[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ActiveDirectory Connector...

To: ando@sys-net.it
Subject: Re: ActiveDirectory Connector...
From: Tobias Rice <rice@up.edu>
Date: Mon, 17 May 2004 12:56:13 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <53041.131.175.154.56.1084784307.squirrel@webmail.sys-net.it>
References: <005301c43afa$5f6f2110$0e01a8c0@CELLO> <40A7E438.1040404@up.edu> <53041.131.175.154.56.1084784307.squirrel@webmail.sys-net.it>
User-agent: Mozilla Thunderbird 0.6 (Windows/20040502)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So let me get this strait, I can use a second database (ldap) and map my
attributes/objectclasses to the Active Directory server, we'll call
adServer.domain.com, so that when a user on this server, we'll call
ldapServer.domain.com, changes his password (or anything else perhaps)
in OpenLdap, it will then be changed automatically on BOTH servers? Is
this correct?
Many thanks!
Tobias

Pierangelo Masarati wrote:

|>I hope this isn't obvious, but how would I map my schema? Does slurpd do
|>the updating to AD? Do you know of any documentation on doing this?
|
|
| If the schema mapping is simply a matter or removing some undesired
| entries or attributeTypes, you may use partial replication (see
| slapd.conf(5), "replica" directive for details); if it's rather an issue
| of attributeType/objectClass renaming, you may filter slurpd replication
| thru back-ldap (see slapd-ldap(5) "map" directive for details); if you
| need to muck with DNs, again back-ldap may help you (see slapd-meta(5),
| "rewrite*" directives for details).
|
| If you need to arbitrarily muck with values, you're on your own.  Consider
| that userPassword in AD needs to be mapped to unicodePwd, which is
| completely different in syntax; most of the typical user's profile
| attributes are single-valued in AD (e.g. CN, SN, and so).
|
| For this purpose, at SysNet we developed proprietary tools to map data in
| a broad way, with per-objectClass, per-attributeType and per-value mapping
| rules, that are used to sync different data sources (e.g.
| {RDBMS|LDAP|file} => {RDBMS|LDAP|LDIF} in combination, including a merge
| from etherogeneous data sources into a single destination.  Usually, we
| use it to sync HR RDBMS and other LDAP sources with OpenLDAP, AD and Lotus
| Notes DSAs.  YOu may contact info@sys-net.it if you need details.
|
| p.
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAqRjdRJX8S0T0CkURAlOeAJwJ6VG3nIfXrYGf2Td3nDcBNUogBgCgp6Ed
ZNXorzY0rodQ2FIcOSksGuI=
=mpfV
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: ActiveDirectory Connector...
  - From: "Pierangelo Masarati" <ando@sys-net.it>

References:
- RE: ActiveDirectory Connector...
  - From: "Howard Chu" <hyc@highlandsun.com>
- Re: ActiveDirectory Connector...
  - From: Tobias Rice <rice@up.edu>
- Re: ActiveDirectory Connector...
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: RE: Preference for editing ACLs
Next by Date: Re: ACL to block IPs
Index(es):
- Chronological
- Thread