Good Day,
I am having to migrate from eDirectory to OpenLDAP as we getting rid of eDirectory Services. When setting up OpenLDAP I have as example the following :
cn=user,ou=Users,ou=Location,o=LDAP,dc=Company,dc=com
... but in eDirectory it was just :
cn=user,ou=Users,ou=Location,o=LDAP
OpenLDAP Would not let me create as above since I got the following error when not initially creating a dc= :
LDAP: error code 53 - no global superior
The reason I need this is, is that the user that binds to LDAP on all servers uses the notation :
cn=user,ou=Users,ou=Location,o=LDAP
... and we do not want to reconfigure all servers, several hundred of them. Is there some way that we can partition so the above format can still be used ?
Regards
Am Thu, 20 Oct 2016 15:49:24 +0200 schrieb Shaun Glass shaunglass@gmail.com:
Good Day,
I am having to migrate from eDirectory to OpenLDAP as we getting rid of eDirectory Services. When setting up OpenLDAP I have as example the following :
cn=user,ou=Users,ou=Location,o=LDAP,dc=Company,dc=com
... but in eDirectory it was just :
cn=user,ou=Users,ou=Location,o=LDAP
this is a valid DN, I myself run a few directories with 'o' RDN.
OpenLDAP Would not let me create as above since I got the following error when not initially creating a dc= :
LDAP: error code 53 - no global superior
result code 53 is 'unwilling to perform', there must be something else wrong in your setup und your configuration.
-Dieter
Hi,
According to my experience working with eDirectory is quite tricky, especially if you have to align it with directories such as OpenLDAP. E.g. it looks to be common practice in eDirectory to modify the definition of standard object classes such as inetOrgPerson. EDirectory maintains reciprocal group membership attributes in somehow unusual way, the DN conventions are all different, account enable/disable is different and generally speaking there is a lot of little differences that need to be taken care of.
We have a deployment when we run and synchronize OpenLDAP and eDirectory using midPoint. We even had to create a special eDirectory connector for this as stock LDAP connector could not easily handle eDirectory peculiarities. MidPoint is built to rewrite the DNs, object classes and actually anything else that needs to be done. I'm sure that this approach works. But please note that midPoint is a comprehensive IDM system and it may not be entirely easy to set it up.
Am Thu, 20 Oct 2016 15:49:24 +0200 schrieb Shaun Glass shaunglass@gmail.com:
Good Day,
I am having to migrate from eDirectory to OpenLDAP as we getting rid of eDirectory Services. When setting up OpenLDAP I have as example the following :
cn=user,ou=Users,ou=Location,o=LDAP,dc=Company,dc=com
... but in eDirectory it was just :
cn=user,ou=Users,ou=Location,o=LDAP
[...]
please post attributes and objectclasses of the first object.
-Dieter
openldap-technical@openldap.org
-
Dieter Klünter -
Radovan Semancik -
Shaun Glass