[mdlug] LDAP Server Question

Wojtak, Greg (Superfly) GregWojtak at quickenloans.com
Wed Jul 25 10:02:13 EDT 2012 

I could do that.  Is there a way to keep the two directories in sync in
[near] real-time though?

Greg Wojtak
Sr. Unix Systems Engineer
Office: (313) 373-4306
Cell: (734) 718-8472





On 2012-07-25 9:43 AM, "Jason Taylor" <jmtaylor90 at gmail.com> wrote:

>Have you all looked at scripting an LDIF export and modifying the DN
>location to the desired destination then importing?
>
>-Jason
>
>On Wed, Jul 25, 2012 at 9:07 AM, Wojtak, Greg (Superfly)
><GregWojtak at quickenloans.com> wrote:
>> I've got an interesting challenge I'm facing with LDAP/Active Directory
>>and I was hoping to get some thoughts on an idea I had or get some input
>>into other solutions.
>>
>> Right now, we have AD and a separate SunOne directory server.  The Sun
>>DS serves up information for users and netgroups and does
>>authentication.  My goal is to migrate everything into AD.
>>
>> I've gotten just about all the pieces working and have gotten
>>Unix/Linux servers to be able to authenticate against Active Directory.
>>The challenge I'm facing is that the directory is laid out very poorly
>>and all searches for users need to begin at the top-level directory
>>component. This makes for very slow login times in most cases - anywhere
>>from 10 seconds to a minute.  nscd and sssd seem to help a bit, but even
>>with them running, logins can sometimes still be very slow.
>>
>> I was looking at the possibility of using an OpenLDAP proxy to AD or
>>the rewrite proxy overlay for OpenLDAP.  I'm sure that would help too,
>>but that got me thinkingŠ
>>
>> Is there a way to replicate certain objects (ie users and groups) from
>>one directory server (ie AD) into another (ie, OpenLDAP) and instead of
>>copying the structure of the directory, replicate them into a structure
>>of my choosing?  That would be ideal for me, but if anyone else has any
>>ideas, I'd love to hear them.
>>
>> I think for now I'm going to continue to pursue the OpenLDAP proxy
>>cache solution to see if that adds anything.  That solution loses its
>>appeal to me however because at that point there are so many layers of
>>caching going on that I'm sure we'll start to see issues (we see them
>>today just with client caching).
>>
>> Thanks!
>>
>> Greg Wojtak
>> Sr. Unix Systems Engineer
>> Office: (313) 373-4306
>> Cell: (734) 718-8472
>>
>> _______________________________________________
>> mdlug mailing list
>> mdlug at mdlug.org
>> http://mdlug.org/mailman/listinfo/mdlug
>_______________________________________________
>mdlug mailing list
>mdlug at mdlug.org
>http://mdlug.org/mailman/listinfo/mdlug

More information about the mdlug mailing list