I am running open ldap server in redhat server, and active directory in win server 2008. I have admin access to both servers.
The thing is that i have to sync both server, like from openldap i could access active directory data.
Can it be possible? If possible then then please give me some information that i could proceed this task.
I have tried some thing like using openldap admin guide
syncrepl rid=001 provider=ldap://IP of AD server/ binddn="cn=replicator,dc=suretecsystems,dc=com" bindmethod=simple credentials=Password of AD server searchbase="dc=suretecsystems,dc=com" type=refreshAndPersist retry="5 5 300 5"
I don't how much i am right. Or is there any different way? Please help me to solve this.
I any person is willing to help me and require more detail about this problem i will reply that.
On 3/24/13, Suman Karki sumankarki16@gmail.com wrote:
I am running open ldap server in redhat server, and active directory in win server 2008. I have admin access to both servers.
The thing is that i have to sync both server, like from openldap i could access active directory data.
Can it be possible? If possible then then please give me some information that i could proceed this task.
I have tried some thing like using openldap admin guide
syncrepl rid=001 provider=ldap://IP of AD server/ binddn="cn=replicator,dc=suretecsystems,dc=com" bindmethod=simple credentials=Password of AD server searchbase="dc=suretecsystems,dc=com" type=refreshAndPersist retry="5 5 300 5"
I don't how much i am right. Or is there any different way? Please help me to solve this.
Sorry for the top posting
no, it is not possible to do what you are trying to do, not so simply. There are solution for synch different ldap product, free and commercial. In a very old oreilly ldap book the topic is also discussed somehow, iirc. In effect the ietf effort to create an multiple vendor ldap synch repl standard is failed, in retrospect, i think.
Best
2013/3/24, Suman Karki sumankarki16@gmail.com:
I any person is willing to help me and require more detail about this problem i will reply that.
On 3/24/13, Suman Karki sumankarki16@gmail.com wrote:
I am running open ldap server in redhat server, and active directory in win server 2008. I have admin access to both servers.
The thing is that i have to sync both server, like from openldap i could access active directory data.
Can it be possible? If possible then then please give me some information that i could proceed this task.
I have tried some thing like using openldap admin guide
syncrepl rid=001 provider=ldap://IP of AD server/ binddn="cn=replicator,dc=suretecsystems,dc=com" bindmethod=simple credentials=Password of AD server searchbase="dc=suretecsystems,dc=com" type=refreshAndPersist retry="5 5 300 5"
I don't how much i am right. Or is there any different way? Please help me to solve this.
devzero2000 wrote:
Sorry for the top posting
no, it is not possible to do what you are trying to do, not so simply. There are solution for synch different ldap product, free and commercial. In a very old oreilly ldap book the topic is also discussed somehow, iirc. In effect the ietf effort to create an multiple vendor ldap synch repl standard is failed, in retrospect, i think.
The IETF succeeded, and RFC4533 is the result. Currently OpenLDAP and Apache Directory support it, I'm not aware of anyone else.
Best
2013/3/24, Suman Karki sumankarki16@gmail.com:
I any person is willing to help me and require more detail about this problem i will reply that.
On 3/24/13, Suman Karki sumankarki16@gmail.com wrote:
I am running open ldap server in redhat server, and active directory in win server 2008. I have admin access to both servers.
The thing is that i have to sync both server, like from openldap i could access active directory data.
Can it be possible? If possible then then please give me some information that i could proceed this task.
I have tried some thing like using openldap admin guide
syncrepl rid=001 provider=ldap://IP of AD server/ binddn="cn=replicator,dc=suretecsystems,dc=com" bindmethod=simple credentials=Password of AD server searchbase="dc=suretecsystems,dc=com" type=refreshAndPersist retry="5 5 300 5"
I don't how much i am right. Or is there any different way? Please help me to solve this.
On Sunday, March 24, 2013 at 14:11 , Howard Chu wrote:
devzero2000 wrote:
Sorry for the top posting
no, it is not possible to do what you are trying to do, not so simply. There are solution for synch different ldap product, free and commercial. In a very old oreilly ldap book the topic is also discussed somehow, iirc. In effect the ietf effort to create an multiple vendor ldap synch repl standard is failed, in retrospect, i think.
The IETF succeeded, and RFC4533 is the result. Currently OpenLDAP and Apache Directory support it, I'm not aware of anyone else.
I wouldn't say that IETF succeeded. RFC4533 is an experimental document and in no way represents a consensus on how to do LDAP synchronization or replication.
