Does LDIFDE work with non-AD LDAP Servers?

  • Thread starter Thread starter Ohaya
  • Start date Start date
O

Ohaya

Hi,

This may've been asked before, but I searched and couldn't find an
answer:

Will LDIFDE work properly for retrieving information from nonAD LDAP
Servers (e.g., Netscape, Novell, etc.)? I'm not going to be doing any
importing (except to AD), just retrieval.

Has anyone tried this before? If so, with which LDAP servers,
specifically?

Thanks in advance!!
 
I don't know if this will help but I have attempted it the other way round
and tried to use LDIFDE to import users into AD that were exported from
Netscape. Needless to say it failed miserably! Other LDAP directory servers
have different account attributes so the export from them just wasn't
compatible with LDIFDE so I would speculate that the answer would be no but
it wont hurt to try it. I guess it would depend on whether or not LDIFDE
looks for those unique AD attributes when doing an export and if it will
error when it doesn't find them.

What I ended up doing was taking the Netscape output and editing it in a
spreadsheet to strip out incompatible fields and add the required AD fields.
Then I could use csvde to import the Netscape users to AD.
 
Simon,

Thanks for your response.

I would've guessed that there's a good chance that using LDIFDE to
import INTO a non-AD LDAP server might not work, but it seems like using
LDIFDE to export FROM a non-AD LDAP server should work. My problem is
that I don't have a non-AD LDAP server that I can test against directly,
and I am getting only one shot at doing this :(....
 
Import/Export from any two ldap servers that have different schemas is
problematic. Ldifde is a simple ldap tool that can export from any ldap
server and into another one, provided that either schemas are the same or
you only export attributes that exist in the schema for the server you are
importing to. So if you are exporting from Novell, Netscape or any other
ldap server, before you import your ldif file you will need to know if the
schemas are the same as the one you are importing to. If not you have a
choice, extend the schema for the ldap server you are importing into, or
when you export, do not export attributes that you know can not be imported
into the other server.

-Michael
 
Michael,

THANK YOU for this confirmation!

FYI, and in case this ever gets asked again, I went ahead and downloaded
and installed Netscape Directory Server (I'm not using that, but it was
just relatively easy one to try), and then I tested with LDIFDE.

After a bit of fiddling around, I was finally able to successfully
retrieve some information from it using LDIFDE!!

The only GLITCH is that I can't figure out how, or even if it's possible
to do a "true" anonymous bind using LDIFDE.

What I mean by "true anonymous bind" is a bind without any credentials.

It looks like whenever you use LDIFDE without username and password on
the command line, it uses SSPI. This is fine if the LDAP server is AD
or AD/AM, but obviously, it won't work with other directory servers?

So, my question is: How can I get LDIFDE to do a true anonymous bind,
and not use SSPI?

Thanks for your help!!!
 
Hi,

Well, I think that I've figured my last question out. It appears that
if you do a simple bind (-a) and if the password is set to empty (""),
LDIFDE does a true anonymous bind, e.g.:

ldifde -f foo.ldf -s whatever.com -a "" "" ....

Can anyone confirm this?

Thanks!!!
 
Yes, ldifde will do an anonymous bind when you specify -a "" "". What
happens is ldfide will do a ldap_simple_bind with null as your user name and
password, which is the way to do an anonymous bind.

-Michael

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
 
Back
Top