• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 858
  • Last Modified:

Active Directory and OpenLDAP


Is there a way to merge or synchronize a windows 2003 active directory with a linux ldap server (open ldap)

Right now I have a linux ldap server the shop is primarily linux based.
as we grow serveral windows server and applications have poped up I want to centralize the logins to the ldap server that is already running.
The preferece I guess is to have the LDAP server as the master, since it is running and I have not created my Windows active directory domain.
0
JPROUTY
Asked:
JPROUTY
2 Solutions
 
bkinseyCommented:
From the little bit of looking I've done in this area, there are a few different approaches to what you're asking, depending on exactly what you need (and how much you can afford to spend):

1) A Metadirectory that overlays both your existing LDAP directory and your AD - haven't looked much at this; probably expensive as heck, and adds another layer of overhead that we don't want or need, but may be the best technical solution to the problem, in terms of full-blown access to all of both directories.

2) A commercial LDAP sync product.  There are a bunch out there, but most will cost at least half and arm and leg.  

Two examples:
HP's LDAP Direcotory Synchronizer - Costs $20K
http://h20219.www2.hp.com/services/cache/11212-0-0-225-121.html

http://www.persistentdata.com/products/p_ensure.html

I think Sun has a product that they will give away, but only to Education/non-profits, etc.

3) Partial synchronization only (i.e. Accounts/passwords) There is at least one open source product I'm aware of if all you need is user synch - LDAP account synch
https://sourceforge.net/projects/acctsync/

4) LDAP referrals - I'm out of my depth here, but it's on my list of things to look into.  As I understand it, you're basically just proxying LDAP requests from one directory to another, rather than actually synching the two.

One other thing you might look into, if you don't want or need a full blown AD deployment, and just need it to support certain applications, is the new AD Application Mode.  
http://www.microsoft.com/windowsserver2003/adam/default.mspx

Good luck, and I hope this helps get you looking in the right direction. . .
0
 
pgm554Commented:
Novell EDIR with DIRXML


http://www.novell.com/products/dirxml/

Runs on Unix.Linux,AS400,Netware,Windows.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now