-1

I have to mention that I am talking about 60 - 100 users. We are having SQL database for specific internal use, where contain all the users in the company. Now we are deploying Windows Active Directory and think of a way to centralize the users. Here is my confusion, since LDAP is a protocol, where should the users be ? On the Active Directory and shared to the SQL via LDAP ? Or on the SQL and shared the way around ? I am totally confused here..

Vasil Nikolov
  • 159
  • 1
  • 6

1 Answers1

1

There is no way to share users from LDAP to DB or the other way around. The users can be in LDAP, in DB or in both.

LDAP, beside being a protocol, is a directory: user entries may contain attributes (like givenName, surname, mail ecc) other than uid and password.

You can import attributes from DB to LDAP, but then you need to sync the sources.

Generally speaking it depends on what you need to do.

Francesco Malvezzi
  • 406
  • 3
  • 11
  • Thanks for the answer! My idea is to add users to the AD and though LDAP to add the user to the SQL as well, instead of adding the same user twice. So I have to Host the LDAP from the DC and sync the SQL to that LDAP server ? – Vasil Nikolov Oct 21 '15 at 13:17
  • Let me rephrase your question: users are inserted in AD. With a custom procedure you push AD data to SQL using a ldap search. It is that? It's ok, but please remember you have to track user deletions and updates as well! – Francesco Malvezzi Oct 21 '15 at 13:34
  • Yes, basically that is the idea behind that LDAP that I wanna set up, but I got totally confused about it. So if I got you right, I can not make automatic user export via LDAP from the AD,DC (I plan to place them together), so it has to be done manually? Or scheduled a script for it. So for LDAP I need to run only services, no need to make it as a server, if AD run LDAP services the authorized SQL can export user data from there? - Is my understanding correct? – Vasil Nikolov Oct 22 '15 at 07:51
  • Every authorized user can query the AD LDAP and extract the AD users. This is generally a manual process (or scripted). – Francesco Malvezzi Oct 22 '15 at 08:30