1

I am currently setting up OpenLDAP on Ubuntu 12.04 servers. My end goal is to federate the users with Active Directory. I want to be able to create users and assign them custom roles in either environment. Does anyone know how to set up the OpenLDAP tree structure to be compatible for this purpose? I want to be able to map the users with usernames, display names and roles to both environments.

Maria
  • 141
  • 1
  • 1
  • 4

2 Answers2

0

I'm digging into a similar issues and found this. This is answered in part by LDIF for Creating AD users/groups which only addresses the user/group aspects of AD. The complete AD schema is too large to implement but usually not needed for most cases. Reference the OpenLDAP FAQ for more details on the changes to OpenLDAP for AD compatibility. I hope this helps someone.

Michael McGarrah
  • 585
  • 4
  • 10
-1

You can set up an OpenLDAP DIT any way you like, there are no constraints. You can set it up to be identical to the AD DIT, as long as you load all the appropriate schemas.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • Thank you. But how would you structure the roles in OpenLDAP? – Maria Nov 13 '14 at 01:16
  • Also what is the correct way of loading the schemas and which ones do I need? – Maria Nov 13 '14 at 01:25
  • @Maria I'm suggesting to structure them the same way as in your AD server. Schemas are loaded via commands in `slapd.conf`. I don't know which ones you need to emulate AD and I don't know whether they're all supplied with OpenLDAP. You'll have to research that. – user207421 Nov 13 '14 at 05:26
  • Does not answer OP's question. OP asked about "how" not about "if yes". No evidence provided no links to relevant sources, voting -1 – xmojmr Nov 13 '14 at 12:03
  • @xmojmr The OP asked how to set it up to be compatible for mapping. The answer is to set it up to be identical. Then no mapping is required at all. The actual mechanism for doing that is both 'too broad' and 'off topic' here. – user207421 Nov 13 '14 at 21:45