docker-openldap icon indicating copy to clipboard operation
docker-openldap copied to clipboard
verified publisher icon osixia

Loading external LDIF and Schema files from Microsoft AD

Open shreyasGit opened this issue 4 years ago • 1 comments

I am new to ldap world, so please dont mind terminology lapses if any

problem statement - we are trying to use AWS Microsoft AD in one of our projects. For performing integration tests in my micro, i was looking at some docker image for Ldap and docker-openldap was the best option, so i started playing with it.i intend to use it in a docker-compose setup. What we have done is on AD side , extended schema to add few attributes that we need. Now i need those changes in docker image. so i started with ldif file which had , just schema extensions we did. For e.g. Extension ldif has something like this

1 Define the capabilities attribute

dn: CN=capabilities,CN=Schema,CN=Configuration ,DC=adds-dev,DC=dev,DC=dev,DC=us changetype: add objectClass: top objectClass: attributeSchema cn: capabilities distinguishedName: CN=capabilities,CN=Schema,CN=Configuration ,DC=adds-dev,DC=dev,DC=dev,DC=us attributeID: 1.2.840.113556.1.8000.2554.34082.29356.12951.18334.48550.5797021.610587.41 attributeSyntax: 2.5.5.12 isSingleValued: FALSE adminDisplayName: capabilities adminDescription: capabilities oMSyntax: 64 lDAPDisplayName: capabilities name: capabilities objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration ,DC=adds-dev,DC=cidev,DC=sas,DC=us

But i get an error stating , objectClass: attributeSchema is invalid , coz its not present in openldap. so i tried to export entire schema from Microsoft AD, as a ldif and tried to load it in this image . but i get many other errors. i used Seed ldap database with ldif, Seed from internal path options.

so in short question is is there a way and is it feasible ,to export and then import schema for Microsoft AD and use it in openldap image. I see that schema being quite huge. as its obvious our code depends on the additional classes and attributes, i will need them in image to run my tests.

please comment/advise if this approach is right one.

shreyasGit avatar May 18 '21 12:05 shreyasGit

We would also like to use OpenLDAP for the same thing - loading LDIF exports from an AD instance.

It would be really helpful to have an example of how to do this @BertrandGouny.

andrewbanchich avatar May 20 '21 14:05 andrewbanchich