我有一个非常具体的问题,但无法在网上找到与该问题相关的任何内容,因此我很高兴看看是否有人尝试过同样的问题或者是否有人可以帮助我解决这个问题。
我们正在使用 389 Directory Server 与 Azure Active Directory 结合使用。用户数据存储在 389 DS 中,并使用 Azure AD Connect 同步到 Azure。我们已设置此同步,方法是使用 Azure AD Connect 向导设置 Azure 和 Windows Server AD 之间的同步,然后更改配置以使其适用于 389 DS(如建议的那样这篇博文)。这是通过在同步服务管理器中添加通用 LDAP 连接器并在同步规则编辑器中添加 389 DS 所需的规则来完成的。这实际上效果很好,比预期的要好,但我们无法使组同步正常工作。
389 DS 中的组使用 uniqueMember 属性,定义在RFC 4519它不使用 DN/Reference 语法。为了将此属性与 Connect Metaverse 中的成员属性同步,我尝试了以下转换:
- [uniqueMember](即直接转换)
- CRef([uniqueMember])
- CRef(Split(Join([uniqueMember], ";"), ";"))
- 项目(CRef([uniqueMember]),1)
但我总是收到以下或相关的错误:
Attribute type - value mismatch. Received a string or binary multi-value, expected Reference value. Property name = member
at Microsoft.MetadirectoryServices.SyncRulesEngine.AttributeFlowModule.ConvertBackAsValueAdds(Value sourceValue, EntryPropertyDefinition targetPropertyDefinition)
at Microsoft.MetadirectoryServices.SyncRulesEngine.AttributeFlowModule.GetEntryPropertyModificationForExpressionFlow(AttributeFlowMapping attributeFlowMapping, IEntryModification sourceObject, IEntryModification targetObject, SynchronizationRule rule)
at Microsoft.MetadirectoryServices.SyncRulesEngine.AttributeFlowModule.PerformAttributeFlowMappingFlow(IEnumerable`1 annotatedAttributeFlowMappings, IEntryModification targetObject)
at Microsoft.MetadirectoryServices.SyncRulesEngine.AttributeFlowModule.PerformSyncRuleAttributeFlows(IEntryModification sourceObject, IEntryModification targetObject, SynchronizationRule synchronizationRule, Boolean applyExecuteOnceMappings)
at Microsoft.MetadirectoryServices.SyncRulesEngine.JoinModule.PiggyBackSyncRuleOnExistingLinks(SynchronizationRule syncRule, SyncRulePipelineArguments pipelineArguments, AttributeFlowModule attributeFlowModule)
at Microsoft.MetadirectoryServices.SyncRulesEngine.JoinModule.Execute(PipelineArguments argsToProcess)
at Microsoft.MetadirectoryServices.SyncRulesEngine.Server.SyncEngine.RunSyncPipeline(SyncRulePipelineArguments pipelineData, List`1 pipelineChain)
at Microsoft.MetadirectoryServices.SyncRulesEngine.Server.SyncEngine.Synchronize(SynchronizationOperation operation, IObjectLinkGraph inputGraph, Boolean preview)
at ManagedSyncRulesEngine.Synchronize(ManagedSyncRulesEngine* , CCsObject* sourceCsObject, CMvObject* mvObject, SynchronizationOperation operation, Char** error)
InnerException=>
none
Native call stack:
使用 Error 函数进行转换后,我能够确认结果实际上是多值引用类型,正如我猜测的那样。但是它不起作用。
错误([uniqueMember])导致:
InnerException=>
Argument 1 of function Error: expected type Microsoft.IdentityManagement.Synchronization.SyncRuleExpressions.Interpreter.StringValue, passed multivalue(string("uid=APerson,ou=People,dc=esmgquadrivium,dc=nl"), string("uid=AnotherPerson,ou=People,dc=esmgquadrivium,dc=nl"), string("uid=ACat,ou=People,dc=esmgquadrivium,dc=nl")).
Error(CRef([uniqueMember])) 导致:
InnerException=>
Argument 1 of function Error: expected type Microsoft.IdentityManagement.Synchronization.SyncRuleExpressions.Interpreter.StringValue, passed multivalue(reference(uid=Dog,ou=People,dc=esmgquadrivium,dc=nl), reference(uid=Fish,ou=People,dc=esmgquadrivium,dc=nl), reference(uid=Plant,ou=People,dc=esmgquadrivium,dc=nl)).