Hi,According to my experience working with eDirectory is quite tricky, especially if you have to align it with directories such as OpenLDAP. E.g. it looks to be common practice in eDirectory to modify the definition of standard object classes such as inetOrgPerson. EDirectory maintains reciprocal group membership attributes in somehow unusual way, the DN conventions are all different, account enable/disable is different and generally speaking there is a lot of little differences that need to be taken care of.
We have a deployment when we run and synchronize OpenLDAP and eDirectory using midPoint. We even had to create a special eDirectory connector for this as stock LDAP connector could not easily handle eDirectory peculiarities. MidPoint is built to rewrite the DNs, object classes and actually anything else that needs to be done. I'm sure that this approach works. But please note that midPoint is a comprehensive IDM system and it may not be entirely easy to set it up.
-- Radovan Semancik Software Architect evolveum.com On 10/22/2016 11:47 AM, Dieter Klünter wrote:
Am Thu, 20 Oct 2016 15:49:24 +0200 schrieb Shaun Glass <shaunglass@gmail.com>:Good Day, I am having to migrate from eDirectory to OpenLDAP as we getting rid of eDirectory Services. When setting up OpenLDAP I have as example the following : cn=user,ou=Users,ou=Location,o=LDAP,dc=Company,dc=com ... but in eDirectory it was just : cn=user,ou=Users,ou=Location,o=LDAPthis is a valid DN, I myself run a few directories with 'o' RDN.OpenLDAP Would not let me create as above since I got the following error when not initially creating a dc= : LDAP: error code 53 - no global superiorresult code 53 is 'unwilling to perform', there must be something else wrong in your setup und your configuration. -Dieter