Other LDAP server synchronizations

To create a synchronization profile for your LDAP server, you need to know the names of the LDAP attributes used to identify users. Two methods for finding attribute names are:

• Viewing the attribute list for a specific user account using an LDAP search tool (e.g. ldapsearch from openldap.org) or an LDAP browser. This method has the disadvantage that some attributes may not be listed for the specific user account viewed, if they are not mandatory for all user accounts.
• Viewing the LDAP schema from the LDAP server. This may be available in the LDAP server documentation or can be retrieved as explained in the example.

Retrieving an LDAP schema with a command line LDAP search tool:

1. Retrieve the location of the schema object in the LDAP server. For this LDAP request, the search base should be the root DN of your LDAP server, the scope should be set to base, and the requested attribute should be the word subschemaSubentry. e.g. using ldapsearch:

   ldapsearch -H ldap://ldapserver -b dc=example,dc=com -s base subschemaSubentry

2. Send an LDAP request with the resulting value for subschemaSubentry previously acquired as search base, the scope again set to base, and the requested attribute to objectClasses. e.g. using ldapsearch:

   ldapsearch -H ldap://ldapserver -b cn=Subschema -s base objectClasses

3. In the LDAP schema, look for the attributes of the relevant object class, which is likely to be person, organizationalPerson, inetOrgPerson, or user.