[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: any body have done openldap and active directory synchronization? i need help
Hi!
we have implemented OpenLDAP -> AD using the OpenLDAP accesslog overlay
to see what has changed in OpenLDAP. For AD -> OpenLDAP we use the
highestCommittedUSN to see if something has changed on AD side.
Synchronization of passwords is a bit more complicated because if you
want to sync them OpenLDAP -> AD you have to set them as clear text
passwords via LDAP. At the same time you usually don't want to store
them as clear text in the OpenLDAP directory. We have solved it by
implementing an overlay that gets an encrypted password and stores it in
a custom attribute protected by ACLs (similar to the eDirectory
universalPassword) and as SSH2-hashed value in the userPassword
attribute. It then can be decrypted and synchronized to AD. If you want
AD -> OpenLDAP you have to catch the password change the moment it
happens. We have done this by implementing a DLL.
Of course there are other ways of doing it.
Cheers,
-Markus-
On 02.04.2013 07:31, Suman Karki wrote:
hello there!
anybody have done openldap and active directory synchronization?
i want to sync them. give me idea how you have done?
i am struggling to solve that.
if you charge some amount then i am ready to pay.
just i need to solve that problem.
--
_______________________________________________________________________
Markus Widmer
DAASI International GmbH
Europaplatz 3
D-72074 Tübingen
Germany
Telefon: +49 7071 407109-5
Fax: +49 7071 407109-9
EMail: markus.widmer@daasi.de
Web: www.daasi.de
DAASI International GmbH, Tübingen
Geschäftsführer Peter Gietz, Amtsgericht Stuttgart HRB 382175
_______________________________________________________________________