Active Directory and OpenLDAP

Posted on 2005-03-31
Medium Priority
Last Modified: 2012-06-27

Is there a way to merge or synchronize a windows 2003 active directory with a linux ldap server (open ldap)

Right now I have a linux ldap server the shop is primarily linux based.
as we grow serveral windows server and applications have poped up I want to centralize the logins to the ldap server that is already running.
The preferece I guess is to have the LDAP server as the master, since it is running and I have not created my Windows active directory domain.
Question by:JPROUTY
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

bkinsey earned 1000 total points
ID: 13677382
From the little bit of looking I've done in this area, there are a few different approaches to what you're asking, depending on exactly what you need (and how much you can afford to spend):

1) A Metadirectory that overlays both your existing LDAP directory and your AD - haven't looked much at this; probably expensive as heck, and adds another layer of overhead that we don't want or need, but may be the best technical solution to the problem, in terms of full-blown access to all of both directories.

2) A commercial LDAP sync product.  There are a bunch out there, but most will cost at least half and arm and leg.  

Two examples:
HP's LDAP Direcotory Synchronizer - Costs $20K


I think Sun has a product that they will give away, but only to Education/non-profits, etc.

3) Partial synchronization only (i.e. Accounts/passwords) There is at least one open source product I'm aware of if all you need is user synch - LDAP account synch

4) LDAP referrals - I'm out of my depth here, but it's on my list of things to look into.  As I understand it, you're basically just proxying LDAP requests from one directory to another, rather than actually synching the two.

One other thing you might look into, if you don't want or need a full blown AD deployment, and just need it to support certain applications, is the new AD Application Mode.  

Good luck, and I hope this helps get you looking in the right direction. . .
LVL 30

Assisted Solution

pgm554 earned 1000 total points
ID: 13685532
Novell EDIR with DIRXML


Runs on Unix.Linux,AS400,Netware,Windows.

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question