[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#8944) Support Microsoft AD DirSync as a consumer
Full_Name: Howard Chu
Version: 2.5
OS:
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (80.233.39.182)
Submitted by: hyc
Code in master is now available for operating slapd as a replication consumer
against Microsoft ActiveDirectory using their DirSync protocol. Note that no
attempt has been
made to work with anything other than user and group entries.
A sample config, based on the test017 syncrepl consumer config:
####
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/nis.schema
include ./schema/msuser.schema
attributeoptions range=
database mdb
suffix "dc=ldapsync,dc=local"
rootdn "cn=Replica,dc=ldapsync,dc=local"
rootpw secret
directory ./testrun/db.2.a
index objectClass eq
index cn,sn,uid pres,eq,sub
index entryUUID,entryCSN eq
syncrepl rid=1
provider=ldap://ldapsync/
binddn="cn=Administrator,cn=users,dc=ldapsync,dc=local"
bindmethod=simple
credentials=MSAD-secret
searchbase="dc=ldapsync,dc=local"
filter="(|(objectClass=user)(objectclass=group))"
schemachecking=off
scope=sub
type=dirSync
interval=00:00:00:03
updateref ldap://ldapsync/
database monitor
####
Note that DirSync doesn't have a persist mode, it only works by
refreshOnly-style polling. DirSync support for Modifications is quite braindead;
the protocol has no way to indicate deletion of single-valued attributes. This
has been left as-is for now, possibly some workarounds can be added for that
later.