[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: eDirectory LDAP To OpenLDAP Layout


According to my experience working with eDirectory is quite tricky, especially if you have to align it with directories such as OpenLDAP. E.g. it looks to be common practice in eDirectory to modify the definition of standard object classes such as inetOrgPerson. EDirectory maintains reciprocal group membership attributes in somehow unusual way, the DN conventions are all different, account enable/disable is different and generally speaking there is a lot of little differences that need to be taken care of.

We have a deployment when we run and synchronize OpenLDAP and eDirectory using midPoint. We even had to create a special eDirectory connector for this as stock LDAP connector could not easily handle eDirectory peculiarities. MidPoint is built to rewrite the DNs, object classes and actually anything else that needs to be done. I'm sure that this approach works. But please note that midPoint is a comprehensive IDM system and it may not be entirely easy to set it up.

Radovan Semancik
Software Architect

On 10/22/2016 11:47 AM, Dieter Klünter wrote:
Am Thu, 20 Oct 2016 15:49:24 +0200
schrieb Shaun Glass <shaunglass@gmail.com>:

Good Day,

I am having to migrate from eDirectory to OpenLDAP as we getting rid
of eDirectory Services. When setting up OpenLDAP I have as example the
following :


... but in eDirectory it was just :

this is a valid DN, I myself run a few directories with 'o' RDN.
OpenLDAP Would not let me create as above since I got the following
error when not initially creating a dc= :

LDAP: error code 53 - no global superior
result code 53 is 'unwilling to perform', there must be something else
wrong in your setup und your configuration.