Upload File

synchronize openldap with active directory with lsc project

  • Home
  • Technology
  • Synchronize OpenLDAP with Active Directory with LSC project
Download Synchronize OpenLDAP with Active Directory with LSC project

If you can't read please download the document

Upload: oudot-clement

Post on 26-May-2015

12.093 views

Category:

Technology


12 download

Report

TRANSCRIPT

  • 1. Synchronize OpenLDAP with Active Directory The LSC project Clment OUDOT

2.

  • Introduction

3. The LSC project 4. Active Directory specificities 5. Advanced LDAP functionalities 6. Demonstration Table of contents 7.

  • Having just one single user database in our information system is a dream

8. Having just Open Source in our information system is dream 9. But drive Active Directory from OpenLDAP is now a reality, thanks to LSC project Introduction 10. The LSC project

  • LDAP Synchronization Connector

11. BSD licence 12. Java 13. LDAP provisioning from databases, flat files and LDAP directories 14. Extended functions for Active Directory 15. LDAP Query Language (LQL) 16. Overview 17. Input

  • Two requests methods:
  • LDAP (JNDI)

18. SQL (JDBC) Three inputs:

  • LDAP directories (LDAP queries)

19. Databases (SQL queries) 20. CSV files (injected in local HSQLDB) 21. LSC engine 22. Create a connector

  • Download lsc-sample archive

23. Run maven to get dependencies 24. Run the code generation wizard 25. Configure your rules in lsc.properties 26. LDAP connection

  • Use SSL (ldaps://) or TLS (startTLS)

27. Paged search result 28. Recursive delete 29. All JNDI options:

  • Referrals handling

30. Aliases dereferencing 31. Extended matching filters src.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory src.java.naming.ldap.derefAliases = never src.java.naming.ldap.version = 3 src.java.naming.provider.url = ldap://localhost/dc=example,dc=com src.java.naming.referral = ignore src.java.naming.security.authentication = simple src.java.naming.security.principal = cn=admin,dc=example,dc=com src.java.naming.security.credentials = secret Example 32. Definition of a task

  • Task name

33. Task type (db2ldap or ldap2ldap) 34. Bean for destination (dstBean) 35. Object for source (mapped in srcBean) 36. DN template 37. Conditions for create/delete/modify/modrdn 38. For source and destination:

  • Base

39. Filter (All and and Id) 40. Attributes 41. Pivot attributes 42. Definition of a task lsc.tasks = user lsc.tasks.user.type = ldap2ldap lsc.tasks.user.bean = org.lsc.beans.userBean lsc.tasks.user.object = org.lsc.objects.inetOrgPerson lsc.tasks.user.dn = "cn=" + srcBean.getAttributeValueById("cn") + ",ou=users" lsc.tasks.user.srcService = org.lsc.jndi.SimpleJndiSrcService lsc.tasks.user.srcService.attrs = uid cn sn givenName mail o lsc.tasks.user.srcService.baseDn = ou=users lsc.tasks.user.srcService.filterAll = (objectClass=inetOrgPerson) lsc.tasks.user.srcService.filterId = (&(objectClass=inetOrgPerson)(|(uid={samaccountname})(uid={uid}))) lsc.tasks.user.srcService.pivotAttrs = uid lsc.tasks.user.dstService = org.lsc.jndi.SimpleJndiDstService lsc.tasks.user.dstService.attrs = cn sn givenName mail company objectClass sAMAccountNamelsc.tasks.user.dstService.baseDn = ou=users lsc.tasks.user.dstService.filterAll = (objectClass=user) lsc.tasks.user.dstService.filterId = (&(objectClass=user)(|(sAMAccountName={uid})(sAMAccountName={samaccountname}))) lsc.tasks.user.dstService.pivotAttrs = sAMAccountName Example 43. Synchronization options

