Synchronize Active Directory with OpenLDAP

melive · 09-04-2012, 11:15 AM

I use AD (Active Directory) and OpenLDAP for authentication and repository data, but they have not the same data so I need to synchronize them.

Ex: If I add/delete a user/group to AD, i need to replicate the user/gruop in openldap, and if I add/delete a user/group to OpenLDAP, i need to replicate the user/gruop in AD.

Can any tell me if is there any way or software to synchronize AD and openldap?

Thanks

acid_kewpie · 09-05-2012, 04:30 AM

Can I suggest that you do NOT sync them? use openldap to overlay AD using the translucent overlay. Don't keep multiple copies of the data hanging around in the first place. One step further is to potentially ditch OpenLDAP altogether. Do you REALLY need it seeing as AD provides a perfectly good LDAP service in most common use cases.

melive · 09-05-2012, 04:24 PM

Thanks for reply, I have to use OpenLDAP and AD becouse the organization decided. Also, I need to authenticate users from java apps, so for java apps I need to create users inside groups of the DIT of OpenLDAP to determine the permissions of the user to the apps.

OpenLDAP can provide a proxy for connections to AD, but how can I determine the permissions of the user to an app??

Please, help me!