Name
lsc-agent
- LSC remote command
Synopsis
$LSC_HOME/bin/lsc-agent or $LSC_HOME/bin/lsc-agent.bat
Description
lsc-agent is the remote command line tool used to achieve various action againt a
daemonized LSC.
It can start or stop an asynchronous task, force a synchronous task on a particular,
check LSC status. It supposes that the main LSC instance has been started by a
lsc(1) command.
Connections and synchronization options are defined in
lsc.xml(5) file.
Ldap Synchronization Connector, or LSC, is a tool for synchronizing
data repositories, with a particular focus on identity information.
It can read from a variety of different sources, perform limitless
transformations of data on-the-fly and write the results to a LDAP
directory. The tool is designed to be fast, and extensible in all
areas.
It is an open source project, released under the BSD license.
Requirements: JRE 1.6. Most tests are run against Sun / Oracle JRE but basic build is also achieved
through OpenJDK 6.
General description
The LSC XML file format is directly map with configuration objects. The settings full description is included
as the Javadoc class comments. You will find there a shorter version excluding plugins.
Each parameter can be either a static or a dynamic value. If dynamic the value is interpreted as a scripting
string, Javascript by default or any JSR 223 supported language.
In the XML file, you will find 3 main sections :
- tasks
- connections
- security settings
The tasks described how the source service is synchronized with the destination service. It mainly contains
specific services settings (LDAP filter, SQL request, ...) and synchronization options (mapping from a dataset
to another).
The connections zone contains the description of the basic services settings (url, login, password, ...).
The security zone includes severeals shared settings about encryption, hashing, ...
This documentation is organized in a "A.B.C = TEXT" format that must be understood in XML notation like :
<lsc>
<A>
<B>
<C>TEXT</C>
</B>
</A>
</lsc>
The lsc xml node is not included in the following options description but is implied and mandatory
</p>
<p>
The id attribute that may be included inside node is forced by the XML to object mapping engine (XStream) and does not have
any particular meaning. If you manipulate the XML file format by your own, just remove it, XStream will do the job. Take core not
to copy it to avoid giving the same id to two different nodes.
Task section
task.name
Each task must be uniquely named to identify it inside the engine and it inside log messages.
MANDATORY - STATIC
task.bean
This option describes the Java object i
OPTIONAL - STATIC - Default to "org.lsc.beans.SimpleBean"
dn.real_root
LSC also has to know the real root DN (used to build factice DN for
service as database for example). You should specify a complete LDAP DN,
like dn.real_root = dc=lsc-project,dc=org for example.
dn.people
LSC also has to know the RDN of the people's tree. You should specify
a LDAP RDN, like dn.people = ou=people for example.
lsc.tasks
Name of available LSC tasks, separated by commas. For example, you could
have task1, task2, task3 as a value. Be careful that tasks
also have to be defined.
Service configuration options
These are global configuration options to define the source and destination
services. You must replace the term X in option label by
src to configure source service, or dst to configure
destination service.
X.java.naming.factory.initial
Initial context factory to use for data abstraction layer. You could specify the value
com.sun.jndi.ldap.LdapCtxFactory. It should be the same value
for both LDAP source and destination services.
X.java.naming.ldap.version
Version of the LDAP protocol to use to connect to the LDAP server.
3 is recommended.
X.java.naming.provider.url
URI LDAP to connect to. Note that specifying the search base in the URI is not
necessary, but could improve performance.
X.java.naming.security.authentication
LDAP authentication mechanism to use. Generally, this value does not
need to be changed. Put simple value to use authentication
based on DN and password.
X.java.naming.security.principal
LSC uses a DN on the LDAP server to authenticate itself and get rights
on LDAP data. The value is a complete DN of an existing entry in
the specified LDAP server.
X.java.naming.security.credentials
The appropriate password for the DN used above, in case you use simple
LDAP authentication.
X.java.naming.referral
Choose how to follow LDAP referrals. Values could be ignore,
follow, or throw.
X.java.naming.ldap.derefAliases
Choose how to follow LDAP aliases. Values could be never,
always, search or find.
