Hello,
I am seeking a simple integration between OpenLDAP and MS AD. The DIT structures are completely different but the Posix UIDs are the same. The integration is very simple because all we need to do is update the corresponding UID in AD whenever an entry changes in OpenLDAP (i.e. OpenLDAP is the master here).
I though it would be easy to use the overlays for this but after careful examination it is not what we need. All we need for the moment is to capture the entry write event in OpenLDAP and run an external subroutine/program/lib that connects to the AD and does the changes there. We already have the second part developed in Perl, that is, we have a Perl program that connects to AD and changes whatever we want. We now need to pass this program the data that have changed in OpenLDAP. We could turn the Perl program into an LDAP server as well so we could maybe use the overlays, so in this case, the Perl program would receive the LDAP, and translate that to AD. The other option is to use SLAPI and capture the change event and use that to connect to AD, maybe spawning a daemonized process in Perl in order not to hang OpenLDAP waiting for AD.
Anyway, if anyone can give us a hand as to how to approach this and what are the best alternatives to do this integration would be great. We would gladly publish this OpenLDAP to AD integration as OpenSource. Or if anyone happens to know if this already exists (but needs to be flexible because we need to translate from one DIT structure to the other with different schemas on each).
Thanks! Alex