[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: AD to OpenLDAP

To: brian@hansolo.stanford.edu
Subject: RE: AD to OpenLDAP
From: Luke Howard <lukeh@PADL.COM>
Date: Fri, 1 Feb 2002 20:43:59 +1100
Cc: openldap-software@OpenLDAP.org
Organization: PADL Software Pty Ltd
Versions: dmail (bsd44) 2.2g/makemail 2.9a

This isn't entirely correct. Replication between Active Directory domain controllers
occurs using DS-RPC (a DCE RPC-based protocol) or ISM-SMTP (a SMTP-based protocol).
The notificaiton controls are for end-user clients AFAIK.

-- Luke

>From: Brian Arkills <brian@hansolo.stanford.edu>
>Subject: RE: AD to OpenLDAP
>To: openldap-software@OpenLDAP.org
>Date: Thu, 31 Jan 2002 17:47:55 -0800
>
>Nope. AD uses their own technology (not slurpd) to do multi-master replication based on a LDAP control called dirsync which was documented
>in a ietf draft notification control (which openldap doesn't support). OpenLDAP supports push based replication, where a master server
>pushes changes to a slave. AD does replication using pulls, where all servers get replication info after a notification that an entry has
>changed elsewhere.
>
>But "replicate" is a loaded term, which means different things in different contexts. You could design your own ldap code which would work
>in a similar fashion to slurpd, except *pulling* info from AD to openldap. You'd need to use the dirsync control I mentioned above to get
>notifications of when AD changed. Some folks call this kind of replication method a "harvester". Alternatively, you could also dump AD to
>ldif and load it to openldap, but this wouldn't be real-time.
>
>Now if you wanted to go the other way ... from openldap to AD, I think the only method right now would be an ldif dump, because I don't
>think openldap supports any of the draft notification controls (ietf lcup working group).
>
>Of course, you could also try one of the metadirectory products. But they seem like more work than they are worth from what I've seen.
>
>Anyone else care to add more on this?
>
>Brian
>
>> -----Original Message-----
>> From: Laurent Michenaud [mailto:lmichenaud@adeuza.fr]
>> Sent: Thursday, January 31, 2002 6:29 AM
>> To: openldap-software@OpenLDAP.org
>> Subject: AD to OpenLDAP
>> 
>> 
>> Hi,
>> 
>> Is it possible to replicate an Active Directory into an 
>> OpenLDAP server
>> ?
>> 
>> If yes, please tell me what i need and how to do it...
>> If not, please tell me too.
>> 
>> Thanks
>> 
>> Michenaud Laurent
>> - Adeuza -
>> [ Développeur Web - Administrateur Réseau ]
>> 

--
Luke Howard | lukehoward.com
PADL Software | www.padl.com

Prev by Date: openldap with ssl
Next by Date: Debian Linux: Auth fails with 8char salt and --with-tls
Index(es):
- Chronological
- Thread