Re: Active Directory port ? to be contacted by slurpd

[Pierangelo Masarati <ando@sys-net.it>]

Howard Chu wrote:

> Tony Earnshaw wrote:
>
> > ons, 17.11.2004 kl. 17.03 skrev Dieter Kluenter:
> >
> >  
> >
> > > > Quick question (hopefully) - what's the port that should be connected
> > > > by slurp on an Active Directory server, to replicate the changes from
> > > > OpenLDAP to Active Directory ?
> > > >
> > > > I've tried 389 and 636, and both failed with the same error message
> > > > (attached, output from slurpd -d 65535 -o -r )
> > > >     
> > [...]
> >
> >  
> >
> > > Check your TLS configuration. Better try without TLS first and have it
> > > configured after you have a working environment.
> > >   
> >
> >
> > In the past it wasn't possible even to replicate from different Openldap
> > versions to others. How, now, can an Openldap slurpd/syncrepl/proxy,
> > whatever of unknown version replicate to an AD directory of unknown
> > version?
> That's not strictly true. A replog generated by an older OpenLDAP 
> release (e.g. 2.0) cannot be successfully replicated to a newer slapd 
> because it's missing some operational attributes that the newer 
> versions require (like structuralObjectclass) but a newer slapd can 
> generate a replog that an older slapd can use, by filtering out the 
> attributes that the older slapd doesn't recognize. Also slurpd can be 
> pointed against back-ldap as a rewrite shim to handle replication to 
> arbitrary LDAP servers. Many of Symas' customers do exactly this.

At SysNet we had a success story when we modified 2.0 slurpd by adding a 
prototype implementation of the "suffix" and "attrs" (negated, actually) 
parameters to the "replica" directive to replicate portions of a 2.0 
master to Lotus Notes.  Similar work was done for other customers and 
other slave architectures; not AD, though.

p.



   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497