[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Simple LDAP to LDAP Integration

Alejandro Imass wrote:

I am seeking a simple integration between OpenLDAP and MS AD. The DIT
structures are completely different but the Posix UIDs are the same.
The integration is very simple because all we need to do is update the
corresponding UID in AD whenever an entry changes in OpenLDAP (i.e.
OpenLDAP is the master here).

I though it would be easy to use the overlays for this but after
careful examination it is not what we need. All we need for the moment
is to capture the entry write event in OpenLDAP and run an external
subroutine/program/lib that connects to the AD and does the changes
there. We already have the second part developed in Perl, that is, we
have a Perl program that connects to AD and changes whatever we want.
We now need to pass this program the data that have changed in
OpenLDAP. We could turn the Perl program into an LDAP server as well
so we could maybe use the overlays, so in this case, the Perl program
would receive the LDAP, and translate that to AD. The other option is
to use SLAPI and capture the change event and use that to connect to
AD, maybe spawning a daemonized process in Perl in order not to hang
OpenLDAP waiting for AD.

Anyway, if anyone can give us a hand as to how to approach this and
what are the best alternatives to do this integration would be great.
We would gladly publish this OpenLDAP to AD integration as OpenSource.
Or if anyone happens to know if this already exists (but needs to be
flexible because we need to translate from one DIT structure to the
other with different schemas on each).

I would interface your perl script to back-sock running as an overlay on the main OpenLDAP database.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/