RE: AD to OpenLDAP

[Brian Arkills <brian@hansolo.stanford.edu>]

Nope. AD uses their own technology (not slurpd) to do multi-master replication based on a LDAP control called dirsync which was documented in a ietf draft notification control (which openldap doesn't support). OpenLDAP supports push based replication, where a master server pushes changes to a slave. AD does replication using pulls, where all servers get replication info after a notification that an entry has changed elsewhere.

But "replicate" is a loaded term, which means different things in different contexts. You could design your own ldap code which would work in a similar fashion to slurpd, except *pulling* info from AD to openldap. You'd need to use the dirsync control I mentioned above to get notifications of when AD changed. Some folks call this kind of replication method a "harvester". Alternatively, you could also dump AD to ldif and load it to openldap, but this wouldn't be real-time.

Now if you wanted to go the other way ... from openldap to AD, I think the only method right now would be an ldif dump, because I don't think openldap supports any of the draft notification controls (ietf lcup working group).

Of course, you could also try one of the metadirectory products. But they seem like more work than they are worth from what I've seen.

Anyone else care to add more on this?

Brian

> -----Original Message-----
> From: Laurent Michenaud [mailto:lmichenaud@adeuza.fr]
> Sent: Thursday, January 31, 2002 6:29 AM
> To: openldap-software@OpenLDAP.org
> Subject: AD to OpenLDAP
> 
> 
> Hi,
> 
> Is it possible to replicate an Active Directory into an 
> OpenLDAP server
> ?
> 
> If yes, please tell me what i need and how to do it...
> If not, please tell me too.
> 
> Thanks
> 
> Michenaud Laurent
> - Adeuza -
> [ Développeur Web - Administrateur Réseau ]
>