samba – synchroniser OpenLDAP depuis AD avec LSC
LDAP Synchronization Connector (LSC) est un connecteur libre permettant de synchroniser les identités entre un annuaire LDAP et n'importe quelle source de données, y compris toute base de données avec un connecteur JDBC, un autre serveur LDAP, des fichiers plats, … Depuis debian 9, lsc est disponible en 2.1.4 via apt-get install lsc. La documentation est disponible : https://lsc-project.org/
root@debian9:~# vi /etc/apt/sources.list.d/lsc-project.list
deb http://lsc-project.org/debian lsc main
deb-src http://lsc-project.org/debian lsc main
root@debian9:~# wget -O - http://ltb-project.org/wiki/lib/RPM-GPG-KEY-LTB-project | sudo apt-key add -
root@debian9:~# apt-get update
root@debian9:~# apt-get install lsc
root@debian9:/etc/ldap# apt-get install lsc
root@debian9:/etc/ldap# lsc
2019/10/22 18:35:56 [lsc] No java executable found on PATH or in JAVA_HOME! Aborting.
2019/10/22 18:35:56 [lsc] Define JAVA_HOME or adjust your PATH variable to include java.
root@debian9:/etc/ldap# apt-get install openjdk-8-jre
root@debian9:/etc/ldap# lsc
usage: lsc
-a,--asynchronous-synchronize <arg> Asynchronous synchronization task
(one of the available tasks or
'all')
-c,--clean <arg> Cleaning type (one of the available
tasks or 'all')
-f,--config <arg> Specify configuration directory
-h,--help Get this text
-i,--time-limit <arg> Time limit in parallel server mode
in seconds (default: 3600)
-n,--dryrun Don't update the directory at all
-nc,--nocreate Don't create any entry
-nd,--nodelete Don't delete
-nr,--nomodrdn Don't rename (MODRDN)
-nu,--noupdate Don't update
-s,--synchronize <arg> Synchronization task (one of the
available tasks or 'all')
-t,--threads <arg> Number of parallel threads to
synchronize a task (default: 5)
-v,--validate Validate configuration (check
connections ...)
-x,--convert Convert lsc.properties to lsc.xml
(-f is mandatory while converting)
dc1old:~# vi /etc/lsc/lsc.xml
dc1old:~# /usr/bin/lsc -c all -s all