[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl for AD replication

To: openldap-technical@openldap.org
Subject: Re: Syncrepl for AD replication
From: Stefan Jurisch <s.jurisch@siegnetz.de>
Date: Sun, 21 Feb 2010 11:26:29 +0100
In-reply-to: <87hbpbrhwd.fsf@rubin.avci.de>
Openpgp: id=C6F20B3E; url=pool.sks-keyservers.net
Organization: SIEGNETZ.IT GmbH, Siegen
References: <78FC5CC7782A4643B6F08716A021FA302644F5E2@IT-EXMB-01.silverspringnet.com> <87hbpbrhwd.fsf@rubin.avci.de>
User-agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.7) Gecko/20100111 SUSE/3.0.1-9.1 Lightning/1.0pre Thunderbird/3.0.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Am 20.02.2010 17:28, schrieb Dieter Kluenter:
>> I am looking to setup a LDAP server that can pull certain user
>> attributes from Active Directory like userid (sAMAccountName), cn, sn
>> and populate some other attributes like public keys via user input.
>>
>> Is it possible to automate the AD to LDAP replication using syncrepl? 
>> Also, looking at syncrepl documentation, it isn't clear how syncrepl
>> adds records? For example, if a new user gets added on the master, how
>> does the replica know what objectclasses to include while adding that
>> user?
> 
> Ask Microsoft to implement RFC-4533 into AD.

That would be the best thing to do; but there are some posibilities to do some sort of
repl on other ways.
At the moment I work on some sort of plugin for a software to authenticate via LDAP with
an AD, and while running I plan to implement an LDAP<-->AD data synchronization. But it
is still far in the future.
In fact, this will *not* do repl of schema data, because this is quite complex in AD (in
comparison with openLDAP).

Best regards
Stefan


- -- 


   • S T E F A N • J U R I S C H •
======================================
 System Engineer • Department VMware®
         Software Development
======================================
SIEGNETZ.Informationstechnologie® GmbH

Schneppenkauten 1a  •  DE 57076 Siegen
phone +49 271 68193 -0 • facsimile -28
web www.siegnetz.de • info@siegnetz.de

    Geschäftsfuehrer: Oliver Seitz
      Amtsgericht Siegen HRB4838
   Sitz der Gesellschaft ist Siegen

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkuBClUACgkQqdb99cbyCz7/1ACeJOGFp8FeGGVgqq3FJpFuTmre
4z4An3kzuyxBq+86KJZ/o8zE1KPLcOg6
=WAwT
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Follow-Ups:
- Re: Syncrepl for AD replication
  - From: Michael Ströder <michael@stroeder.com>
- Re: Syncrepl for AD replication
  - From: Jonathan Clarke <jonathan@phillipoux.net>

References:
- Syncrepl for AD replication
  - From: Siddhartha Jain <sjain@silverspringnet.com>
- Re: Syncrepl for AD replication
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: objectclass not found inetorgperson?
Next by Date: idea for access rules
Index(es):
- Chronological
- Thread