Task configuration options
This section describes available options to configure a LSC task. You
should replace TASKNAME by a task name specified in the
global configuration option lsc.tasks.
lsc.tasks.TASKNAME.object
The full name of the JAVA class to use for plain LDAP object. For
example, for person, you could use
org.lsc.objects.inetOrgPerson. Be careful that
this class has to exist in this instance of LSC.
lsc.tasks.TASKNAME.bean
The full name of the JAVA BEAN class to use for specialisation of the
synchronization. For example, for person, you could use
org.lsc.beans.inetOrgPersonBean. Be careful that
this class has to exist in this instance of LSC.
lsc.tasks.TASKNAME.type
The synchronisation type for this task between the two defined services.
lsc.tasks.TASKNAME.srcService
The fullname of the JAVA JNDI class to use to retrieve information
from source service. There is a generic class for LDAP connection, which
is org.lsc.jndi.SimpleJndiSrcService.
lsc.tasks.TASKNAME.srcService.baseDn
The RDN of the people tree on the source service. Generally, it should
be ou=people.
lsc.tasks.TASKNAME.srcService.attrId
The attribute used to identify a user in the source service. This
attribute must be used in the identity LDAP filter (see filterId below).
For example, if users have a unique value of the LDAP attribute "uid",
then you could use the value uid here.
lsc.tasks.TASKNAME.srcService.filterAll
This is the "global LDAP filter" used to retrieve all user DNs from the
source service.
lsc.tasks.TASKNAME.srcService.filterId
This is the "identity LDAP filter" used to retrieve one entry from the
source service. You have to use the string {0} in the
filter. This string represents a user identifier found in user entry
returned by the global LDAP filter. So, for example, a filter could be
(&(objectclass=inetOrgPerson)(mail=*)(uid={0}))
lsc.tasks.TASKNAME.srcService.attrs
Here, you specify all returned attributes from the source service for
one LDAP entry. Generally, these attributes will be used to build
the new SASL userPassword. Be careful that the value of this option
has to be same as in the source code of this instance of
LSC. In fact, the algorithm used is in the JAVA BEAN, in the method
named by attributes specified here. So, it strictly not recommended
to modify this value (loginName userPassword).
lsc.tasks.TASKNAME.dstService
The fullname of the JAVA JNDI class to use to retrieve information
from destination service. There is a generic class for LDAP connection,
which is org.lsc.jndi.SimpleJndiSrcService.
lsc.tasks.TASKNAME.dstService.baseDn
The RDN of the people tree on the destination service. Generally, it
should be ou=people.
lsc.tasks.TASKNAME.dstService.attrId
The attribute used to identify a user in the destination service. This
attribute must be used in the identity LDAP filter (see filterId below).
For example, if users have a unique value of the LDAP attribute "uid",
then you could use the value uid here.
lsc.tasks.TASKNAME.dstService.filterAll
This is the "global LDAP filter" used to retrieve all user DNs from the
destination service.
lsc.tasks.TASKNAME.dstService.filterId
This is the "identity LDAP filter" used to retrieve one entry from the
destination service. You have to use the string {0} in the
filter. This string represents a user identifier found in user entry
returned by the global LDAP filter. So, for example, a filter could be
(&(objectclass=inetOrgPerson)(mail=*)(uid={0}))
lsc.tasks.TASKNAME.dstService.attrs
Here, you specify all returned attributes from the destination service
one LDAP entry. Generally, these attributes will be used to build
the new SASL userPassword. Be careful that the value of this option
has to be same as in the source code of this instance of
LSC. In fact, the algorithm used is in the JAVA BEAN, in the method
named by attributes specified here. So, it strictly not recommended
to modify this value (loginName userPassword).
Synchronization rule options
This section describes synchronization rule options available for this
instance of LSC. You should replace TASKNAME by a task name
specified in the global configuration option lsc.tasks.
lsc.syncoptions.TASKNAME
This is the full name of the JAVA class used to provide synchronization
option mechanism. For this instance of LSC, you must use the
org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
value.
lsc.syncoptions.TASKNAME.default.action
Default action on the destination directory. Here, two values are
possible, K to keep data (means no modification at all), or
F for allowing modification on the data (update, create or
delete). For this instance of LSC, you must use K because
source and destination service are in fact the same real server.
lsc.syncoptions.TASKNAME.userPassword.action
Choose the action to use onto the userPassword LDAP attribute. As
default action, you could put K to keep password updates,
or F to force modifications.
Authors
lsc-passwords was written by
Sebastien Bahloul <sbahloul@lsc-project.org>,
Jonathan Clarke <jclarke@lsc-project.org>,
Remy-Christophe Schermesser <rschermesser@lsc-project.org>,
Thomas Chemineau <tchemineau@lsc-project.org>.
See also
lsc(1)
lsc.xml(5)
http://lsc-project.org/
Comments
This man page was written using xmltoman(1).