Fedora directory users - Nov 2008 - synchronize fedora with Lotus Domino and MS Active directory

Hi,

 

I have a brief question. I''m not really experienced in the whole LDAP
field but I was trying to figure out if the following setup is possible.

 

I have 2 different directory servers...a Lotus Notes/Domino server and a
Active Directory server. Can we use Fedora as a central LDAP server and
is it possible to easily synchronize/replicate the Fedora server with
the Notes and AD server? I tried to find some documentation about this
but only found http://directory.fedoraproject.org/wiki/Howto:WindowsSync
so I guess synchronization with AD is covered but is this also possible
with Notes? 

 

It also seems quite technical....are there perhaps certain tools which
makes this more easy for you?

 

Much thanks is advance!

 

Best Regards,

Hugo

Hugo Hendriks wrote:
> I have 2 different directory servers…a Lotus Notes/Domino server and a 
> Active Directory server.
That''s almost exactly my job in a customer project (source DB is
different).
> so I guess synchronization with AD is covered but is this also possible 
> with Notes?
Depends on what you want on Domino (Notes). It''s fairly easy to add 
person entries to the Notes address book via Domino/LDAP (needs some 
Domino server configuration tweaks) but these cannot be turned into real 
Notes users with ID and mailbox files. If you want to create real Notes 
users you have to add entries in the certreq database.

I''m still figuring out whether I use the Notes client with pywin32 for 
that or whether to do that via DIIOP (or whether I leave that out and 
just generate tickets). Several meta directory agents also seem to take 
the Win32 programming approach with the Notes client.
> It also seems quite technical….are there perhaps certain tools which 
> makes this more easy for you?
I''m curious on whether you find open source tools.

Ciao, Michael.

Fedora is only going to be used as central access point. So we only need to
synchronize the Domino(notes) server with Fedora and also the Active Directory
server with Fedora. So say I add a user to the Active Directory server. This
user then needs to be synchronized to the Fedora server and then synchronized to
the Domino(Notus) server....and vice versa.

-----Original Message-----
From: fedora-directory-users-bounces@redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Michael Ströder
Sent: donderdag 20 november 2008 13:58
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] synchronize fedora with Lotus Dominoand MS
Active directory

Hugo Hendriks wrote:
> I have 2 different directory servers...a Lotus Notes/Domino server and a 
> Active Directory server.
That''s almost exactly my job in a customer project (source DB is
different).
> so I guess synchronization with AD is covered but is this also possible 
> with Notes?
Depends on what you want on Domino (Notes). It''s fairly easy to add 
person entries to the Notes address book via Domino/LDAP (needs some 
Domino server configuration tweaks) but these cannot be turned into real 
Notes users with ID and mailbox files. If you want to create real Notes 
users you have to add entries in the certreq database.

I''m still figuring out whether I use the Notes client with pywin32 for 
that or whether to do that via DIIOP (or whether I leave that out and 
just generate tickets). Several meta directory agents also seem to take 
the Win32 programming approach with the Notes client.
> It also seems quite technical....are there perhaps certain tools which 
> makes this more easy for you?
I''m curious on whether you find open source tools.

Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Hugo Hendriks wrote:
> This user then needs to be synchronized to
> the Fedora server and then synchronized to the Domino(Notus)
> server....and vice versa.
Whatever "synchronized to the Domino(Notus) server" means.
> Michael Ströder wrote:
>> Depends on what you want on Domino (Notes). It''s fairly easy
to add
>> person entries to the Notes address book via Domino/LDAP (needs some 
>> Domino server configuration tweaks) but these cannot be turned into
real
>> Notes users with ID and mailbox files. If you want to create real Notes
>> users you have to add entries in the certreq database.
Adding a fully usable notes user account usually requires going through 
a process for generating the user''s Notes ID file and a mailbox 
database. This is not as simple as adding a AD or FDS account via LDAP. 
Adding a simple person entry to be listed in the Notes address book is 
simple though. But I guess you want to have full Notes user accounts.

That''s off-topic here though.

Ciao, Michael.

Like I said, I''m not really an expert on what is all involved in the
creation of a notes account. All I know we need the address books equal on both
server and I guess that means also the creation of a full notes account like you
said.

Thanks for your info Michael!

Best regards,
Hugo

-----Original Message-----
From: fedora-directory-users-bounces@redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Michael Ströder
Sent: donderdag 20 november 2008 16:01
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] synchronize fedora with Lotus DominoandMS
Active directory

Hugo Hendriks wrote:
> This user then needs to be synchronized to
> the Fedora server and then synchronized to the Domino(Notus)
> server....and vice versa.
Whatever "synchronized to the Domino(Notus) server" means.
> Michael Ströder wrote:
>> Depends on what you want on Domino (Notes). It''s fairly easy
to add
>> person entries to the Notes address book via Domino/LDAP (needs some 
>> Domino server configuration tweaks) but these cannot be turned into
real
>> Notes users with ID and mailbox files. If you want to create real Notes
>> users you have to add entries in the certreq database.
Adding a fully usable notes user account usually requires going through 
a process for generating the user''s Notes ID file and a mailbox 
database. This is not as simple as adding a AD or FDS account via LDAP. 
Adding a simple person entry to be listed in the Notes address book is 
simple though. But I guess you want to have full Notes user accounts.

That''s off-topic here though.

Ciao, Michael.

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Hugo Hendriks wrote:
> Like I said, I''m not really an expert on what is all involved in
the
> creation of a notes account.
I''d suggest to first look at how it''s done manually. Then you
have a far
better view on the necessary details.

Ciao, Michael.