Forgive my ignorance on this topic - I would like to build an LDAP server at our shop. We a native 2k3 domain and would like this FC LDAP server to pull in all the info from AD. Then periodically, have the FC server sync with new addition/subtractions of AD.
Is there a How-To out there somewhere that someone can point me to? I don't want to recreate the wheel by hand-inputing information into the FC LDAP server.
TIA and thanks for the patience and understanding.
Chris wrote:
Forgive my ignorance on this topic - I would like to build an LDAP server at our shop. We a native 2k3 domain and would like this FC LDAP server to pull in all the info from AD. Then periodically, have the FC server sync with new addition/subtractions of AD.
Is there a How-To out there somewhere that someone can point me to?
I'd start with the mailing lists here: http://directory.fedoraproject.org/
Do you want the ldap server to be an exact mirror of the AD domain? Are you setting this up to add Unix style attributes to users in AD?
On Tue, 24 Apr 2007 14:53:01 -0700 Gordon Messmer yinyang@eburg.com wrote:
Chris wrote:
Forgive my ignorance on this topic - I would like to build an LDAP server at our shop. We a native 2k3 domain and would like this FC LDAP server to pull in all the info from AD. Then periodically, have the FC server sync with new addition/subtractions of AD.
Is there a How-To out there somewhere that someone can point me to?
I'd start with the mailing lists here: http://directory.fedoraproject.org/
Do you want the ldap server to be an exact mirror of the AD domain? Are you setting this up to add Unix style attributes to users in AD?
Gordon -
I would like this to be an mirror of AD. I have not found any url's that show you how do do a one-way replication from AD to Fedora-DS/OpenLDAP.
Any help would greatly be appreciated!
Chris wrote:
I would like this to be an mirror of AD. I have not found any url's that show you how do do a one-way replication from AD to Fedora-DS/OpenLDAP.
I don't personally use or manage AD. I just know that Fedora DS has a component that can be used to sync with such a directory, and that the mailing list members can probably tell you how to accomplish what you're trying to.
On Tue, 26 Jun 2007 13:51:06 -0700 Gordon Messmer yinyang@eburg.com wrote:
Chris wrote:
I would like this to be an mirror of AD. I have not found any url's that show you how do do a one-way replication from AD to Fedora-DS/OpenLDAP.
I don't personally use or manage AD. I just know that Fedora DS has a component that can be used to sync with such a directory, and that the mailing list members can probably tell you how to accomplish what you're trying to.
Understood - however, from what I have been seeing, the items that FC-DS has is to syn passwords. What I'm trying to find out (and so far with very little luck) that its near impossible to have a one sided replication (AD to FC-DS).
*Sigh* the search continues...
Chris wrote:
Understood - however, from what I have been seeing, the items that FC-DS has is to syn passwords.
I was under the impression that it did more, but as previously stated, I don't know. The documentation isn't great, so I suggest that you subscribe to the Fedora DS list, and ask a direct question about what you're trying to accomplish.
What I'm trying to find out (and so far with very little luck) that its near impossible to have a one sided replication (AD to FC-DS).
*Sigh* the search continues...
There are other options. Novel has a product ("Identity Manager", I believe), which can replicate the data from AD to Fedora DS.
Sun also has a caching LDAP proxy server which is available at no cost which may accomplish what you want. What you won't get from it is authentication, I believe. AD uses Kerberos for auth, and I don't expect the proxy server to cache that. For that matter, I don't even know whether or not AD supports simple binds. ;)
-
Chris -
Gordon Messmer