Regards,
Ludovic.
Ludovic Poitou wrote:
On Sunday, March 24, 2013 at 14:11 , Howard Chu wrote:
devzero2000 wrote:
Sorry for the top posting
no, it is not possible to do what you are trying to do, not so simply. There are solution for synch different ldap product, free and commercial. In a very old oreilly ldap book the topic is also discussed somehow, iirc. In effect the ietf effort to create an multiple vendor ldap synch repl standard is failed, in retrospect, i think.
The IETF succeeded, and RFC4533 is the result. Currently OpenLDAP and Apache Directory support it, I'm not aware of anyone else.
I wouldn't say that IETF succeeded. RFC4533 is an experimental document and in no way represents a consensus on how to do LDAP synchronization or replication.
Perhaps no consensus today, but the existence of two interoperable independently developed implementations means the experiment succeeded. That's more than any other replication spec for LDAP can claim.
Regards,
Ludovic.
Ludovic Poitou http://ludopoitou.wordpress.com
Best
2013/3/24, Suman Karki <sumankarki16@gmail.com mailto:sumankarki16@gmail.com>:
I any person is willing to help me and require more detail about this problem i will reply that.
On 3/24/13, Suman Karki <sumankarki16@gmail.com mailto:sumankarki16@gmail.com> wrote:
I am running open ldap server in redhat server, and active directory in win server 2008. I have admin access to both servers.
The thing is that i have to sync both server, like from openldap i could access active directory data.
Can it be possible? If possible then then please give me some information that i could proceed this task.
I have tried some thing like using openldap admin guide
syncrepl rid=001 provider=ldap://IP of AD server/ binddn="cn=replicator,dc=suretecsystems,dc=com" bindmethod=simple credentials=Password of AD server searchbase="dc=suretecsystems,dc=com" type=refreshAndPersist retry="5 5 300 5"
I don't how much i am right. Or is there any different way? Please help me to solve this.
Howard,
I don't dispute the 2 implementations. 2 doesn't make a standard though, even if it's more than any other LDAP replication spec. My main point is that RFC4533 is not a standard but describes an experimentation.
Regards,
Ludo
all are right: 1.) The IETF LDUP working did fail to produce a standard LDAP server server replication protocol
2.) sync repl is the nearest we have to a standard LDAP server server replication protocol. I doubt that Microsoft will ever support it though.
Thus to come back to the original question: instead of replication you need synchronization between OpenLDAP and Active Directory. And there are a lot of such solutions around.
Cheers,
Peter
Am 24.03.2013 16:46, schrieb Ludovic Poitou:
Howard,
I don't dispute the 2 implementations. 2 doesn't make a standard though, even if it's more than any other LDAP replication spec. My main point is that RFC4533 is not a standard but describes an experimentation.
Regards,
Ludo
-- Ludovic Poitou http://ludopoitou.wordpress.com
On Sunday, March 24, 2013 at 16:33 , Howard Chu wrote:
Ludovic Poitou wrote:
On Sunday, March 24, 2013 at 14:11 , Howard Chu wrote:
devzero2000 wrote:
Sorry for the top posting
no, it is not possible to do what you are trying to do, not so simply. There are solution for synch different ldap product, free and commercial. In a very old oreilly ldap book the topic is also discussed somehow, iirc. In effect the ietf effort to create an multiple vendor ldap synch repl standard is failed, in retrospect, i think.
The IETF succeeded, and RFC4533 is the result. Currently OpenLDAP and Apache Directory support it, I'm not aware of anyone else.
I wouldn't say that IETF succeeded. RFC4533 is an experimental document and in no way represents a consensus on how to do LDAP synchronization or replication.
Perhaps no consensus today, but the existence of two interoperable independently developed implementations means the experiment succeeded. That's more than any other replication spec for LDAP can claim.
Regards,
Ludovic.
Ludovic Poitou http://ludopoitou.wordpress.com
Best
2013/3/24, Suman Karki <sumankarki16@gmail.com mailto:sumankarki16@gmail.com mailto:sumankarki16@gmail.com>:
I any person is willing to help me and require more detail about this problem i will reply that.
