Re: OpenLDAP <-> Advanced Directory Syncs

[Michael Ströder <michael@stroeder.com>]

Lon Tierney wrote:
> > Thus, my original question stands: Is there a way, within OpenLDAP to
> > extract info from an ADS?
>
> Unknown, but if you look at recent messages on this list regarding AD you
> will see that there are some limitations to what you can get from AD -

Until one really specifies what he/she needs to be 
synchronized/accessed/modified in which way to/from MS AD you won't get any 
reasonable answer (except meta-directory marketing blurb by directory sales 
droids...).

> You may be able to use an OpenLDAP backend to read data from AD on a
> request-by-request basis, or use a referral to you AD server.

back-ldap and back-meta comes to mind.

> Does anyone
> know if there is any OpenLDAP-based "pull-type" synchronization component?

The one you hack yourself. Serious: Sit down and detail your needs, look 
closely at your data, start hacking the sync processes in your favourite 
scripting language. Most times this is the fastest and cheapest way to 
implement a meta-directory. And you usually will learn a lot of what you 
really need.

Ciao, Michael.