  • Action: Force/Keep/Merge

44. Value modification type: Create/Default/Force 45. SrcBean and dstBean methods:

  • getDistinghuishName

46. getAttributeValueById Multi-valued attributes with configurable delimiter (';' by default) 47. Rhino Javascript engine 48. Synchronization options lsc.syncoptions.user = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions lsc.syncoptions.user.default.action = F lsc.syncoptions.user.company.force_value = srcBean.getAttributeValueById("o") lsc.syncoptions.user.name.force_value = srcBean.getAttributeValueById("cn") lsc.syncoptions.user.displayName.force_value = srcBean.getAttributeValueById("cn") lsc.syncoptions.user.objectClass.force_value = "top";"user";"person";"organizationalPerson" lsc.syncoptions.user.sAMAccountName.create_value = srcBean.getAttributeValueById("uid") lsc.syncoptions.user.userPrincipalName.create_value = srcBean.getAttributeValueById("uid") + "@example.com" lsc.syncoptions.user.scriptPath.create_value = "demo.bat" Example 49. Active Directory

  • Use Paged Search to bypass 1000 entries limit

50. UserAccountControl:

  • userAccountControlSet

51. userAccountControlCheck 52. userAccountControlTooglePassword:

  • GetUnicodePwd

LastLogon:

  • getNumberOfWeeksSinceLastLogon

53. LDAP Query Language

  • Access to srcLdap (source) and ldap (destination) connection objects

54. Special functions:

  • attribute(DN, attribute)

55. search(base, filter) 56. list(base, filter) 57. read(base, filter) 58. sup(DN, level) lsc.syncoptions.user.givenName.force_value =srcLdap.attribute( srcLdap.list( "ou=services", "uniqueMember=" + srcBean.getDistinguishName() + "" ), 'description').get(0) Example 59. See also

  • Official LSC page :http://lsc-project.org

60. LDAP Tool Box project :

  • Nagios and Cacti scripts

61. OpenLDAP RPM 62. LDAP scripts 63. Web application for user to change their password (OpenLDAP and Active Directory) 64. http://ltb-project.org 65. Thank you for your attention Visit us at our stand 107 - hall 7.2b


OpenLDAP Software 2.4 Administrator's Guidefcs/Doc/OpenLDAP/admin24-guide.pdf · OpenLDAP Software 2.4 Administrator's Guide ii. Table of Contents 8. Access Control ... Creating a

OpenLDAP Server

OpenLDAP 2.4 Admin Guide

OpenLDAP Development - Usenix

OpenLDAP Admin Guide

OpenLDAP Server With TLS

OpenLDAP Directory Administration OpenLDAP: Building a Company White Pages

RHEL6 Openldap Server

Webcast Openldap

Using OpenLDAP with BIND 9 DNS - Jay Wheeler's Pagejaywheeler.users.sourceforge.net/pdf/Using OpenLDAP with Bind9 DN… · Using OpenLDAP with BIND 9 DNS Overview This procedure describes

OpenLDAP Software 2.4 Administrator's Guide · OpenLDAP Software 2.4 Administrator's Guide. Table of Contents. C. Common errors encountered when using OpenLDAP Software.....213. C

Liferay Alfresco OpenLDap OpenSSO

Openldap Replication

OpenLDAP Software 2.4 Administrator's Guide - OpenLDAP, Main Page

OpenLDAP Server unter CentOS 6 und Rhel6 · OpenLDAP Server unter CentOS 6 und Rhel6 • I) Grundinstallation des OpenLDAP Servers • II) Datenerstbefüllung des OpenLDAP Servers

OpenLDAP Admin Guide 2012

OpenLDAP 2.1 Administrator's Guide

OpenLDAP - Installation and Configuration

Using OpenFire With OpenLDAP

Using OpenLDAP

Open Directory & OpenLDAP

LSC @ LDAPCON . 2011 · About LSC Project What is LSC? − ... − Microsoft Active Directory ... –A source OpenLDAP directory –Provisioning to: • OpenDJ • PostgreSQL. 11/10/11

OpenLDAP Scaling Guide

OpenLDAP Admin Guide2.4

OpenLDAP Software 2.3 Administrator's Guide - OpenLDAP, Main Page

Latch OpenLDAP english

OpenLDAP Replication Strategies

Synchronize AD and OpenLDAP with LSC

Installing Configuring Openldap

OpenLDAP Setting a Course for the Enterprise Howard Chu, [email protected] Chief Architect, Symas Corp Chief Architect, OpenLDAP Project SCALE5x 2007-02-10 OpenLDAP Project • Open source

WPA2-Enterprise, freeRADIUS, OpenLDAP

OpenLDAP - wiki.shileizcc.com

Latch OpenLDAP

What's New in OpenLDAP

OpenLDAP Directory Administration OpenLDAP