[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: any body have done openldap and active directory synchronization? i need help

To: Clément OUDOT <clem.oudot@gmail.com>
Subject: Re: any body have done openldap and active directory synchronization? i need help
From: Suman Karki <sumankarki16@gmail.com>
Date: Tue, 2 Apr 2013 18:14:41 +0530
Cc: Markus Widmer <markus.widmer@daasi.de>, openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:content-transfer-encoding; bh=2Kay3EnzfMBt1VK+BfVRB9BkjMBw9/gQJGkwhsTYb8Y=; b=W60+6+KEJnRMlflE9FLYUCV2pRuXGygAOLp1Tw2FZsP6YSTPrd0+EjmvYF45JGi2ck FWcx94iTKANI8zW3cEeyGTJgdOthp4DmZQrG/ZHoOfOyKPNBtS1aA27jJ6DZsjUDP2Jw w3kKXctTV0RIC9FEnvYsGgrLNZtCKMp5aYYbQjsEu9iMJMMDpK+I9CqbXEslUW/kZ7+u GpH/25X7rES5XiGqgKwY6c8QMCsHO5yfU8pXBs3LMfAtQd/jomWxrz3UqtEGZvjRUP1k 95U/7FFSLamJPyBJjb4SaG+oYEoeyZcaV8DTb9pQxmhuT0//iyBaZhWeY18+wq93CAw5 Ki5w==
In-reply-to: <CAK_oV4_Ve8gPMaYWxk-2kkOCPBNAvisJgbyTwt81jdCSpQ6eiw@mail.gmail.com>
References: <CAJw6rJ6Pc9UWB3hn=wRAVFg-YKjPXS4xR-gxsanCfnTextfpqA@mail.gmail.com> <515A8E6D.8010009@daasi.de> <CAK_oV4_Ve8gPMaYWxk-2kkOCPBNAvisJgbyTwt81jdCSpQ6eiw@mail.gmail.com>

thank you Markus and Clément for giving your supports.
first i will try myself, if not succeeded then i will contact again.

On 4/2/13, Clément OUDOT <clem.oudot@gmail.com> wrote:
> 2013/4/2 Markus Widmer <markus.widmer@daasi.de>
>
>> Hi!
>>
>> we have implemented OpenLDAP -> AD using the OpenLDAP accesslog overlay
>> to
>> see what has changed in OpenLDAP. For AD -> OpenLDAP we use the
>> highestCommittedUSN to see if something has changed on AD side.
>> Synchronization of passwords is a bit more complicated because if you
>> want
>> to sync them OpenLDAP -> AD you have to set them as clear text passwords
>> via LDAP. At the same time you usually don't want to store them as clear
>> text in the OpenLDAP directory. We have solved it by implementing an
>> overlay that gets an encrypted password and stores it in a custom
>> attribute
>> protected by ACLs (similar to the eDirectory universalPassword) and as
>> SSH2-hashed value in the userPassword attribute. It then can be decrypted
>> and synchronized to AD. If you want AD -> OpenLDAP you have to catch the
>> password change the moment it happens. We have done this by implementing
>> a
>> DLL.
>>
>> Of course there are other ways of doing it.
>>
>> Cheers,
>>
>>     -Markus-
>>
>>
>> On 02.04.2013 07:31, Suman Karki wrote:
>>
>>> hello there!
>>> anybody have done openldap and active directory synchronization?
>>> i want to sync them. give me idea how you have done?
>>>
>>> i am struggling to solve that.
>>> if you charge some amount then i am ready to pay.
>>> just i need to solve that problem.
>>>
>>>
>
> Hi,
>
>
> another solution is to use LDAP Synchronization Connector (
> http://lsc-project.org).
>
> Here is a tutorial for OpenLDAP to AD synchronization:
> http://lsc-project.org/wiki/documentation/2.0/tutorials/openldaptoactivedirectory
> And here some notes on password synchronization:
> http://lsc-project.org/wiki/documentation/2.0/howtos/activedirectory#password_synchronization
>
>
> Clément.
>

References:
- any body have done openldap and active directory synchronization? i need help
  - From: Suman Karki <sumankarki16@gmail.com>
- Re: any body have done openldap and active directory synchronization? i need help
  - From: Markus Widmer <markus.widmer@daasi.de>
- Re: any body have done openldap and active directory synchronization? i need help
  - From: Clément OUDOT <clem.oudot@gmail.com>

Prev by Date: Re: any body have done openldap and active directory synchronization? i need help
Next by Date: Chaining without TLS
Index(es):
- Chronological
- Thread