I'd like to transition our user provisioning from Active Directory to OpenLDAP. I was planning to install OpenLDAP...
on Ubuntu. Is it possible to move all AD users to OpenLDAP?
Yes, from Active Directory it is possible to perform an OpenLDAP migration on an Ubuntu or other operating system, but you'll need to use an intelligent transfer program like a virtual directory or meta-directory to do it. Flat-file synchronization generally is a lot of work, since the data migrates but the access controls do not (something virtual directories and meta-directories do carry over).
First, you must map the OpenLDAP schema to the current Active Directory schema. Next, the OpenLDAP user object must be extended to include all the fields used in Active Directory. Once the mappings are done, you'll need a transportation method, either a flat-file synchronization program or a meta-directory. For synchronization you'll extract the Active Directory user objects into a flat file (usually comma delimited), then run an import synchronization that takes the flat file and imports the content into the OpenLDAP schema. If a meta-directory is used, you'll create real-time connections between the Active Directory server and the OpenLDAP server.
The mappings done in the previous step are then used to configure the connectors. Finally, a meta directory update is done and the Active Directory will send out a "replication" that maps to the OpenLDAP schema, as defined by the meta directory, and automatically populates the OpenLDAP server.
Dig Deeper on Privileged access management
Related Q&A from Randall Gamby
When it comes to minimum password length, 14-character passwords are generally considered secure, but they may not be enough to keep your enterprise ... Continue Reading
Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses. Continue Reading
Enterprises need a full understanding of the FIDO authentication framework before switching to its technology. Expert Randall Gamby looks at the most... Continue Reading