On 5/12/22 3:13 PM, Mike Mercier wrote:
Hello,

I am attempting to use the Microsoft ECMA Connector (Azure AD Connect) to synchronize user information from Azure AD to 389DS.  Microsoft does claim 389DS is supported, see:

https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/on-premises-ldap-connector-configure

While configuring the ECMA connector wizard, the 'Global' page displays the following message:

Mandatory Features Not Found:
[1.3.1.4.1.4203.1.5.3] True/False Filters

Hello,

My understanding of [1], is that it is quite common that LDAP server does not report this feature and you are right 389ds does not report it.
It is mentioned that "If you can import more than one object type, then your LDAP server supports this feature.". Object Type is looking to be the objectclass attribute of an ldap entry. 389ds supports entries with multiple objectclass values, so even if it is not listed it looks to me it supports that feature.

[1] https://docs.microsoft.com/en-us/microsoft-identity-manager/reference/microsoft-identity-manager-2016-connector-genericldap#required-controls-and-features

regards
Thierry


I believe the below command displays what is supported?
[root@localhost ~]# ldapsearch -H ldap://localhost -x -s base -b "" +

I do not see the specific OID from above listed in the output.  Is the feature supported by 389DS?  Is there a plugin available that will add support?

Anyone have any experience trying to sync information between 389DS and Azure AD?

Thanks,
Mike

_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure