[Date Prev][Date Next] [Chronological] [Thread] [Top]

Replicate AD User and Group accounts



I need to simulate an Active Directory server to an LDAP client application using openldap. I am only interested in retrieving users and groups from openldap, but I need to have attributes match those in AD. I have found a number of guides on how to migrate from AD to OpenLDAP, but my application is not quite this complicated. At least I don’t think it is.


Here’s what I’ve got so far. My AD server is Windows Server 2008. I have dumped ldif using ldifde:


ldifde -d "CN=Users,DC=[domain],DC=com" -f export.ldif


This returns me an ldif of Users and Groups, which is what I want. I have set up OpenLDAP as suggested in numerous migration docs to include core, cosine, and nis schemas. I am able to access the LDAP server and browse it using a manager DN and a clear password for now. I have attempted to import my ldif using the following:


Ldapadd -H ldap://<server> -f export.ldif -x -D "cn=Manager,dc=[domain],dc=com" –W


The reply from the server is:


ldapadd: Invalid syntax (21)

        additional info: objectClass: value #1 invalid per syntax


I believe this error is due to the second (#1) record in the ldif which is the first group and has an objectClass: group. “group” does not appear to be a defined object class in any of the aforementioned schema. Can I obtain schema for this ldif? I can’t find any docs on doing this or any schema files that contain this objectClass. BTW, I am a complete LDAP newbie, so please forgive any terminology misuse, etc.