Printable View
Hello,
I have small network at my work place. I have Installed OpenLdap on Ubantu an i want to know about exporting user information from active directory to openldap. What was the procedure or steps should i do for this? Can you help me out? Any suggestion?
This was done using Windows using openldap 2.3.39 which came with the Cygwin distribution. For this you need software or SRVANY.EXE INSTSVR.EXE.Either install Cygwin from [url] www.cygwin.com [/ url] and include OpenLDAP, dbX.Y: Oracle Berkeley DB (dbX. Y - utilities), and sed kits supplied standard LDAP schema OpenLDAP does not include all the attributes required to import LDIF files from Active Directory.
For this reason, some patterns should be modified to include the following attributes:
inetperson.schema
Add:
attributeType (1.2.840.113556.1.2.210
ProxyAddresses NAME''
DESC 'rfc822 mail group member (s)'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
Department attributeType (1.1.2.1.1 NAME''
DESC 'Name of the department'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE)
Company attributeType (1.1.2.1.2 NAME''
Company Name DESC''
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE)
Install OpenLDAP Service.The above removes the objectClasses complicate things, and to rename streetAddress postalAddress or Outlook does not show the address. Note: doing this means that Thunderbird will not show the address.
Getting Active Directory for Microsoft to communicate with anything not built by Microsoft may be a real challenge. This guide will explain how to configure and use the OpenLDAP tools such as ldapsearch to communicate with Active Directory (AD) server using Secure Sockets Layer (SSL). It does not performing any type of synchronization with the OpenLDAP server (slapd). Once you've got this set up correctly, however, you can use the resulting configuration to get things like pam_ldap and nss_ldap (CNS in our product) to work with active Directory.n order to establish the SSL communication base it is only necessary to have a copy of the CA certificate on each client who wants to communicate with the server.
In this guide I'll show you how to perform the following tasks:
1. Set up the CA on the AD server.
2. Export AD server CA certificate.
3. Convert the certificate in PEM format.
4. Install the certificate if necessary.
5. Test using ldapsearch.
The steps below assume that you have a working installation of OpenLDAP on a supported platform such as Linux, SunOS, HP-UX or AIX. If you do not have such a facility.
You should be able to access any tree in the Active Directery directly using LDAP queries. AD is basically just an LDAP server built into the Windows ecosystem (although I am not an expert, just interested!). LDAP servers do not store things in an encrypted form that you see (in an LDAP browser) is what you get. Just for any AD query and you get an LDIF file for the entire lot (or something like that). I used the java "LdapBrowser" graphical interface for viewing a ADS server and dumping LDIF files in the past. You may need to be read Privilege on the whole tree to access any. To authenticate your client area, you must be joined to the domain by domain administrator.BTW The Fedora Directory Server is an excellent alternative to OpenLDAP with excellent administration tools. Now that I think, I think Fedora DS has some tools specifically for the migration of active service Directery.