[Fedora-directory-users] Windows Active Directory sync Help!

Thu Jan 10 19:48:04 UTC 2008

kiran madala wrote:
> May be i will just try to write a script to store the sync values from Fedora  Where can I find the documentation as to how the fedora performs the sync and where does it store? I mean development wise 
>   

There are a number of ways to do it, depending on what you are actually 
trying to do.

If you just need to pull changes from AD, one direction only, you could 
use the AD DirSync control.  This is essentially what Fedora DS uses to 
pull changes from AD.  I don't know if there are any *nix clients with 
built-in DirSync support, but you could create your own with Net::LDAP 
and the ASN.1 creator/parser and BER codec.

There are a number of ways to get changes from Fedora DS.
1) ldapsearch ... (modifyTimestamp>=somevalue)
2) enable audit logging then parse the audit log file
3) enable the Retro changelog and search cn=changelog

These can be used with or without persistent search provided by the 
mozldap ldapsearch command line tool.
> ----------------------------------------
>   
>> Date: Thu, 10 Jan 2008 11:48:00 -0700
>> From: rmeggins at redhat.com
>> To: fedora-directory-users at redhat.com
>> Subject: Re: [Fedora-directory-users] Windows Active Directory sync Help!
>>
>> kiran madala wrote:
>>     
>>> But isn't it how the fedora ds does the AD sync?. I mean can I just write the script to connect to AD directly and do ldapsearch for updates?
>>>       
>> Yes.  The thing is that Fedora DS will not automatically send changes to 
>> a database.  You'd have to write a plugin for that.  It's much simpler 
>> to just script it - most scripting languages have ODBC/SQL support as 
>> well as LDAP support.
>>     
>>> Alternatively can I do a script to search for the user against his/her group from the updates obtained by Fedora-ds from AD?
>>>       
>> I'm not sure what you mean by "against his/her group".
>>     
>>> IF so what are the docs and packages i should be looking at?
>>>
>>> Thanks in advance
>>> ----------------------------------------
>>>   
>>>       
>>>> Date: Thu, 10 Jan 2008 10:40:19 -0700
>>>> From: rmeggins at redhat.com
>>>> To: fedora-directory-users at redhat.com
>>>> Subject: Re: [Fedora-directory-users] Windows Active Directory sync Help!
>>>>
>>>> kiran madala wrote:
>>>>     
>>>>         
>>>>> Thank you the sync works fine. My actual task is to store the AD users and groups in our company database through the fedora-ds. I was wondering if this is possible,
>>>>>
>>>>> Like  AD-->FDS-->Own database
>>>>>
>>>>> IS this a possibility?. If it is then how would I do it?
>>>>>   
>>>>>       
>>>>>           
>>>> The usual way to do this is to write a script to use ldapsearch to pull 
>>>> changes from Fedora DS and write them to your database.
>>>>     
>>>>         
>>> _________________________________________________________________
>>> Introducing the City @ Live! Take a tour!
>>> http://getyourliveid.ca/?icid=LIVEIDENCA006
>>>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>   
>>>       
>
> _________________________________________________________________
> Exercise your brain! Try Flexicon!
> http://puzzles.sympatico.msn.ca/chicktionary/index.html?icid=htmlsig
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20080110/f4c15e05/attachment.bin>