directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wim V" <...@pizzastop.be>
Subject RE: Active Directory simulation
Date Fri, 02 May 2008 11:10:18 GMT
Hi everyone,

Very interesting idead and Alex I agree to some level to your suggestions.

Indead it makes sense to have an AD compatibility mode to mimic
ActiveDirectory as much as possible. But I'm not sure whether you 'll want
to use "some kind of DirectoryServiceFactory" (I suppose this will be called
ActiveDirectoryServiceFactory, in this case?). With this, what you are
actually doing is implementing a Apache Active Directory Server. Which I'm
not sure is the goal here. You further confirm this by suggesting the AAD
Server will have a config file of its own, being ad-server.xml. I'm not sure
this is the way to go.

>From a architectural point of view, and in terms of an "Active directory
compatibility mode" for ApacheDS , imo, it seems more logical to create a
ActiveDirectoryServerFactory. (or ActiveDirectoryServer). Then, in the
apacheDS config file, you would be able to configure an AD compatible server
like this :

<ActiveDirectoryServer id="adServer"
              enabled="true"
              ipPort="389"
              enableLdaps="true">
    <directoryService>#directoryService</directoryService>
    <socketAcceptor>#socketAcceptor</socketAcceptor>
</ActiveDirectoryServer >

This has the advantage your ActiveDirectoryServer will still be an genuine
AD server behind the scenes.

>From a functional point of view, (at least) three issues are important here:
First of all, migration. It should be fairly easy to migrate from apachDS to
AD and vice versa. Second, compatibility. In an ideal world, ADS should fit
in an AD tree seamlessly, and vice versa. Third : transparency. Clients
should have now knowledge which of either solutions is being used.


Wim Verreycken

-----Original Message-----
From: Hammond, Steve [mailto:steve.hammond@Polycom.com] 
Sent: donderdag 1 mei 2008 20:14
To: users@directory.apache.org
Subject: RE: Active Directory simulation

I have been working on getting ADS to simulate AD, so far I have only
had to worry about objectClass group however.  I also had to add
attributeType samAccountName, and objectGUID.

There is the issue that I have not found a way to stop importation of
LDAPv3 attributeTypes where the name conflicts with AD attribute types
such as memberOf and Member.

-----Original Message-----
From: akarasulu@gmail.com [mailto:akarasulu@gmail.com] On Behalf Of Alex
Karasulu
Sent: Thursday, May 01, 2008 11:09 AM
To: users@directory.apache.org
Subject: Re: Active Directory simulation

This is a great idea.  A large majority of LDAP applications will most
likely be hitting AD or ADAM in the enterprise.  It makes sense to have
an
AD compatibility mode to mimic ActiveDirectory as much as possible.  We
have
a bunch of low level concerns around compatibility but I don't think
we're
limited since the ApacheDS design is so flexible.

We should have some kind of DirectoryServiceFactory implementation that
programmatically configures a new instance of a DirectoryService and or
the
server itself configured to mimic AD.  We can also include in the
standalone
version of ApacheDS an optional ad-server.xml.

Alex

On Thu, May 1, 2008 at 12:11 PM, Valery Tydykov <tydykov@yahoo.com>
wrote:

> Is it possible to simulate Active Directory structure and behavior
using
> ApacheDS?
> This would be great for testing LDAP/AD clients, without using real AD
> server.
>  Valery Tydykov


Mime
View raw message