[midPoint] Connecting midPoint to AD and Exchange

Radovan Semancik radovan.semancik at evolveum.com
Tue May 3 17:28:22 CEST 2016


... however ... the .NET based AD and Exchange connectors are now 
deprecated. The connectors consists of really old and very 
Microsoft-bound code that originated somewhere in Sun Microsystems. 
These were the times when Microsoft hated open source and LDAP was not a 
viable way to communicate with AD. But these times are long gone. We 
have been maintaining the old Sun code for quite a long time. But last 
year we have finally realized that the old Sun connectors in general and 
the .NET-based AD/Exchange connectors in particular lead to a dead end. 
For us there is no point in investing a single cent into these connectors.

So last year we have re-written the old Sun JNDI-based LDAP connector 
from scratch. It was a lot of work, but it was definitely worth it. Now 
there is a brand new LDAP connector based on Apache Directory API. Later 
we have added AD support into the LDAP connector, which was finished and 
extended with a help of one of the midPoint subscribers. So now we have 
new and really good LDAP-based AD connector which does not need 
connector server to run. Since midPoint 3.3.1 that connector is the 
recommended way to connect to AD. And the old .NET-based connectors are 
no longer supported (except for midPoint subscribers who still have an 
option to use them if needed).

So, that means we currently have a very good way to manage AD. But we do 
not have a good way to fully manage Exchange. As most of Exchange is 
reflected to AD schema then the LDAP-based AD connector may be used to 
manage Exchange accounts with some success. And I have seen that working 
acceptably well in practice. But there are still some obvious details 
missing, such as ability to execute powershell scripts that are often 
used to manage mailboxes. Another area to explore is the management of 
Exchange contact information. We are planning to add these features as 
soon as we can secure the funding. And I really mean that: the work on 
that can start almost immediately when someone puts the money on the 
table. Because I really believe that this is the way forward when it 
comes it AD/Exchange connectors.

-- 
Radovan Semancik
Software Architect
evolveum.com



On 05/03/2016 02:56 PM, Ivan Noris wrote:
> Hi Aivo,
>
> Exchange connector contains the AD connector, so it's enough to use 
> Exchange connector.
> AFAIK it uses ADSI for non-exchange provisioning and only uses 
> Exchange powershell URI for Exchange-related stuff.
>
> Regards,
> Ivan
>
> ------------------------------------------------------------------------
>
>     *From: *"Aivo Kuhlberg" <aivo.kuhlberg at rmit.ee>
>     *To: *"midpoint" <midpoint at lists.evolveum.com>
>     *Sent: *Tuesday, May 3, 2016 11:03:09 AM
>     *Subject: *[midPoint] Connecting midPoint to AD and Exchange
>
>     I need to manage AD users and groups and Exchange users with
>     midPoint 3.3.1. How is the best way to do that? Should I set up
>     separate AD and Exchange resource connection (with .NET connector
>     server) or is Exchange connector sufficient for managing both AD
>     and Exchange?
>
>
>     Thanks,
>     Aivo Kuhlberg
>
>
>     ------------------------------------------------------------------------
>     Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks
>     tunnistatud teavet.
>     This e-mail may contain information which is classified for
>     official use.
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> -- 
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160503/9339a8ec/attachment.htm>


More information about the midPoint mailing list