baseDn = ou=People

• lsc.tasks.TASKNAME.[src|dst]Service.pivotAttrs

The attributes used to identify a user in the destination service. These attributes must be used in the identity LDAP filter (see filterId below). For example, if users have a unique value in the LDAP attribute “uid”, then you could use the value uid here.

It is possible to use several attributes, if you don't have a unique identifier in your repository (for example: first and last names). The attributes are separated by spaces. Example:

lsc.tasks.userWithMail.srcService.pivotAttrs = mail uid

• lsc.tasks.TASKNAME.[src|dst]Service.filterAll

This is the “global LDAP filter” used to retrieve all objects identifiers to be synchronized from the service. For example:

lsc.tasks.TASKNAME.srcService.filterAll = (&(objectClass=inetOrgPerson)(uid=*))

This LDAP search will return the attributes specified in pivotAttrs above.

• lsc.tasks.TASKNAME.[src|dst]Service.filterId

This is the “identity LDAP filter” used to retrieve one entry from the source or destination service. You have to use the string {name_of_the_attribute_from_pivotAttrs} in the filter. This string represents a user identifier found in user entry returned by the global LDAP filter. So, for example, a filter could be :

lsc.tasks.userWithMail.srcService.filterId = (&(objectClass=person)(uid={uid}))

• lsc.tasks.TASKNAME.[src|dst]Service.attrs

Here, you specify all attributes to return or update in the source and destination service for one LDAP entry. Values are seperated by spaces. Note that for the dstService, only attributes in this list will be created or modified.

Example:

lsc.tasks.TASKNAME.srcService.attrs = uid mail sn givenName

This service essentially takes the same parameters as SimpleJndiSrcService and SimpleJndiDstService above, except that pivotAttrs are not used, and therefore the syntax and meaning of filterId is different. See below.

This connector has the particularity of identifying entries by their DN, and not via pivot attributes. For standard behavior with pivot attributes, see SimpleJndiSrcService. The list of DNs will be returned ordered from longest to shortest, to ensure that “child” entries are deleted before “parent” entries (during a clean operation).

• lsc.tasks.TASKNAME.[src|dst]Service.baseDn

The portion of the DN to base all operations for this task on, relative to the context DN specified in the LDAP URI. Example:

lsc.tasks.userWithMail.srcService.baseDn = ou=People

• lsc.tasks.TASKNAME.[src|dst]Service.filterAll

This is the “global LDAP filter” used to retrieve all objects identifiers to be synchronized from the service. For example:

lsc.tasks.TASKNAME.srcService.filterAll = (objectClass=inetOrgPerson)

This LDAP search will return the DN of all entries that match the filter, under the baseDn.

• lsc.tasks.TASKNAME.[src|dst]Service.filterId

This is the “identity LDAP filter” used to retrieve one entry from the source or destination service. Using FullDN services, this filter is just checked on the object to be read, so it should usually be the same as filterAll (above). So, for example, this filter could be:

lsc.tasks.userWithMail.srcService.filterId = (objectClass=inetOrgPerson)

• lsc.tasks.TASKNAME.[src|dst]Service.attrs

Here, you specify all attributes to return or update in the source and destination service for one LDAP entry. Values are seperated by spaces. Note that for the dstService, only attributes in this list will be created or modified.

Example:

lsc.tasks.TASKNAME.srcService.attrs = uid mail sn givenName

• lsc.tasks.TASKNAME.srcService.requestNameForList

This is the name of a SQL query defined in etc/sql-map-config.d/*. It should perform a “global search request” to retrieve all object identifiers from the destination service. For example:

lsc.tasks.TASKNAME.srcService.requestNameForList = getAllUsernames

The values returned by this request will be used as parameters for the following request:

• lsc.tasks.TASKNAME.srcService.requestNameForObject

This is the name of a SQL query defined in etc/sql-map-config.d/*. It should return a single entry, given a set of parameters that are returned from the above request (requestNameForList). It should return any fields containing data you want to synchronize. For example:

lsc.tasks.TASKNAME.srcService.requestNameForList = getUserRecord