On 3/24/13, Suman Karki <sumankarki16@gmail.com mailto:sumankarki16@gmail.com mailto:sumankarki16@gmail.com> wrote: > I am running open ldap server in redhat server, and active directory > in win server 2008. > I have admin access to both servers. > > The thing is that i have to sync both server, like from openldap i > could access active directory data. > > Can it be possible? > If possible then then please give me some information that i could > proceed this task. > > I have tried some thing like using openldap admin guide > > syncrepl rid=001 > provider=ldap://IP of AD server/ > binddn="cn=replicator,dc=suretecsystems,dc=com" > bindmethod=simple > credentials=Password of AD server > searchbase="dc=suretecsystems,dc=com" > type=refreshAndPersist > retry="5 5 300 5" > > > > I don't how much i am right. > Or is there any different way? Please help me to solve this.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
I know, everyone know. But if many vendor had Decided to don't follow these standards mean that there are not business reason to follow it. Sad, but true.
If something after ten or more years don't succed, failed. It is like quantum crypto, a solution in search of a problem.
My opinion of course.
Best regards
2013/3/24, Howard Chu hyc@symas.com:
devzero2000 wrote:
Sorry for the top posting
no, it is not possible to do what you are trying to do, not so simply. There are solution for synch different ldap product, free and commercial. In a very old oreilly ldap book the topic is also discussed somehow, iirc. In effect the ietf effort to create an multiple vendor ldap synch repl standard is failed, in retrospect, i think.
The IETF succeeded, and RFC4533 is the result. Currently OpenLDAP and Apache
Directory support it, I'm not aware of anyone else.
Best
2013/3/24, Suman Karki sumankarki16@gmail.com:
I any person is willing to help me and require more detail about this problem i will reply that.
On 3/24/13, Suman Karki sumankarki16@gmail.com wrote:
I am running open ldap server in redhat server, and active directory in win server 2008. I have admin access to both servers.
The thing is that i have to sync both server, like from openldap i could access active directory data.
Can it be possible? If possible then then please give me some information that i could proceed this task.
I have tried some thing like using openldap admin guide
syncrepl rid=001 provider=ldap://IP of AD server/ binddn="cn=replicator,dc=suretecsystems,dc=com" bindmethod=simple credentials=Password of AD server searchbase="dc=suretecsystems,dc=com" type=refreshAndPersist retry="5 5 300 5"
I don't how much i am right. Or is there any different way? Please help me to solve this.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
devzero2000 wrote:
I know, everyone know. But if many vendor had Decided to don't follow these standards mean that there are not business reason to follow it. Sad, but true.
Sure. But in most cases the business reason for those other vendors is "we no longer invest in LDAP technology" or they just plain aren't in business any more. Projects like OpenLDAP and Apache Directory continue to explore new technologies and advance the state of the art.
2013/3/24, Howard Chu hyc@symas.com:
devzero2000 wrote:
Sorry for the top posting
no, it is not possible to do what you are trying to do, not so simply. There are solution for synch different ldap product, free and commercial. In a very old oreilly ldap book the topic is also discussed somehow, iirc. In effect the ietf effort to create an multiple vendor ldap synch repl standard is failed, in retrospect, i think.
The IETF succeeded, and RFC4533 is the result. Currently OpenLDAP and Apache
Directory support it, I'm not aware of anyone else.
Best
2013/3/24, Suman Karki sumankarki16@gmail.com:
I any person is willing to help me and require more detail about this problem i will reply that.
On 3/24/13, Suman Karki sumankarki16@gmail.com wrote:
I am running open ldap server in redhat server, and active directory in win server 2008. I have admin access to both servers.
The thing is that i have to sync both server, like from openldap i could access active directory data.
Can it be possible? If possible then then please give me some information that i could proceed this task.
I have tried some thing like using openldap admin guide
syncrepl rid=001 provider=ldap://IP of AD server/ binddn="cn=replicator,dc=suretecsystems,dc=com" bindmethod=simple credentials=Password of AD server searchbase="dc=suretecsystems,dc=com" type=refreshAndPersist retry="5 5 300 5"
I don't how much i am right. Or is there any different way? Please help me to solve this.
Howard Chu wrote:
devzero2000 wrote:
I know, everyone know. But if many vendor had Decided to don't follow these standards mean that there are not business reason to follow it. Sad, but true.
Sure. But in most cases the business reason for those other vendors is "we no longer invest in LDAP technology" or they just plain aren't in business any more.
This statement is dumb nonsense in this context.
Ciao, Michael.
openldap-technical@openldap.org
-
devzero2000 -
Howard Chu -
Ludovic Poitou -
Michael Ströder -
Peter Gietz -
Suman Karki