[midPoint] Connecting midPoint to AD and Exchange
Radovan Semancik
radovan.semancik at evolveum.com
Tue May 3 17:28:22 CEST 2016
... however ... the .NET based AD and Exchange connectors are now
deprecated. The connectors consists of really old and very
Microsoft-bound code that originated somewhere in Sun Microsystems.
These were the times when Microsoft hated open source and LDAP was not a
viable way to communicate with AD. But these times are long gone. We
have been maintaining the old Sun code for quite a long time. But last
year we have finally realized that the old Sun connectors in general and
the .NET-based AD/Exchange connectors in particular lead to a dead end.
For us there is no point in investing a single cent into these connectors.
So last year we have re-written the old Sun JNDI-based LDAP connector
from scratch. It was a lot of work, but it was definitely worth it. Now
there is a brand new LDAP connector based on Apache Directory API. Later
we have added AD support into the LDAP connector, which was finished and
extended with a help of one of the midPoint subscribers. So now we have
new and really good LDAP-based AD connector which does not need
connector server to run. Since midPoint 3.3.1 that connector is the
recommended way to connect to AD. And the old .NET-based connectors are
no longer supported (except for midPoint subscribers who still have an
option to use them if needed).
So, that means we currently have a very good way to manage AD. But we do
not have a good way to fully manage Exchange. As most of Exchange is
reflected to AD schema then the LDAP-based AD connector may be used to
manage Exchange accounts with some success. And I have seen that working
acceptably well in practice. But there are still some obvious details
missing, such as ability to execute powershell scripts that are often
used to manage mailboxes. Another area to explore is the management of
Exchange contact information. We are planning to add these features as
soon as we can secure the funding. And I really mean that: the work on
that can start almost immediately when someone puts the money on the
table. Because I really believe that this is the way forward when it
comes it AD/Exchange connectors.
--
Radovan Semancik
Software Architect
evolveum.com
On 05/03/2016 02:56 PM, Ivan Noris wrote:
> Hi Aivo,
>
> Exchange connector contains the AD connector, so it's enough to use
> Exchange connector.
> AFAIK it uses ADSI for non-exchange provisioning and only uses
> Exchange powershell URI for Exchange-related stuff.
>
> Regards,
> Ivan
>
> ------------------------------------------------------------------------
>
> *From: *"Aivo Kuhlberg" <aivo.kuhlberg at rmit.ee>
> *To: *"midpoint" <midpoint at lists.evolveum.com>
> *Sent: *Tuesday, May 3, 2016 11:03:09 AM
> *Subject: *[midPoint] Connecting midPoint to AD and Exchange
>
> I need to manage AD users and groups and Exchange users with
> midPoint 3.3.1. How is the best way to do that? Should I set up
> separate AD and Exchange resource connection (with .NET connector
> server) or is Exchange connector sufficient for managing both AD
> and Exchange?
>
>
> Thanks,
> Aivo Kuhlberg
>
>
> ------------------------------------------------------------------------
> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks
> tunnistatud teavet.
> This e-mail may contain information which is classified for
> official use.
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer & IDM Architect
> evolveum.com evolveum.com/blog/
> ___________________________________________________
> "Semper ID(e)M Vix."
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160503/9339a8ec/attachment.htm>
More information about the midPoint
mailing list