Compiling the OpenLDAP XMA to use with FIM 2010

Posted on by Carol

It’s been a while since I’ve done anything with OpenLDAP. There’s no official MA but there is an open source one – however it was written for MIIS 2003 and I had to do some mucking around to get it working with the FIM 2010 Sync Service. Here is what I did.

Get the Right Source Code

There are actually two OpenLDAP XMAs available on sourceforge – the original Kernel Networks one, and a more recent update of it. I wasted a lot of time trying to recompile the Kernel one before I figured out that I really needed this one.

Next – there is no point downloading the compiled version if you want to install it on FIM. You need to get the latest source code, and to do that you have to install a SVN tool (I used SlikSVN) and then run this command to retrieve the source code:

svn co https://openldap-xma.svn.sourceforge.net/svnroot/openldap-xma openldap-xma

Compile

You need to have Visual Studio 2008 installed with the Visual C# options. Then you can open the OpenLDAP XMA.sln file and the project will be converted to 2008 format.

Reference

Next you need to change the reference to the old Microsoft. MetadirectoryServices library to the new Microsoft. MetadirectoryServicesEx library. You will file the library dll in  C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\Assemblies.

Build Location

To have the compiled DLL put straight in the correct location, open the Properties of the OpenLDAP XMA project, click on the Build tab, and then change the Output location to the <FIM Sync Service>\Extensions folder.

You should now be able to compile the code.

Register the MA Type

I really couldn’t be bothered to work out how to compile the installation program, so this means I had to register the new MA type myself – but actually it’s pretty easy.

In the MSIPackager\Install Files folder you will find a file called OLXMAPackage.xml. Copy this file to <FIM Sync Service>\UIShell\XMLs\PackagedMAs.

Next open regedit and locate the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FIMSynchronizationService\ManagementAgents. Add a new String Value called “OpenLDAP” with the value “{275E6505-9465-4460-A6EB-D1371C863858}”. (That value is taken from the XML file we just copied – I’m not sure if it ever changes in subsequent releases.)

Now, when you restart the Synchronization Service Manager, you should find the new MA type listed in the Create Wizard.

I've been doing IT for 30 years, and IdM for 15. I live in Australia and build IdM solutions based on Microsoft Identity Manager. I also play the violin, but that doesn't help much with the IdM solutions.

9 Replies to “Compiling the OpenLDAP XMA to use with FIM 2010”

  1. Nice to see you’re becoming more and more a developer Carol and I really like you’ve made this old forgotten MA available to the public again. How about updating the SourceForge project for FIM too… I’m sure Craig would be happy to add you as contributor!?

  3. That is so funny. I was just sitting here today to dust off the old XMA when I see you had to do it to. Thx for saving me the trouble Carol 🙂
    Will let you know if I get any more funnies with it.

  5. I’ve done just like what Carol suggested and it all seemed to work fine until I tested the first time. I’m running with trace on and the get following:
    2010-09-28 13:06:35 ObjectType ‘person’ Contains 4 attributes.
    2010-09-28 13:06:35 Connected to: luu024p.internal.epo.org
    2010-09-28 13:06:35 Starting a full import
    2010-09-28 13:06:35 Full Import entries from the LDAP server into the staging file. NamingContext dc=epo,dc=org
    2010-09-28 13:06:35 Filter: (|(objectclass=person))
    2010-09-28 13:06:35 Doing non paged search on dc=epo,dc=org with filter (|(objectclass=person))
    2010-09-28 13:06:36 8626 items found using (|(objectclass=person))
    Here it just stops with a “stopped-extensible-extension-error”. Would anyone have an idea what the problem could be?

  6. Any messages in the event viewer? I would attach a debugger to the code and try and work out where it’s failing.

  7. I run it in the debugger and found the error, there is no “modifyTimeStamp” attribute in my test LDAP. Althoug I’m making a full import, the connector still expects this attribute to exist.

  8. Hi,
    I get error when i sync password between Active Directory and Openldap.
    My Error
    A password synchronization set operation has failed in a target connected data source.

    Additional information:
    Tracking ID: {A4CBE248-6F8F-4B64-A54A-9365EFDCFCF1}
    Reference ID: {6931B8E0-D949-44CF-B54C-0FF328A4133A}
    Target Object GUID: {E842251E-F1B3-4EBE-BACC-2C05EE8865EC}
    Target DN: cn=biennh,ou=People,dc=maxcrc,dc=com
    Target MA Name: FIMDemo
    Retry Count: 10
    ErrorCode: 0x80230735
    ErrorString: (The target server is down.)

    How debug connection to server ?
    I follow your instructions and get error.
    PS: Full import, Full Sync success
    Thanks

Comments are closed.