[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: synrepl to AD

That's not going to work because AD doesn't understand the LDAP Content
Synchronization Control, which is specific to OpenLDAP, although published
in an Internet Draft and thus freely implementable by any vendor.  In
principle, a bottomline syncrepl could be implemented by means of pure
LDAP operations, provided the producer is able to produce an unique
identifier and a sequence number (e.g. a timestamp with enough granularity
to be different for any write operation).  OpenLDAP's implementation of
syncrepl doesn't do that yet, it requires the provider to use entryUUID as
unique identifier and entryCSN as sequence number.  Work is underway to
remove this limitation.  Follow this thread for details

In any case, up to 2.3 syncrepl works only within OpenLDAP producer and


> I am trying to syncrepl to an AD .
> I do not have admin access to the AD but I can bind  using an ldap
> client
> I added a bdb stanza for the remote server with the statements included
> in the openldap docs (I have openldap 2 running on Suse 9ES where the
> slave ldap will be located)
> I get a simple one liner bcack that ldap could not bind to the AD
> server.
> 1) Can someone offer a working example of a syncrepl configuration
> 2) To do syncrepl, must the master have any knowledge of the slave (the
> docs suggest that this is not necessary)
> 3) With AD, need I have admin access, as opposed to being able to bind
> as just any old user....
> 4) while the binddn I am using is in the master db,  the updatre dn (the
> dn on my openldap server) is in a different database. e.g.
> binddn  cn=bob, dc=kludge, dc=com
> and
> updatedn  cn=bobg, dc=suse, dc=kludge,dc=com

Pierangelo Masarati

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497