Hi,
We are trying into migrate from Active Directory to Open LDAP. But, we getting problems with Schema Attributes. Can any one help us in this ?
Here, migrating means "NOT delegating Active Directory Services to Open LDAP" or/and authenticating Linux system with micro soft Active Directory services. We are looking for a solution, throgh which we can replace the existing Active Directory Service with Open LDAP server in linux ( We want import schems in Active Direcotory into Open LDAP). We know that, schema attributes for both the services are different.
RaghuNi.
Raghu Ni wrote:
Hi,
We are trying into migrate from Active Directory to Open LDAP. But, we getting problems with Schema Attributes. Can any one help us in this ?
I haven't worked with AD in a number of years, but I did do a large-scale migration to OpenLDAP this summer.
You have esentially two choices. 1. Write a schema that supports the AD attributes in OpenLDAP. 2. Write a script that converts the AD attributes to those used in the standard OpenLDAP schemas. This is the route I took and my script ended up being many hundreds of lines (in perl) and requires extensive testing, as even the smallest mistake can prevent the data from getting loaded.
Do you plan to open source it? I mean your scripts!
On 10/4/06, Atom Powers apowers@digipen.edu wrote:
Raghu Ni wrote:
Hi,
We are trying into migrate from Active Directory to Open LDAP. But, we getting problems with Schema Attributes. Can any one help us in this ?
I haven't worked with AD in a number of years, but I did do a large-scale migration to OpenLDAP this summer.
You have esentially two choices.
- Write a schema that supports the AD attributes in OpenLDAP.
- Write a script that converts the AD attributes to those used in the
standard OpenLDAP schemas. This is the route I took and my script ended up being many hundreds of lines (in perl) and requires extensive testing, as even the smallest mistake can prevent the data from getting loaded.
-- Perfection is just a word I use occasionally with mustard. --Atom Powers-- Systems Administrator DigiPen Institute of Technology (425) 895-4443
Gustavo Rios wrote:
Do you plan to open source it? I mean your scripts!
Can't, but it wouldn't do anybody any good anyway.
I was converting data from one openldap system to another one with a different schema. The script is very site-specific, with most of the code doing things like "if the data is for this kind of user, move them into this ou", and "if the host has an IP that looks like this, put it in this group".
The only thing I see that could be even remotely useful are the RegEx that I used to convert the host data from a custom schema to the domainRelatedObject+dNSDomain+ieee802Device schema.
On a different, somewhat related note, I have some scripts I use to pull DNS (named) and DHCP (isc-dhcpd) configurations data out of LDAP that would probably be a lot more useful, but this isn't the place to post them.
On 10/4/06, Atom Powers apowers@digipen.edu wrote:
Raghu Ni wrote:
Hi,
We are trying into migrate from Active Directory to Open LDAP. But, we getting problems with Schema Attributes. Can any one help us in this ?
I haven't worked with AD in a number of years, but I did do a large-scale migration to OpenLDAP this summer.
You have esentially two choices.
- Write a schema that supports the AD attributes in OpenLDAP.
- Write a script that converts the AD attributes to those used in the
standard OpenLDAP schemas. This is the route I took and my script ended up being many hundreds of lines (in perl) and requires extensive testing, as even the smallest mistake can prevent the data from getting loaded.
-- Perfection is just a word I use occasionally with mustard. --Atom Powers-- Systems Administrator DigiPen Institute of Technology (425) 895-4443
Remind me again what this has to do with OpenLDAP? I've never been able to mention Active Directory in a post before no matter what the context was and yet this thread can continue (let alone even get started) ?
Atom Powers wrote:
Gustavo Rios wrote:
Do you plan to open source it? I mean your scripts!
Can't, but it wouldn't do anybody any good anyway.
I was converting data from one openldap system to another one with a different schema. The script is very site-specific, with most of the code doing things like "if the data is for this kind of user, move them into this ou", and "if the host has an IP that looks like this, put it in this group".
The only thing I see that could be even remotely useful are the RegEx that I used to convert the host data from a custom schema to the domainRelatedObject+dNSDomain+ieee802Device schema.
On a different, somewhat related note, I have some scripts I use to pull DNS (named) and DHCP (isc-dhcpd) configurations data out of LDAP that would probably be a lot more useful, but this isn't the place to post them.
On 10/4/06, Atom Powers apowers@digipen.edu wrote:
Raghu Ni wrote:
Hi,
We are trying into migrate from Active Directory to Open LDAP.
But, we
getting problems with Schema Attributes. Can any one help us in
this ?
I haven't worked with AD in a number of years, but I did do a large-scale migration to OpenLDAP this summer.
You have esentially two choices.
- Write a schema that supports the AD attributes in OpenLDAP.
- Write a script that converts the AD attributes to those used in the
standard OpenLDAP schemas. This is the route I took and my script ended up being many hundreds of lines (in perl) and requires extensive testing, as even the smallest mistake can prevent the data from getting loaded.
-- Perfection is just a word I use occasionally with mustard. --Atom Powers-- Systems Administrator DigiPen Institute of Technology (425) 895-4443
At 03:21 PM 10/4/2006, Brandon McCombs wrote:
Remind me again what this has to do with OpenLDAP?
You are quite right that there is nothing terrible OpenLDAP specific in this thread. The thread is now closed.
I've never been able to mention Active Directory in a post before no matter what the context was and yet this thread can continue (let alone even get started) ?
Moderation errors do occasionally happen...
Kurt
PS: We ask folks not to mention other software so as to avoid unintentional off-topic discussion. It's not the mention that's improper, it's the off-topic discussion that's improper. Or to put it another way, it's hard to discuss the particulars of other software without mentioning it.
openldap-software@openldap.org
-
Atom Powers -
Brandon McCombs -
Gustavo Rios -
Kurt D. Zeilenga -
Raghu Ni