Name

lsc.properties - LSC configuration file

Synopsis

/etc/lsc/lsc.properties or $LSC_HOME/etc/lsc.properties

Description

IMPORTANT NOTE: This file format is now DEPRECATED. Please consider moving to lsc.xml file format ! Take a look at the first section "Moving to XML new configuration format"

lsc.properties is the configuration file of the lsc(1) command. It defines all parameters to work on the appropriate server.

lsc is a command-line tool to synchronize datas in a LDAP directory. This tool is generally a special instanciation of the generic LSC JAVA tool.

Some requirements: JRE 1.5.

Moving to XML new configuration file format

Options described in this section apply to all source and destination services.

Global configuration options

Options described in this section apply to all source and destination services.

dn.ldap_schema

LSC needs to know which LDAP tree to interrogate to retrieve the schema of all LDAP servers. You should specify a complete LDAP DN, like dn.ldap_schema = cn=subschema for example.

dn.real_root

LSC also has to know the real root DN (used to build factice DN for service as database for example). You should specify a complete LDAP DN, like dn.real_root = dc=lsc-project,dc=org for example.

dn.people

LSC also has to know the RDN of the people's tree. You should specify a LDAP RDN, like dn.people = ou=people for example.

lsc.tasks

Name of available LSC tasks, separated by commas. For example, you could have task1, task2, task3 as a value. Be careful that tasks also have to be defined.

Service configuration options

These are global configuration options to define the source and destination services. You must replace the term X in option label by src to configure source service, or dst to configure destination service.

X.java.naming.factory.initial

Initial context factory to use for data abstraction layer. You could specify the value com.sun.jndi.ldap.LdapCtxFactory. It should be the same value for both LDAP source and destination services.

X.java.naming.ldap.version

Version of the LDAP protocol to use to connect to the LDAP server. 3 is recommended.

X.java.naming.provider.url

URI LDAP to connect to. Note that specifying the search base in the URI is not necessary, but could improve performance.

X.java.naming.security.authentication

LDAP authentication mechanism to use. Generally, this value does not need to be changed. Put simple value to use authentication based on DN and password.

X.java.naming.security.principal

LSC uses a DN on the LDAP server to authenticate itself and get rights on LDAP data. The value is a complete DN of an existing entry in the specified LDAP server.

X.java.naming.security.credentials

The appropriate password for the DN used above, in case you use simple LDAP authentication.

X.java.naming.referral

Choose how to follow LDAP referrals. Values could be ignore, follow, or throw.

X.java.naming.ldap.derefAliases

Choose how to follow LDAP aliases. Values could be never, always, search or find.

Task configuration options

This section describes available options to configure a LSC task. You should replace TASKNAME by a task name specified in the global configuration option lsc.tasks.

lsc.tasks.TASKNAME.object

The full name of the JAVA class to use for plain LDAP object. For example, for person, you could use org.lsc.objects.inetOrgPerson. Be careful that this class has to exist in this instance of LSC.

lsc.tasks.TASKNAME.bean

The full name of the JAVA BEAN class to use for specialisation of the synchronization. For example, for person, you could use org.lsc.beans.inetOrgPersonBean. Be careful that this class has to exist in this instance of LSC.

lsc.tasks.TASKNAME.type

The synchronisation type for this task between the two defined services.

lsc.tasks.TASKNAME.srcService

The fullname of the JAVA JNDI class to use to retrieve information from source service. There is a generic class for LDAP connection, which is org.lsc.jndi.SimpleJndiSrcService.

lsc.tasks.TASKNAME.srcService.baseDn

The RDN of the people tree on the source service. Generally, it should be ou=people.

lsc.tasks.TASKNAME.srcService.attrId

The attribute used to identify a user in the source service. This attribute must be used in the identity LDAP filter (see filterId below). For example, if users have a unique value of the LDAP attribute "uid", then you could use the value uid here.

lsc.tasks.TASKNAME.srcService.filterAll

This is the "global LDAP filter" used to retrieve all user DNs from the source service.

lsc.tasks.TASKNAME.srcService.filterId

This is the "identity LDAP filter" used to retrieve one entry from the source service. You have to use the string {0} in the filter. This string represents a user identifier found in user entry returned by the global LDAP filter. So, for example, a filter could be (&(objectclass=inetOrgPerson)(mail=*)(uid={0}))

lsc.tasks.TASKNAME.srcService.attrs

Here, you specify all returned attributes from the source service for one LDAP entry. Generally, these attributes will be used to build the new SASL userPassword. Be careful that the value of this option has to be same as in the source code of this instance of LSC. In fact, the algorithm used is in the JAVA BEAN, in the method named by attributes specified here. So, it strictly not recommended to modify this value (loginName userPassword).

lsc.tasks.TASKNAME.dstService

The fullname of the JAVA JNDI class to use to retrieve information from destination service. There is a generic class for LDAP connection, which is org.lsc.jndi.SimpleJndiSrcService.

lsc.tasks.TASKNAME.dstService.baseDn

The RDN of the people tree on the destination service. Generally, it should be ou=people.

lsc.tasks.TASKNAME.dstService.attrId

The attribute used to identify a user in the destination service. This attribute must be used in the identity LDAP filter (see filterId below). For example, if users have a unique value of the LDAP attribute "uid", then you could use the value uid here.

lsc.tasks.TASKNAME.dstService.filterAll

This is the "global LDAP filter" used to retrieve all user DNs from the destination service.

lsc.tasks.TASKNAME.dstService.filterId

This is the "identity LDAP filter" used to retrieve one entry from the destination service. You have to use the string {0} in the filter. This string represents a user identifier found in user entry returned by the global LDAP filter. So, for example, a filter could be (&(objectclass=inetOrgPerson)(mail=*)(uid={0}))

lsc.tasks.TASKNAME.dstService.attrs

Here, you specify all returned attributes from the destination service one LDAP entry. Generally, these attributes will be used to build the new SASL userPassword. Be careful that the value of this option has to be same as in the source code of this instance of LSC. In fact, the algorithm used is in the JAVA BEAN, in the method named by attributes specified here. So, it strictly not recommended to modify this value (loginName userPassword).

Synchronization rule options

This section describes synchronization rule options available for this instance of LSC. You should replace TASKNAME by a task name specified in the global configuration option lsc.tasks.

lsc.syncoptions.TASKNAME

This is the full name of the JAVA class used to provide synchronization option mechanism. For this instance of LSC, you must use the org.lsc.beans.syncoptions.PropertiesBasedSyncOptions value.

lsc.syncoptions.TASKNAME.default.action

Default action on the destination directory. Here, two values are possible, K to keep data (means no modification at all), or F for allowing modification on the data (update, create or delete). For this instance of LSC, you must use K because source and destination service are in fact the same real server.

lsc.syncoptions.TASKNAME.userPassword.action

Choose the action to use onto the userPassword LDAP attribute. As default action, you could put K to keep password updates, or F to force modifications.

Authors

lsc-passwords was written by Sebastien Bahloul <sbahloul@lsc-project.org>, Jonathan Clarke <jclarke@lsc-project.org>, Remy-Christophe Schermesser <rschermesser@lsc-project.org>, Thomas Chemineau <tchemineau@lsc-project.org>.

See also

lsc(1) lsc.xml(5)

http://lsc-project.org/

Comments

This man page was written using xmltoman(1).