[Fedora-directory-users] Extracting details from ActiveDirectoryto FDS

[Phil Lembo]

Darren:

I wrote a Perl script using the Net::LDAP module and Kartik Subbrao's
ldifdiff.pl (in Net::LDAP contrib section on search.cpan.org)  to go the
other way, updating AD from LDAP (in our case the FDS-related Sun
Directory).  The basic process I  followed was to dump the contents of each
directory to LDIF (after all, AD is "just another LDAP directory", ;-),
transform the dns so that the source looks like the target (we get the dn by
doing a search against the target on a attribute value common to both, in
our case, AD CN = LDAP UID), then diffing the transformed files, and using
the resulting diff to make my changes to the target. The current version is
heavily customized for my company's environment so the code would probably
be pretty useless to you, but if a barely competent Perl programmer like me
could come up with something like this I'd guess that someone who *really*
knew what they were doing could come up with something much better.

There are also commercial products out there like Microsoft or Sun's
metadirectory, and HP's LDAP Directory Synchronizer (LDSU) (see
http://h20219.www2.hp.com/services/cache/11215-0-0-0-121.html). All of these
are quite costly. The Sun product is freely downloadable but it is very
complex and I'd wouldn't recommend exploring it without professional
services assistance. You should also look at Sun's latest Directory Resource
Kit,
http://developers.sun.com/prodtech/dirserver/reference/techart/DSRK_52.html,
which provides a number of tools that can be used together to synchronize
disparate directories. The doc is a worthwhile read for getting you thinking
about how you'd go about it in your environment.

-- 
Phil Lembo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20061222/eb2b1a83/attachment.htm>