Le 07/10/2015 13:56, Dan G. Switzer, II a écrit :
Clément,
Thank you so much for the reply. This helps me a lot.
Please forgive me for my next question, because I do not have a lot of
experience with AD and LDAP.
The RFC-4530 <https://tools.ietf.org/html/rfc4530> specification
indicates the entryUUID attribute is optional. Is this generally
implemented in most systems? The tool we're working on we are hoping
to deploy in many different environments in order to give them a way
to synchronize their servers to our proprietary API.
Yes, at least on OpenLDAP. It is not provided by AD, but AD does not
respect standards anyway.
If entryUUID isn't used, is there another commonly used unique identifier?
The entry DN (dn or entryDn attribut) is also a common unique identifier
if you don't rename entries.
It would appear for AD I should be able to use the objectGUID (or
would objectSID be better)?
Yes but the values are binary, and it can be harder to use.
If you want to provide a connector to your proprietary API, you should
look at the plugins possibility. For example the OBM plugin allows to
synchronize to a REST API:
http://lsc-project.org/wiki/documentation/plugins/obm
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
