Full_Name: Howard Chu Version: 2.5 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (80.233.39.182) Submitted by: hyc

Code in master is now available for operating slapd as a replication consumer against Microsoft ActiveDirectory using their DirSync protocol. Note that no attempt has been made to work with anything other than user and group entries.

A sample config, based on the test017 syncrepl consumer config:

#### include ./schema/core.schema include ./schema/cosine.schema include ./schema/inetorgperson.schema include ./schema/nis.schema include ./schema/msuser.schema

attributeoptions range=

database mdb suffix "dc=ldapsync,dc=local" rootdn "cn=Replica,dc=ldapsync,dc=local" rootpw secret directory ./testrun/db.2.a index objectClass eq index cn,sn,uid pres,eq,sub index entryUUID,entryCSN eq

syncrepl rid=1 provider=ldap://ldapsync/ binddn="cn=Administrator,cn=users,dc=ldapsync,dc=local" bindmethod=simple credentials=MSAD-secret searchbase="dc=ldapsync,dc=local" filter="(|(objectClass=user)(objectclass=group))" schemachecking=off scope=sub type=dirSync interval=00:00:00:03 updateref ldap://ldapsync/

database monitor ####

Note that DirSync doesn't have a persist mode, it only works by refreshOnly-style polling. DirSync support for Modifications is quite braindead; the protocol has no way to indicate deletion of single-valued attributes. This has been left as-is for now, possibly some workarounds can be added for that later.