As per the Microsoft article it was hard to find out how to integrate LDAP (non-Microsoft AD LDS) services with Microsoft Entra ID LDAP synchronization with Microsoft Entra ID – Microsoft Entra | Microsoft Learn
According to the article “Generic LDAP Connector | Microsoft Learn” Microsoft Entra ID supports a wide variety of products, such as OpenLDAP and TDS etc. It takes lots of time for our customers to understand that the connection between OpenLDAP and Entra must be established through Microsoft Identity Manager (bridge connection). It’s not a straightforward connection just like you with Microsoft Active directory
A bridge connection (Microsoft MIM), which mediates between the two systems, is necessary for user synchronization because Entra ID supports modern protocols like SAML2.0, AUTH2, and OIDC, and LDAP supports older protocols like Kerberos, LDAP.
If you are using Microsoft AD DS LDAP services, then there is no need to establish a bridge connection, if directory services are non-Microsoft you need to follow these foundational steps
- Install the Microsoft Identity Manager “synchronization services”, which necessitates a SQL server.
- The Generic LDAP connector can be employed to integrate with the LDAP solution that is currently in existence.
- Microsoft MIM offers a connector to Entra ID.
Based on the above steps the architecture looks as shown below.
Key consideration
- Windows server License
- MS SQL server license you can also re-use existing MS SQL
- MIM license is based on per user
