Cloning an ActiveDirectory tree
Hello, I would like to partially clone my company ActiveDirectory tree in ApacheDS 2M7 to test a Spring application which uses kerberos authentication on Centos. Any suggestions as to how I should do that? Do I just create user accounts with samaccountnames equal to account names in the AD directory, and existing sampasswords? Many thanks. Philroc
Re: Cloning an ActiveDirectory tree
Le 7/13/12 8:26 AM, Philippe de Rochambeau a écrit : Hello, I would like to partially clone my company ActiveDirectory tree in ApacheDS 2M7 to test a Spring application which uses kerberos authentication on Centos. Any suggestions as to how I should do that? Not easy. AD is not exactly an LDAP compliant server, and it has thousands of specific attributes which are not present in ApacheDS or in OpenLDAP. Plus other schema elements are very specific to AD... All that I can say is that you should first determinate what are the data you want to migrate,before considering moving away from AD (even if moving away from AD is the right thing to do...) -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
Re: Cloning an ActiveDirectory tree
On 13/07/2012 08:26, Philippe de Rochambeau wrote: Hello, I would like to partially clone my company ActiveDirectory tree in ApacheDS 2M7 to test a Spring application which uses kerberos authentication on Centos. Any suggestions as to how I should do that? Do I just create user accounts with samaccountnames equal to account names in the AD directory, and existing sampasswords? Hi Philippe, if you are interested, and especially if you need to migrate only user profiles from AD to ApacheDS, I'd rather suggest an alternative approach based on Apache Syncope. The idea could be to synchronize user profiles from AD to Syncope (which features a full-Java agentless AD connector) and then propagate such users to ApacheDS (via standard LDAPv3 connector). You can see an example close to your use case at [1]. Post your questions / comments to syncope-u...@incubator.apache.org in case. Regards. [1] https://cwiki.apache.org/confluence/display/SYNCOPE/Synchronize+Active+Directory+with+SQL+database -- Francesco Chicchiriccò ASF Member, Apache Cocoon PMC and Apache Syncope PPMC Member http://people.apache.org/~ilgrosso/
