FDS and OpenLDAP integration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Pierangelo Masarati wrote:
> Richard Megginson wrote:
>
>   
>> But there are ways to sync data from Fedora DS to OpenLDAP also.  You
>> just can't do both directions at the same time.  How could I word that
>> appropriately?
>>     
>
> Can you elaborate on that?  From the Wiki, it seems that there are some,
> but they're undocumented.
>   
I haven't had time to properly test and document this, but there are at 
least 3 ways that I know of.
1) Enable audit logging, and use a process to periodically read from the 
audit log and send those changes to another ldap server.
2) Enable audit logging, but use a named pipe instead of a file.
1 and 2 could probably be a Net::LDAP perl script or a python-ldap 
script - read in the LDIF change records from the audit log, convert to 
LDAP add/modify/delete commands.
3) Use the Retro Changelog in conjunction with persistent search.  This 
could also be a script (if the LDAP client implementation understands 
Fedora DS persistent search) that does basically the same thing as 1 and 
2 above.

> The other way 'round (OL => FDS), one could try out OpenLDAP's
> slapo-accesslog(5) in the changelog-like variant (haven't tested, could
> need some hacking).  THis should work fine with changelog (Retro
> Changelog).
>
> Or (and it would probably be a big plus for RFC 4533) FDS could be added
> a plugin that makes use of LDAP Sync.  I note that, for applications
> that do not want to reinvent the wheel, OpenLDAP's libldap that ships
> with 2.4 provides a ldap_sync API that hides RFC 4533 details, so one
> only needs to deal with making use of the results of the various phases
> of the sync replication.
>   
That's good to know.  Thanks!
> p.
>
>
>
> Ing. Pierangelo Masarati
> OpenLDAP Core Team
>
> SysNet s.r.l.
> via Dossi, 8 - 27100 Pavia - ITALIA
> http://www.sys-net.it
> ---------------------------------------
> Office:  +39 02 23998309
> Mobile:  +39 333 4963172
> Email:   pierangelo.masarati at sys-net.it
> ---------------------------------------
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070917/0e4e94cc/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux