thank you Markus and Clément for giving your supports. first i will try myself, if not succeeded then i will contact again.
On 4/2/13, Clément OUDOT <[email protected]> wrote: > 2013/4/2 Markus Widmer <[email protected]> > >> Hi! >> >> we have implemented OpenLDAP -> AD using the OpenLDAP accesslog overlay >> to >> see what has changed in OpenLDAP. For AD -> OpenLDAP we use the >> highestCommittedUSN to see if something has changed on AD side. >> Synchronization of passwords is a bit more complicated because if you >> want >> to sync them OpenLDAP -> AD you have to set them as clear text passwords >> via LDAP. At the same time you usually don't want to store them as clear >> text in the OpenLDAP directory. We have solved it by implementing an >> overlay that gets an encrypted password and stores it in a custom >> attribute >> protected by ACLs (similar to the eDirectory universalPassword) and as >> SSH2-hashed value in the userPassword attribute. It then can be decrypted >> and synchronized to AD. If you want AD -> OpenLDAP you have to catch the >> password change the moment it happens. We have done this by implementing >> a >> DLL. >> >> Of course there are other ways of doing it. >> >> Cheers, >> >> -Markus- >> >> >> On 02.04.2013 07:31, Suman Karki wrote: >> >>> hello there! >>> anybody have done openldap and active directory synchronization? >>> i want to sync them. give me idea how you have done? >>> >>> i am struggling to solve that. >>> if you charge some amount then i am ready to pay. >>> just i need to solve that problem. >>> >>> > > Hi, > > > another solution is to use LDAP Synchronization Connector ( > http://lsc-project.org). > > Here is a tutorial for OpenLDAP to AD synchronization: > http://lsc-project.org/wiki/documentation/2.0/tutorials/openldaptoactivedirectory > And here some notes on password synchronization: > http://lsc-project.org/wiki/documentation/2.0/howtos/activedirectory#password_synchronization > > > Clément. >
