Hi,
I am working on authenticating OpenLDAP client with AD server. I saw lots of examples which map the rfc2307bis schema using nss_schema attribute in ldap.conf file
# Enable support for RFC2307bis (distinguished names in group # members) nss_schema rfc2307bis
and also, map the attributes of the rfc2307bis to the AD server schema attributes.
nss_map_attribute uid msSFU30Name nss_map_attribute uidNumber msSFU30UidNumber nss_map_attribute gidNumber msSFU30GidNumber nss_map_attribute loginShell msSFU30LoginShell nss_map_attribute gecos name nss_map_attribute userPassword msSFU30Password nss_map_attribute homeDirectory msSFU30HomeDirectory
Isn't there a way I can fetch the schema from the AD server and set it using nss_schema ?.
Basically, I am looking at fetching the schema/objectClass/Attributes from the LDAP/AD server and make them as a client schema's so that I don't have to keep doing the mapping using nss_map_attribute and nss_schema.
I am new to LDAP world, and I am sorry if I my question doesn't make any sense.
I have seen lots of enterprise products which integrate with LDAP/AD. They provide a user interface to map the server side schema objectClass and attributes. I am trying to see if I can get rid of this and do it internally.
Thanks, Vinay
Hi vinay,
you may take a look at this: http://sourceforge.net/projects/acctsync/
It's not exactly what you want, but can help you reaching the goal. :)
Bye, Benjamin.
On Sat, Oct 23, 2010 at 12:22, Vinay Kalkoti kalkoti.vinay@gmail.com wrote:
Hi,
I am working on authenticating OpenLDAP client with AD server. I saw lots of examples which map the rfc2307bis schema using nss_schema attribute in ldap.conf file
# Enable support for RFC2307bis (distinguished names in group # members) nss_schema rfc2307bis
and also, map the attributes of the rfc2307bis to the AD server schema attributes.
nss_map_attribute uid msSFU30Name nss_map_attribute uidNumber msSFU30UidNumber nss_map_attribute gidNumber msSFU30GidNumber nss_map_attribute loginShell msSFU30LoginShell nss_map_attribute gecos name nss_map_attribute userPassword msSFU30Password nss_map_attribute homeDirectory msSFU30HomeDirectory
Isn't there a way I can fetch the schema from the AD server and set it using nss_schema ?.
Basically, I am looking at fetching the schema/objectClass/Attributes from the LDAP/AD server and make them as a client schema's so that I don't have to keep doing the mapping using nss_map_attribute and nss_schema.
I am new to LDAP world, and I am sorry if I my question doesn't make any sense.
I have seen lots of enterprise products which integrate with LDAP/AD. They provide a user interface to map the server side schema objectClass and attributes. I am trying to see if I can get rid of this and do it internally.
Thanks, Vinay
Hi Benjamin,
Are you hinting at running the openldap server instead of openldap client and sync the required accounts using replication and authenticate againt the openldap server locally ?
Thanks, Vinay
On 10/23/10, Benjamin Griese der.darude@gmail.com wrote:
Hi vinay,
you may take a look at this: http://sourceforge.net/projects/acctsync/
It's not exactly what you want, but can help you reaching the goal. :)
Bye, Benjamin.
On Sat, Oct 23, 2010 at 12:22, Vinay Kalkoti kalkoti.vinay@gmail.com wrote:
Hi,
I am working on authenticating OpenLDAP client with AD server. I saw lots of examples which map the rfc2307bis schema using nss_schema attribute in ldap.conf file
# Enable support for RFC2307bis (distinguished names in group # members) nss_schema rfc2307bis
and also, map the attributes of the rfc2307bis to the AD server schema attributes.
nss_map_attribute uid msSFU30Name nss_map_attribute uidNumber msSFU30UidNumber nss_map_attribute gidNumber msSFU30GidNumber nss_map_attribute loginShell msSFU30LoginShell nss_map_attribute gecos name nss_map_attribute userPassword msSFU30Password nss_map_attribute homeDirectory msSFU30HomeDirectory
Isn't there a way I can fetch the schema from the AD server and set it using nss_schema ?.
Basically, I am looking at fetching the schema/objectClass/Attributes from the LDAP/AD server and make them as a client schema's so that I don't have to keep doing the mapping using nss_map_attribute and nss_schema.
I am new to LDAP world, and I am sorry if I my question doesn't make any sense.
I have seen lots of enterprise products which integrate with LDAP/AD. They provide a user interface to map the server side schema objectClass and attributes. I am trying to see if I can get rid of this and do it internally.
Thanks, Vinay
-- To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra
Hi,
yes that is another possibility I wanted to show you. By searching I found another, but probably not open, method to do it. http://www.likewise.com/
Good luck.
On Sat, Oct 23, 2010 at 14:52, Vinay Kalkoti kalkoti.vinay@gmail.com wrote:
Hi Benjamin,
Are you hinting at running the openldap server instead of openldap client and sync the required accounts using replication and authenticate againt the openldap server locally ?
Thanks, Vinay
On 10/23/10, Benjamin Griese der.darude@gmail.com wrote:
Hi vinay,
you may take a look at this: http://sourceforge.net/projects/acctsync/
It's not exactly what you want, but can help you reaching the goal. :)
Bye, Benjamin.
On Sat, Oct 23, 2010 at 12:22, Vinay Kalkoti kalkoti.vinay@gmail.com wrote:
Hi,
I am working on authenticating OpenLDAP client with AD server. I saw lots of examples which map the rfc2307bis schema using nss_schema attribute in ldap.conf file
# Enable support for RFC2307bis (distinguished names in group # members) nss_schema rfc2307bis
and also, map the attributes of the rfc2307bis to the AD server schema attributes.
nss_map_attribute uid msSFU30Name nss_map_attribute uidNumber msSFU30UidNumber nss_map_attribute gidNumber msSFU30GidNumber nss_map_attribute loginShell msSFU30LoginShell nss_map_attribute gecos name nss_map_attribute userPassword msSFU30Password nss_map_attribute homeDirectory msSFU30HomeDirectory
Isn't there a way I can fetch the schema from the AD server and set it using nss_schema ?.
Basically, I am looking at fetching the schema/objectClass/Attributes from the LDAP/AD server and make them as a client schema's so that I don't have to keep doing the mapping using nss_map_attribute and nss_schema.
I am new to LDAP world, and I am sorry if I my question doesn't make any sense.
I have seen lots of enterprise products which integrate with LDAP/AD. They provide a user interface to map the server side schema objectClass and attributes. I am trying to see if I can get rid of this and do it internally.
Thanks, Vinay
-- To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra
openldap-technical@openldap.org
-
Benjamin Griese -
Vinay Kalkoti