Home/ Questions/Q 6614373
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T20:19:52+00:00

I have a web application that uses Active Directory to authenticate users, and I’m

  • 0

I have a web application that uses Active Directory to authenticate users, and I’m trying to replace AD with OpenLDAP.

The documentation says that I need to log on the domain controller as administrator, open the user management window, click on the appropriate organizational unit and add the userids to the proper groups (these groups should have scope “Global” and group type “Security”).

I need to create the equivalent entries on my OpenLDAP server. Can someone provide an example LDIF for this? I don’t know the class nor the attributes I should use, and I don’t have access to a domain controller. The most problematic items seems to be group type and scope, because they seem to be binary values, not strings.

Please note that I don’t want to replace Active Directory completely – I just need userids and groups. I’ve tried adding microsoft.schema to OpenLDAP, but it doesn’t work. I’ve found some information about modifying the schema for Microsoft Outlook; I need something similar but simpler.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s almost impossible to convert the entire ActiveDirectory schema to OpenLDAP, it’s huge. However, we can add only the needed attributes and classes:

    attributetype ( 1.2.840.113556.1.4.750 NAME 'groupType' 
   SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE 
)

attributetype ( 1.3.114.7.4.2.0.33 NAME 'memberOf' 
    SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' 
)

objectclass ( 1.2.840.113556.1.5.9 NAME 'user'
        DESC 'a user'
        SUP organizationalPerson STRUCTURAL
        MUST ( cn )
        MAY ( userPassword $ memberOf ) )

objectclass ( 1.2.840.113556.1.5.8 NAME 'group'
        DESC 'a group of users'
        SUP top STRUCTURAL
        MUST ( groupType $ cn )
        MAY ( member ) )

    Then it’s easy to create an LDIF file for inserting the users and groups:

    dn: dc=myCompany
objectClass: top
objectClass: dcObject
objectClass: organization
dc: myCompany
o: LocalBranch

dn: ou=People,dc=myCompany
objectClass: top
objectClass: organizationalUnit
ou: People
description: Test database

dn: cn=Users,dc=myCompany
objectClass: groupOfNames
objectClass: top
cn: Users
member: cn=Manager,cn=Users,dc=myCompany

dn: cn=Manager,cn=Users,dc=myCompany
objectClass: person
objectClass: top
cn: Manager
sn: Manager
userPassword:: e1NIQX1tc0lKSXJCVU1XdmlPRUtsdktmV255bjJuWGM9

dn: cn=ReadWrite,ou=People,dc=myCompany
objectClass: group
objectClass: top
cn: ReadWrite
groupType: 2147483650
member: cn=sysconf,ou=People,dc=myCompany

dn: cn=sysopr,ou=People,dc=myCompany
objectClass: user
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: sysopr
sn: team
memberOf: cn=ReadOnly,ou=People,dc=myCompany
userPassword:: e1NIQX1jUkR0cE5DZUJpcWw1S09Rc0tWeXJBMHNBaUE9
    • 0