Hello list,
I set-up a meta proxy server (hopefully that term is correct), to combine information from an AD-server and an ldap-server. For some reasons (historical?) both are running and provide mostly different attributes.
In principle it seems to work, as I get information from both defined systems - but I don't get all information as there're not the same attributes on AD and ldap. For example, the unique userID on AD is "cn" and "sAMAccountName", on ldap its "uid". So, when doing a: ldapsearch "(uid=USERID)" -H ldap://metaldapserver... I will get information from the defined ldap-server only, and when doing a ldapsearch "(cn=USERID)" -H ldap://metaldapserver... I will get information from the defined AD-server only.
Is there still a way to combine both infomation?
Debian Bullseye with Symas OpenLDAP Server, slapd 2.6.3
Cheers, Torsten
Hello,
What do you call a meta proxy server ? Do you use slapd with two databases using back_ldap ? Do you use slapd with an unique database and sync data from both AD & LDAP server to this unique database ?
If you have multiple databases, you can't expect to have all information combine in the result of an unique request. Slapd will select the database to request according the base DN of the query (-b parameter of ldapsearch).
If you want to merge information about a same user (for instance) from both AD & LDAP directories in an unique user object in your meta LDAP directory, I mean you have to code a merging tool that request your AD & LDAP directories and put the merged resulting object in your meta directory.
Regards,
Le 16/11/2022 à 12:52, lists@zxt10d.de a écrit :
Hello list,
I set-up a meta proxy server (hopefully that term is correct), to combine information from an AD-server and an ldap-server. For some reasons (historical?) both are running and provide mostly different attributes.
In principle it seems to work, as I get information from both defined systems - but I don't get all information as there're not the same attributes on AD and ldap. For example, the unique userID on AD is "cn" and "sAMAccountName", on ldap its "uid". So, when doing a: ldapsearch "(uid=USERID)" -H ldap://metaldapserver... I will get information from the defined ldap-server only, and when doing a ldapsearch "(cn=USERID)" -H ldap://metaldapserver... I will get information from the defined AD-server only.
Is there still a way to combine both infomation?
Debian Bullseye with Symas OpenLDAP Server, slapd 2.6.3
Cheers, Torsten
Benjamin Renard wrote:
Hello,
What do you call a meta proxy server ? Do you use slapd with two databases using back_ldap ?
Sounds like just using the slapd-meta(5) backend.
Do you use slapd with an unique database and sync data from both AD & LDAP server to this unique database ?
Hello,
Am 17.11.2022 um 10:44 schrieb Benjamin Renard:
Hello,
What do you call a meta proxy server ? Do you use slapd with two databases using back_ldap ? Do you use slapd with an unique database and sync data from both AD & LDAP server to this unique database ?
Yes.
If you have multiple databases, you can't expect to have all information combine in the result of an unique request. Slapd will select the database to request according the base DN of the query (-b parameter of ldapsearch).
Ahh ... okay. Then I misunderstood that.
If you want to merge information about a same user (for instance) from both AD & LDAP directories in an unique user object in your meta LDAP directory, I mean you have to code a merging tool that request your AD & LDAP directories and put the merged resulting object in your meta directory.
Thank you very much for that explanation! :)
Regards,
Cheers, Torsten
Le 16/11/2022 à 12:52, lists@zxt10d.de a écrit :
Hello list,
I set-up a meta proxy server (hopefully that term is correct), to combine information from an AD-server and an ldap-server. For some reasons (historical?) both are running and provide mostly different attributes.
In principle it seems to work, as I get information from both defined systems - but I don't get all information as there're not the same attributes on AD and ldap. For example, the unique userID on AD is "cn" and "sAMAccountName", on ldap its "uid". So, when doing a: ldapsearch "(uid=USERID)" -H ldap://metaldapserver... I will get information from the defined ldap-server only, and when doing a ldapsearch "(cn=USERID)" -H ldap://metaldapserver... I will get information from the defined AD-server only.
Is there still a way to combine both infomation?
Debian Bullseye with Symas OpenLDAP Server, slapd 2.6.3
Cheers, Torsten
-- Benjamin Renard - Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37 -mailto:brenard@easter-eggs.com
openldap-technical@openldap.org
-
Benjamin Renard -
Howard Chu -
lists@zxt10d.de