OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Development/8944
Full headers

From: hyc@openldap.org
Subject: Support Microsoft AD DirSync as a consumer
Compose comment
Download message
State:
0 replies:
0 followups:

Major security issue: yes  no

Notes:

Notification:


Date: Tue, 18 Dec 2018 00:37:23 +0000
From: hyc@openldap.org
To: openldap-its@OpenLDAP.org
Subject: Support Microsoft AD DirSync as a consumer
Full_Name: Howard Chu
Version: 2.5
OS: 
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (80.233.39.182)
Submitted by: hyc


Code in master is now available for operating slapd as a replication consumer
against Microsoft ActiveDirectory using their DirSync protocol. Note that no
attempt has been
made to work with anything other than user and group entries.

A sample config, based on the test017 syncrepl consumer config:

####
include         ./schema/core.schema
include         ./schema/cosine.schema
include         ./schema/inetorgperson.schema
include         ./schema/nis.schema
include		./schema/msuser.schema

attributeoptions        range=

database        mdb
suffix          "dc=ldapsync,dc=local"
rootdn          "cn=Replica,dc=ldapsync,dc=local"
rootpw          secret
directory       ./testrun/db.2.a
index           objectClass     eq
index           cn,sn,uid       pres,eq,sub
index           entryUUID,entryCSN      eq

syncrepl        rid=1
                provider=ldap://ldapsync/
                binddn="cn=Administrator,cn=users,dc=ldapsync,dc=local"
                bindmethod=simple
                credentials=MSAD-secret
                searchbase="dc=ldapsync,dc=local"
                filter="(|(objectClass=user)(objectclass=group))"
                schemachecking=off
                scope=sub
                type=dirSync
                interval=00:00:00:03
updateref       ldap://ldapsync/


database        monitor
####

Note that DirSync doesn't have a persist mode, it only works by
refreshOnly-style polling. DirSync support for Modifications is quite braindead;
the protocol has no way to indicate deletion of single-valued attributes. This
has been left as-is for now, possibly some workarounds can be added for that
later.
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org