[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap and AD sync



On Fri, Mar 22, 2013 at 1:33 AM, æå <hoking.yang@gmail.com> wrote:
> I had set up LDAP on linux side, I want to build a AD with Windows2008R2,
> and AD should sync the user information from LDAP, is there any suggestion
> on this?


Usually and quite commonly your DITs will differ so you will probably
need a middle man to translate. I don't know of an existing toolset
that does this elegantly, but one could very well exist.

Perl is my tool of choice here with Net::LDAP, but you can use any
programming language that talks LDAP. You have to enable LDAP on the
AD side because AFAICR it's not enabled by default.

Wether it's real-time (event-driven) or batch based depends on your
particular needs, and there are different techniques for either one.
In all the cases I have done this AD is a sub-set of the corporate DIT
which is in OpenLDAP (or whatever) but YMMV.

Best,

-- 
Alejandro Imass