[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ActiveDirectory Connector...

Hash: SHA1

So let me get this strait, I can use a second database (ldap) and map my
attributes/objectclasses to the Active Directory server, we'll call
adServer.domain.com, so that when a user on this server, we'll call
ldapServer.domain.com, changes his password (or anything else perhaps)
in OpenLdap, it will then be changed automatically on BOTH servers? Is
this correct?
Many thanks!

Pierangelo Masarati wrote:

|>I hope this isn't obvious, but how would I map my schema? Does slurpd do
|>the updating to AD? Do you know of any documentation on doing this?
| If the schema mapping is simply a matter or removing some undesired
| entries or attributeTypes, you may use partial replication (see
| slapd.conf(5), "replica" directive for details); if it's rather an issue
| of attributeType/objectClass renaming, you may filter slurpd replication
| thru back-ldap (see slapd-ldap(5) "map" directive for details); if you
| need to muck with DNs, again back-ldap may help you (see slapd-meta(5),
| "rewrite*" directives for details).
| If you need to arbitrarily muck with values, you're on your own.  Consider
| that userPassword in AD needs to be mapped to unicodePwd, which is
| completely different in syntax; most of the typical user's profile
| attributes are single-valued in AD (e.g. CN, SN, and so).
| For this purpose, at SysNet we developed proprietary tools to map data in
| a broad way, with per-objectClass, per-attributeType and per-value mapping
| rules, that are used to sync different data sources (e.g.
| {RDBMS|LDAP|file} => {RDBMS|LDAP|LDIF} in combination, including a merge
| from etherogeneous data sources into a single destination.  Usually, we
| use it to sync HR RDBMS and other LDAP sources with OpenLDAP, AD and Lotus
| Notes DSAs.  YOu may contact info@sys-net.it if you need details.
| p.
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org