Hi Rob, thanks for your responses!
On Feb 15, 2012, at 12:16 AM, Rob Crittenden wrote:
389-ds is our LDAP server so we generally support what it can do. AFAIK it
does not do replication with OD. What is it you want to replicate, what
direction, etc?
It seems like users and groups are going to need to be synchronized, but I
don't really know. OD has 'apple-user' and 'apple-group' schemas which have
zero mandatory attributes. FreeIPA has ipaObject which has the ipaUniqueid
mandatory attribute.
This is the first time I'm trying these things with LDAP, but it seems that the
if an object is created on FreeIPA, could it be replicated to OD? apple-user
and apple-group have no mandatory attributes, and once it is replicated to OD,
an admin could run Workgroup Manager and use the migrate from legacy tool on
the object to create the OD attributes.
So I guess that means I am replicating from FreeIPA to OD, but once changes are
made on OD, can I replicate back with the additional attributes that are added?
If not, changes that are made on FreeIPA would seem to overwrite the new
attributes added in OD. Or is there a common way to do this?
Is this a reasonable approach or am I overcomplicating things?
I've never used the Apache studio but others have reported success. It is
probably just a matter of getting your basedn right (e.g. dc=example,dc=com)
and perhaps providing a bind user (cn=Directory Manager). Are you getting
specific error messages, that might help troubleshoot things.
Ok, for others who may follow, here's what worked for me on connecting with
Apache DS:
1. Note that the Directory Manager dn is literally cn=Directory Manager, not
cn=Directory Manager, dc=example, dc=com.
2. If SSL is desired, be sure to remember to use port 636 instead of 389.
This is probably covered in the docs, but alas. :-)
Cheers, Brian
p.s. Rob, sorry I responded to you directly before, I didn't notice that this
list uses reply-to of the sender and not the list.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users