How to create an LDAP server based on an existing one that I don't have direct access to...
Posted on 2011-03-25
Hello all – I’m going to break this post up into different sections so it’s easier to read/follow.
BACKGROUND – I work for a big copier/printer company. We use ServiceDesk Plus (SDP) as our ticketing software here at our helpdesk. Currently, the only thing we use it for is to keep track of helpdesk tickets, but it has a lot more functionality. I’ve recently been tasked with utilizing some of its more advanced features. To help facilitate that endeavor, it has become necessary to create unique accounts (2000+) within SDP for each of our employees. This would be easy if all of our employees were on a domain/Active Directory that I had direct access to (AD accounts are currently controlled by a 3rd party). I do not. And I’m not about to do that much data entry manually if I can avoid it. Part two of my assignment is to demonstrate how our copiers can copy/scan documents and email them directly to a company employee using LDAP. Again, this would be easy if I had admin access to our AD/Exchange. I do not.
OBJECTIVES – In short, my objectives are to create 2000+ SDP accounts, and create my own LDAP server that I can use to access from our copiers/printers for demo purposes. In my world, it seems to me that I should be able to link the two objectives. If you’re asking yourself how/why the two are even related, it’s because I need to regularly be able to update the accounts in SDP as employee turnover happens. Rather than making manual updates as needed, I would like to just run an export/import from an LDAP server to the SDP server. This is where I would hopefully accomplish two objectives with one solution. The copiers could access the LDAP server I setup, and I can regularly run updates to the SDP server via this same LDAP server. How do I populate the LDAP server you might ask? See my “dilemma” below.
DILEMMA – I do not have access to the domain accounts, so I cannot just do a straight export/import into SDP. And as may or may not be inherently obvious, the same people who control all of our domain accounts, control our MS Exchange accounts as well. So the only thing that I DO have access to with regards to identifying all of our employees, is the Global Address Book. </BeginSarcasm>Yay</EndSarcasm>.
BRAINSTORM - The “solution” I have worked out in my head and the part where I need help is this: I can download the GAB to my workstation. I can then export that out to a text file of some sort which I can then use to populate an LDAP (maybe even just setup a local AD server here locally?) server with. I think? So my question then, first of all, does this all make sense? Second, is what I’m thinking possible, and if so, what would be the best solution for an LDAP server in this case? Keep in mind, that these accounts, both on the LDAP server and the SDP server are (at least for the time being), purely for internal use. They are not meant to replace and/or administer the real AD/Exchange accounts managed by the aforementioned 3rd party. It does not need to be highly secure as it will mainly be for demo purposes, but it does need to be functional in the sense that the email accounts associated with the accounts on the LDAP need to be the same as the real AD/Exchange accounts.
Thank you in advance for any help and please let me know if anything I've written here needs clarification.