search

dkoudela / active-directory-to-openldap

An attempt to provide tools and LDIF schemas for conversion of Active Directory structures to OpenLdap.
Apache License 2.0
119 stars 36 forks source link

can you tell me where the ad schemas came from? #1

Closed chenjie4255 closed 8 years ago

chenjie4255 commented 9 years ago

hi, I really like your project, It helps me to find the ad schema file,but I want to know how you find your microsoft AD schema file

dkoudela commented 9 years ago

Hi,

Thanks for your interest in my project.

There are several ways how you can do it. The best way I would say is using LDAP client for exporting the schema to LDIF format. I use Softerra LDAP Browser: http://www.ldapadministrator.com/

  1. You must setup a connection (Profile) to the Active Directory configuration, e.g.: CN=Schema,CN=Configuration,DC=example,DC=com
  2. Export the data:
    • File -> Export Data
    • Select LDIF
    • Select File name
    • Search Scope: Subtree, Enable Paging (optional)
    • Select your preferred line end style
    • You can replace root DN if you want

Now you got the raw Active Directory schema LDIF. To be usable in OpenLdap, it must be converted. I made a script for this purpose: https://github.com/dkoudela/active-directory-to-openldap/blob/master/scripts/ad-schema-to-open-ldap.py

Enjoy it! David.

chenjie4255 commented 9 years ago

Wow you make a awesome work,I convert the LDIF file to schema file successfully. But I got a error when I add it to the openldap.conf file. the error say: objectclass: AttributeType not found:"msImaging-PSPIdentifier" Is there something more I should export to a schema file? Thanks.

BTW: I saw there are 3 schema file prefix with micro* in your schemas directory, but I just got one schema file by your way, Is there something different I need to be care when I use those schema files(by my export, or by your schema files)?

Can I just use your schmea files in openldap for sync AD data? Is there something different between difference AD Server versions(eg, ad 2003, ad 2008)...

Thanks again and sorry about my poor english! :)

dkoudela commented 9 years ago

I am glad someone appreciates this project as it is very specific.

I do not think so. It should be there: attributetype ( 1.2.840.113556.1.4.2053 NAME 'msImaging-PSPIdentifier' DESC 'msImaging-PSPIdentifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) Maybe the order can be changed. Attributetypes must be loaded before Objectclasses. Therefore I keep them in separate files.

Well, at the beginning I used a schema file from OpenLdap pages (file: microsoftattributetypestd.schema). Afterwards, I realized it is not enough for proper LDAP functionality. I exported the AD schema as I suggested and split objectclasses and attributetypes to separate files. Later on, I would like to eliminate microsoftattributetypestd.schema completely. Unfortunately, there are some attributetypes which conflict with core OpenLdap. In my case, I did not import everything as we do not need all the data.

At least, you can try it :-) . Yes, there are can be some differences in the schema between different AD revisions. It really depends on your needs. In most cases, clients do not use all the data.

You are welcome! No problem :-)

dkoudela commented 8 years ago

I am closing this issue for now. If you have any further question, please, do not hesitate to ask.

Best Regards, David.