• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1747
  • Last Modified:

Domino server and openLDAP

I'm trying to figure out how i can use my Domino LDAP server (Slave) to use openLDAP (Master). I'm running the server on Suse 9.3.
I was thinking to write shell scripts to transfer the files from domino to openLDAP.. would this work? if yes, where should i look in domino server?
  • 2
1 Solution
Sjef BosmanGroupware ConsultantCommented:
Found these for you:
    http://linuxfr.org/2004/01/14/15088.html (if you can read French...)

Anyway, you could put a question on the www.openldap.org forum for the same.

And there is this document about OpenLDAP:
Most Master/Salve systems I've seen don't rely on the time-based queries or deltas available in teh slave.  Instead, a sync process pulls the full slave directory, and compares it to teh previous pull, producing a delta of adds/changes/deletes to feed to the master... and then does a similar process in reverse (but for each slave, excluding the slave's own content from the delta).

So, this seems to be in line with your shell script idea.  Of course, you have to do some sort of schema mapping between teh directories in your scripts, but otheriwse, this should be fairly simple -- use an query library to get a full LDIF dump of Domino, sort, compare, done.

A few tricky things to watch out for in Domino.  Often, many aliases coexist in a single object, where in most LDAP directories, each alias would be a separate node, pointing to the "main" object.  This can be particularly unsettling when a user is renamed (the classic maiden/married name situation), where the old name exists in teh same record as the new name, in the same Domino field, as an alias.

Domino also typically uses its full text indexing capabilitioes to do a coarse search for your query, then takes teh matching data and further filters it for exact match... partially because of the sort of aliasing I mentioned, which can fool the full text search mechanism into returning records you don't want that then have to be culled out at a finer level of examination.  One problem with full text searhc is that the index itself can get out of date or corrupt, and I've never been able to ascertain whether the LDAP query mechanism in Domino makes sure that there are no such problems.
So, do you ahve a suvvessful implementation?

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now