On 21/02/2010 11:26, Stefan Jurisch wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Am 20.02.2010 17:28, schrieb Dieter Kluenter:I am looking to setup a LDAP server that can pull certain user attributes from Active Directory like userid (sAMAccountName), cn, sn and populate some other attributes like public keys via user input. Is it possible to automate the AD to LDAP replication using syncrepl? Also, looking at syncrepl documentation, it isn't clear how syncrepl adds records? For example, if a new user gets added on the master, how does the replica know what objectclasses to include while adding that user?Ask Microsoft to implement RFC-4533 into AD.That would be the best thing to do; but there are some posibilities to do some sort of repl on other ways.
Indeed. May I suggest you take a look at Ldap Synchronization Connector (LSC), which can easily be used to synchronize some attributes to/from AD.
This page lists some tips when trying to read/synchronize with Active Directory (they are general tips, not LSC-specific):
http://lsc-project.org/wiki/documentation/1.1/howtos/activedirectory Hope this helps, Jonathan -- -------------------------------------------------------------- Jonathan Clarke - jonathan@phillipoux.net -------------------------------------------------------------- Ldap Synchronization Connector (LSC) - http://lsc-project.org --------------------------------------------------------------