3:52 a.m.
Hello list,
I set-up a meta proxy server (hopefully that term is correct), to
combine information from an AD-server and an ldap-server.
For some reasons (historical?) both are running and provide mostly
different attributes.
In principle it seems to work, as I get information from both defined
systems - but I don't get all information as there're not the same
attributes on AD and ldap.
For example, the unique userID on AD is "cn" and "sAMAccountName", on
ldap its "uid".
So, when doing a:
ldapsearch "(uid=USERID)" -H ldap://metaldapserver... I will get
information from the defined ldap-server only, and when doing a
ldapsearch "(cn=USERID)" -H ldap://metaldapserver... I will get
information from the defined AD-server only.
Is there still a way to combine both infomation?
Debian Bullseye with Symas OpenLDAP Server, slapd 2.6.3
Cheers,
Torsten
1:44 a.m.
Hello,
What do you call a meta proxy server ? Do you use slapd with two
databases using back_ldap ? Do you use slapd with an unique database and
sync data from both AD & LDAP server to this unique database ?
If you have multiple databases, you can't expect to have all information
combine in the result of an unique request. Slapd will select the
database to request according the base DN of the query (-b parameter of
ldapsearch).
If you want to merge information about a same user (for instance) from
both AD & LDAP directories in an unique user object in your meta LDAP
directory, I mean you have to code a merging tool that request your AD &
LDAP directories and put the merged resulting object in your meta directory.
Regards,
Le 16/11/2022 à 12:52, lists(a)zxt10d.de a écrit :
Hello list,
I set-up a meta proxy server (hopefully that term is correct), to
combine information from an AD-server and an ldap-server.
For some reasons (historical?) both are running and provide mostly
different attributes.
In principle it seems to work, as I get information from both defined
systems - but I don't get all information as there're not the same
attributes on AD and ldap.
For example, the unique userID on AD is "cn" and "sAMAccountName", on
ldap its "uid".
So, when doing a:
ldapsearch "(uid=USERID)" -H ldap://metaldapserver... I will get
information from the defined ldap-server only, and when doing a
ldapsearch "(cn=USERID)" -H ldap://metaldapserver... I will get
information from the defined AD-server only.
Is there still a way to combine both infomation?
Debian Bullseye with Symas OpenLDAP Server, slapd 2.6.3
Cheers,
Torsten
--
Benjamin Renard - Easter-eggs
44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité
Phone: +33 (0) 1 43 35 00 37 -mailto:brenard@easter-eggs.com
10:01 a.m.
Benjamin Renard wrote:
Hello,
What do you call a meta proxy server ? Do you use slapd with two databases using
back_ldap ?
Sounds like just using the slapd-meta(5) backend.
Do you use slapd with an unique database and sync data from both AD
& LDAP server to this unique database ?
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
1:20 a.m.
Hello,
Am 17.11.2022 um 10:44 schrieb Benjamin Renard:
Hello,
What do you call a meta proxy server ? Do you use slapd with two
databases using back_ldap ? Do you use slapd with an unique database and
sync data from both AD & LDAP server to this unique database ?
Yes.
If you have multiple databases, you can't expect to have all
information
combine in the result of an unique request. Slapd will select the
database to request according the base DN of the query (-b parameter of
ldapsearch).
Ahh ... okay. Then I misunderstood that.
If you want to merge information about a same user (for instance)
from
both AD & LDAP directories in an unique user object in your meta LDAP
directory, I mean you have to code a merging tool that request your AD &
LDAP directories and put the merged resulting object in your meta directory.
Thank you very much for that explanation! :)
Regards,
Cheers,
Torsten
> Le 16/11/2022 à 12:52, lists(a)zxt10d.de a écrit :
>> Hello list,
>>
>> I set-up a meta proxy server (hopefully that term is correct), to
>> combine information from an AD-server and an ldap-server.
>> For some reasons (historical?) both are running and provide mostly
>> different attributes.
>>
>> In principle it seems to work, as I get information from both defined
>> systems - but I don't get all information as there're not the same
>> attributes on AD and ldap.
>> For example, the unique userID on AD is "cn" and
"sAMAccountName", on
>> ldap its "uid".
>> So, when doing a:
>> ldapsearch "(uid=USERID)" -H ldap://metaldapserver... I will get
>> information from the defined ldap-server only, and when doing a
>> ldapsearch "(cn=USERID)" -H ldap://metaldapserver... I will get
>> information from the defined AD-server only.
>>
>> Is there still a way to combine both infomation?
>>
>> Debian Bullseye with Symas OpenLDAP Server, slapd 2.6.3
>>
>> Cheers,
>> Torsten
>
> --
> Benjamin Renard - Easter-eggs
> 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité
> Phone: +33 (0) 1 43 35 00 37 -mailto:brenard@easter-eggs.com
>
204
days inactive
206
days old
openldap-technical@openldap.org
3 comments
3 participants
participants (3)
-
Benjamin Renard -
Howard Chu -
lists@zxt10d.de