none
OpenLDAP Sync to Office 365 RRS feed

All replies

  • Hi,

    currently not, but this is a planned feature of Azure AD Connect when looking at this comparision sheet:

    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-hybrid-identity-design-considerations-tools-comparison

    This is currently only possible by using MIM2016 and either read the LDAP and Provision users to AzureAD via PowerShell, or Sync LDAP accounts to a "temporary" Active Directory and use AADConnect then.

    /Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Friday, April 21, 2017 8:26 AM
  • Hi,

    as told above you can synchronize openLDAP to AD with Microsoft Identity Manager 2016 (MIM).

    For that Scenario above the SyncEngine should be enough so you don't Need CALs for the users and the Sync Engine License is included in the Windows Server License.

    /Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Friday, April 21, 2017 11:21 AM
  • But it does not sync passwords from OpenLDAP to Microsoft AD?

    Friday, April 21, 2017 12:24 PM
  • That is correct, but I assume (not sure!) that this will also be the case if AADConnect will Synchronize users to AAD/O365. Users will need to set an additional password in the cloud. So no SSO possible.

    So the Sync will be only for account data without passwords.

    /Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Friday, April 21, 2017 12:32 PM
  • AAD Connect also ships with GLDAP connector (same as the one FIM/MIM supports). However, currently it does not support configuration via Wizard.  So you have three options:

    1. Implement FIM/MIM with the Generic LDAP Connector to synchronize from OpenLDAP to AD, and then rely on Azure AD Connect to synchronize from AD to Azure AD, OR
    2. Implement the Generic LDAP Connector with Azure AD Connect, so that Azure AD Connect is used to synchronize from OpenLDAP to Azure AD.
    3. Implement the Generic LDAP Connector with FIM/MIM and WAAD connector. (Not recommended as in that case #2 is better option).

    The option #2 (or #3) requires deep customization and hence it's not DIY options for customer, but they are strongly encouraged to engage an SI to do the implementation and have Premier support contract in place to receive any "break-fix" support.

    For sign-in, you have two options.

    1. Use ADFS 2016 to log users against the OpenLDAP system.
    2. Set different passwords in the cloud for these users.

    I'll try to put out a “sample report” on AAD Connect Config Documenter GitHub site.

    Sunday, April 23, 2017 6:07 AM
  • For first solution, Users still need to have different passowrds, because MIM do not sync passwords from OpneLDAP to AD, right?
    Tuesday, April 25, 2017 9:00 AM
  • Yes, for sign-in you have only those two options available (unless you build a process / UI to change the password when OpenLDAP password is changed).
    Wednesday, April 26, 2017 8:14 AM