Here’s my problem: I have an LDAP server (OpenLDAP actually, although I’ve heard good thing about Fedora Directory Server) that I’d like to populate with Active Directory data. Specifically, email data.
The project is an email service which consults said LDAP server for valid email addresses and drops the others. Doing this, I’ve been assured, will drop the amount of SPAM we receive in any given day by about 60%. That’s millions of spam emails summarily dropped!
So, good thing. What I’m having trouble with is exporting the data from Active Directory after extraction (which is easy) to the OpenLDAP server. But say I’m able to do that, which should be simple, how do I keep that data up-to-date? A complicating factor is that the email information is not just for one email domain, but for many others. I know OpenLDAP has a schema that requires data which has to fit—am I saying this correctly?
Which means that if I create a schema for a particular tree, can I have data (email addresses) which don’t belong to that tree? Ugh, I’m probably destroying this. Anyway, the other problem: deltas. When a user is deleted, how can I update the LDAP database regularly?
These are the kinds of problems I’m having to deal with, and the answers to which seem very far away.
Anyone know how to do this easily?
2 responses so far ↓
1 bp // Jan 11, 2008 at 0057
Directory synchronization is pretty common. The Microsoft solution, is called MIIS (Microsoft Identity Integration Server), which is REALLY expensive. I’m sure there are others out there, just look for the competition to MIIS.
2 fred // Jan 11, 2008 at 0931
Oh yes, I know about MIIS (unfortunately), but I’m not familiar with it enough to know if it’ll work for my purposes. What I require is actually a one-way replication.
The LDAP server I’m working on is going to be a consulting repository for all valid email addresses in our organization. The problem is we have all these different departments with disparate ADs and different email addresses (although the top-level email domain is the same throughout, for the most part).
If it were simply a matter of exporting the email addresses (all of the proxyAddresses), then no problem. However, we’ll need to periodically update the database for new and deleted addresses.