Re: FDS and OpenLDAP integration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Pierangelo Masarati wrote:

Richard Megginson wrote:


But there are ways to sync data from Fedora DS to OpenLDAP also.  You
just can't do both directions at the same time.  How could I word that
appropriately?


Can you elaborate on that?  From the Wiki, it seems that there are some,
but they're undocumented.
I haven't had time to properly test and document this, but there are at least 3 ways that I know of. 1) Enable audit logging, and use a process to periodically read from the audit log and send those changes to another ldap server. 
2) Enable audit logging, but use a named pipe instead of a file.
1 and 2 could probably be a Net::LDAP perl script or a python-ldap script - read in the LDIF change records from the audit log, convert to LDAP add/modify/delete commands. 3) Use the Retro Changelog in conjunction with persistent search. This could also be a script (if the LDAP client implementation understands Fedora DS persistent search) that does basically the same thing as 1 and 2 above. 


The other way 'round (OL => FDS), one could try out OpenLDAP's
slapo-accesslog(5) in the changelog-like variant (haven't tested, could
need some hacking).  THis should work fine with changelog (Retro
Changelog).

Or (and it would probably be a big plus for RFC 4533) FDS could be added
a plugin that makes use of LDAP Sync.  I note that, for applications
that do not want to reinvent the wheel, OpenLDAP's libldap that ships
with 2.4 provides a ldap_sync API that hides RFC 4533 details, so one
only needs to deal with making use of the results of the various phases
of the sync replication.

That's good to know.  Thanks!

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@xxxxxxxxxx
---------------------------------------


--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux