[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP as master of other vendors' directory servers?

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Phil Durbin

> We're thinking about using OpenLDAP as our "master" or primary
> directory server.  However, like a lot of folks, we need to run other
> vendors' directory servers as well.
> My primary question is if anyone is using OpenLDAP as a master and
> replicating/synchronizing the data to a Netscape/iPlanet/Sun ONE/Sun
> Java System Directory Server.  Down the road, we may also need to
> synchronize with Active Directory and Oracle Internet Directory.
> I've heard of people using Sun ONE Directory as a master and
> replicating data to Active Directory.  And Oracle says its directory
> server can be a spoke on another vendor's hub.  But are people using
> OpenLDAP as the hub?
> I get the impression from this lists' archives that this is going to
> require some custom programming.  Are we talking about
> scripts to dump
> and import LDIF files?  Cooking something up using perl-ldap,
> JNDI, or
> JLDAP?  Are there ready-made scripts or other tools available to make
> synchronizing data from OpenLDAP to Sun ONE as painless as possible?

You haven't really described enough of your goal to formulate an answer. If
two LDAP servers store identical DITs, then generally
replication/synchronization is a no-brainer. Most frequently however, when
dealing with entrenched use of heterogeneous servers, those servers are in
place because their DITs are specialized and don't match one-to-one with
every other server's DIT. The first question to answer is, what is the
situation with your particular servers, what are they being used for, and how
similar are their existing structures? I.e., why do you "need" to run other
vendors' servers?

In many cases, slurpd can be used directly to sync from OpenLDAP to any other
LDAP server. In more complex cases, I would use slurpd targeted at an
OpenLDAP back-ldap/back-meta instance and use the mapping facilities there to
prep the data that gets sent to the remote server.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support