Thanks all for the responses especially Jonathan for that useful link to LSC. I think replication is the wrong word for my requirements, my apologies. All I need to pull from AD to LDAP are unique user-ids such that when a user gets created in AD, it's userid should get populated in LDAP and when the user gets deleted from AD, again, the userid should get deleted from LDAP. So I just need to sync cn,sn, and the sAMAccountName attributes from AD to LDAP. The "person" object would have more attributes like public certificates or keys that would be populated later by the user. And, I am not looking at AD to do either authentication or pull passwords to LDAP.
- Siddhartha
-----Original Message----- From: openldap-technical-bounces+sjain=silverspringnet.com@openldap.org [mailto:openldap-technical-bounces+sjain=silverspringnet.com@openldap.org] On Behalf Of Jonathan Clarke Sent: Monday, February 22, 2010 10:10 AM To: Stefan Jurisch Cc: openldap-technical@openldap.org Subject: Re: Syncrepl for AD replication
On 21/02/2010 11:26, Stefan Jurisch wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
Am 20.02.2010 17:28, schrieb Dieter Kluenter:
I am looking to setup a LDAP server that can pull certain user attributes from Active Directory like userid (sAMAccountName), cn, sn and populate some other attributes like public keys via user input.
Is it possible to automate the AD to LDAP replication using syncrepl? Also, looking at syncrepl documentation, it isn't clear how syncrepl adds records? For example, if a new user gets added on the master, how does the replica know what objectclasses to include while adding that user?
Ask Microsoft to implement RFC-4533 into AD.
That would be the best thing to do; but there are some posibilities to do some sort of repl on other ways.
Indeed. May I suggest you take a look at Ldap Synchronization Connector (LSC), which can easily be used to synchronize some attributes to/from AD.
This page lists some tips when trying to read/synchronize with Active Directory (they are general tips, not LSC-specific): http://lsc-project.org/wiki/documentation/1.1/howtos/activedirectory
Hope this helps, Jonathan