3

I am trying to set up Apache DS to simulate my company Active Directory locally. I have created a new partition to match. I then created an ldif file to add users and groups. e.g.

##Create the root domain
dn: dc=serverfault,dc=com
objectClass: domain
objectClass: top
dc: serverfault

##Create Users and Groups roots
dn: ou=Users,dc=serverfault,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Users

dn: ou=Groups,dc=serverfault,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Groups

##Add users
dn: cn=Jeff Atwood,ou=Users,dc=serverfault,dc=com
objectclass: inetOrgPerson
cn: Jeff Atwood
sn: Atwood
userPrincipalName: Jeff.Atwood@serverfault.com

dn: cn=Joel Spolsky,ou=Users,dc=serverfault,dc=com
objectclass: inetOrgPerson
cn: Joel Spolsky
sn: Spolsky
userPrincipalName: Joel.Spolsky@serverfault.com

##Add groups
dn: CN=Dev,ou=Groups,dc=serverfault,dc=com
objectClass: groupOfNames
cn: Dev
member: cn=Jeff Atwood,ou=Users,dc=serverfault,dc=com
member: cn=Joel Spolsky,ou=Users,dc=serverfault,dc=com

However, this fails because ATTRIBUTE_TYPE for OID userprincipalname does not exist!. (If I take out the userPrincipalName lines everything is fine).

It is listed as an attribute on the Microsoft site https://msdn.microsoft.com/en-us/library/ms682282(v=vs.85).aspx which makes me think that it is just not included in the default Schema in ApacheDS.

I'd rather not manually add each failed attribute or object class using the GUI.

Is there a way to script it, similar to using ldif?

opticyclic
  • 191
  • 1
  • 2
  • 7
  • You need to add the relevant AD schemas to your LDAP server and while I don't know the Apache LDAP server, I doubt you can add an attribute manually in the GUI without a schema backing this up. – Sven Jul 22 '15 at 15:14
  • If you can tell me which are the relevant schemas, where I get them from and how to import them I can accept this as an answer. – opticyclic Jul 22 '15 at 15:44
  • I can't, at least not with too much effort on my part. This is why I posted it as a comment, to give you hints what to look up further. – Sven Jul 22 '15 at 15:52
  • I'm looking for an answer to this also. – end-user Sep 30 '15 at 15:53
  • I think [this](http://stackoverflow.com/a/31742442/167889) partially answers the question, but I need a few more, and it doesn't explain how/where to grab the schema data. – end-user Sep 30 '15 at 16:06

2 Answers2

6

I know this is old but I was looking for something similar and I managed to emulate AD groups/roles in Apache DS by using the schemas (starting with microsoft) from this github project: https://github.com/dkoudela/active-directory-to-openldap/tree/master/schema

I imported them into Apache DS (use schema editor) and I was then able to create users with sAMAccountName, userPrincipalName & memberOf properties that I needed to replicate the target AD configuration.

major_finley
  • 61
  • 1
  • 2
0

Are you sure you want just the ApacheDS? Are you trying this on Windows or Unix-family OS? If the latter is your case, why don't you try with Samba 4.2 instead? It offers an AD-compatible directory right after initial (single-command) provisioning. You can even use Windows RSAT to manage some of the features (ie. users, sites, GPO, ...) - pretty much as with native Windows domain. So why to reinvent the wheel...

sam_pan_mariusz
  • 2,053
  • 1
  • 12
  • 15