[Fedora-directory-users] FDS and OpenLDAP integration
Richard Megginson
rmeggins at redhat.com
Mon Sep 17 13:56:43 UTC 2007
Pierangelo Masarati wrote:
> Richard Megginson wrote:
>
>
>> But there are ways to sync data from Fedora DS to OpenLDAP also. You
>> just can't do both directions at the same time. How could I word that
>> appropriately?
>>
>
> Can you elaborate on that? From the Wiki, it seems that there are some,
> but they're undocumented.
>
I haven't had time to properly test and document this, but there are at
least 3 ways that I know of.
1) Enable audit logging, and use a process to periodically read from the
audit log and send those changes to another ldap server.
2) Enable audit logging, but use a named pipe instead of a file.
1 and 2 could probably be a Net::LDAP perl script or a python-ldap
script - read in the LDIF change records from the audit log, convert to
LDAP add/modify/delete commands.
3) Use the Retro Changelog in conjunction with persistent search. This
could also be a script (if the LDAP client implementation understands
Fedora DS persistent search) that does basically the same thing as 1 and
2 above.
> The other way 'round (OL => FDS), one could try out OpenLDAP's
> slapo-accesslog(5) in the changelog-like variant (haven't tested, could
> need some hacking). THis should work fine with changelog (Retro
> Changelog).
>
> Or (and it would probably be a big plus for RFC 4533) FDS could be added
> a plugin that makes use of LDAP Sync. I note that, for applications
> that do not want to reinvent the wheel, OpenLDAP's libldap that ships
> with 2.4 provides a ldap_sync API that hides RFC 4533 details, so one
> only needs to deal with making use of the results of the various phases
> of the sync replication.
>
That's good to know. Thanks!
> p.
>
>
>
> Ing. Pierangelo Masarati
> OpenLDAP Core Team
>
> SysNet s.r.l.
> via Dossi, 8 - 27100 Pavia - ITALIA
> http://www.sys-net.it
> ---------------------------------------
> Office: +39 02 23998309
> Mobile: +39 333 4963172
> Email: pierangelo.masarati at sys-net.it
> ---------------------------------------
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070917/0e4e94cc/attachment.bin>
More information about the Fedora-directory-users
mailing list