active directory schema for OpenLDAP

paul_mat · 09-06-2005, 08:40 PM

hi there, i'm currently looking into getting OpenLDAP to sync with Active directory so if someone knows how to do that and wants to tell me that'd be great, but for the time being i'm thinking about using the active directory schema in OpenLDAP, can someone tell me where to find that on a server 2K3 box? or if it's possable to do that.

bhar0761 · 09-07-2005, 03:01 PM

i second that question.

jdogpc · 09-07-2005, 07:11 PM

Hi bhar0761, for as much as I have read you can't get Samba to act as a domains controller because of file replication issues, this is what I could understand from Samba doc's at their site.

For the active directory replication I have many posts and logs mentioning that it is very hard to do if even possible. Never the less here are two links I managed to get the first is for a doc on active directory, an exe to retrieve the AD from a domain controller and also an AD Schema on XML th second is W2k_iop_kit.exe which appears to be a inetorgperson implementation for Windowz.

http://www.microsoft.com/downloads/d...displaylang=en
http://www.microsoft.com/downloads/d...displaylang=en

Hope this helps you in any way.

At my work I have one FC3 fileserver with rpc connection to the domain and a FC4 with kerberos auth also fileserver both stable the last one I tried to sync something from th DC's but with no luke, i'm no expert in ldap and I had no time to continue researching.

Please post any develop as I'm also very interested in this matter.

JdogPC

paul_mat · 09-07-2005, 07:20 PM

hi there jdogpc,

maybe i didn't make myself clear in the first post, i'm not looking at setting up samba as a PDC. i'm looking at the synchronisation of users between OpenLDAP & Active Directory.

i know that two openLDAP servers can synchronise between each other and two Active Directory servers can synchronise between each other. i'm looking at getting a OpenLDAP machine and an Active Directory server to make the synchronisation.

jetole · 08-04-2008, 05:00 AM

Yeah, I am pretty much wondering the same thing. I need a method for replicating Active Directory to OpenLDAP for office authentication of applications on Linux servers where AD takes too long to reply sometimes and I think it would be more efficient to have OpenLDAP respond directly to these servers. Additionally, as mentioned, if OpenLDAP can replicate to OpenLDAP and AD to AD and they both use LDAP which is an open and free meta language then this should be possible.