[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Replica of Active Directory
Tnaks for your answer, Jochen. It seems that syncing data will be the
only way to go, then. I'll just have to settle with user account data
then.
Jim
On Wed, 2003-12-10 at 06:22, Jochen Laser wrote:
> On Tue, 09 Dec 2003 17:59:57 -0200
> Jim Krebs <jim@totallinux.com.br> wrote:
>
> > Actually, I only need to replicate an MS server's LDAP directory into
> > OpenLDAP. Even if that involves dumping the MS server's base into LDIF
> > and importing it into OpenLDAP. Is that possible?
>
> Even in theory, only part of this should be possible:
>
> Of course AD's replication mechanisms are proprietary, but alternatively
> You can use a harvester-script to collect the data via LDAP and dump them
> into OpenLDAP via LDAP. Or, use LDIF dumps like already mentioned.
> However the following problems will arise:
>
> 1) Active Directory uses lot of MS-specific schemas,
> which You had to translate into *.schema files manually
> and feed into OpenLDAP.
> (or, turn off schemachecking, ARRGH!)
>
> 2) AD's access control does not map to OpenLDAP's access control
>
> 3) AFAIK AD does not provide read-Acces to userpasswords via ldap.
> Sometimes dumping the Passwords using pwdump (from the SAMBA World)
> is used as a workaround.
>
> It seems, that for all these reasons (and maybe others not mentioned here)
> people prefer synchronizing data between these two system over "replicating"
> them via harvesters or LDIF Dumps or whatever.
>
> If it's account data You are interested in, You might want to check out
> the "acctsync" project at sourceforge, which provides some helpful tools
> for synchronizing data (at least account data) between the two systems.
>
> Yours
>
> Jochen
>
>
>
>
> >