I have MIIS, but have not used it for our OpenLDAP to Active Directory Sync. Before I got MIIS I wrote python scripts to sync our LDAP with our Active Directory. I don't sync passwords via the scripts, because we I have another PHP script that sets the user password on both directories when changed. I don't really plan on switching this over to MIIS because my python scripts are working so well and are so easy to manage. But playing with MIIS It really should be too hard to setup the sync with it. I also use python scripts to sync our Student Information system with the openLDAP. I'm not really a programmer and learned python just for this project, had the scripts working in less than a week. If you want some info or code samples just let me know.
Thanks, -- Matt Brown [EMAIL PROTECTED] Consultant for Student Technology Fee website: http://techfee.ewu.edu/ +--------------------------------------+ | 509.359.6972 ph. - 509.359.7087 fx | 307 MONROE HALL | Cheney, WA 99004 +--------------------------------------+ _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TIROA YANN Sent: Friday, July 29, 2005 8:46 AM To: [email protected] Subject: RE : [ActiveDir] OT: MIIS, ADAM, & AD Hello, We use MIIS 2003 to synchronise users identity between AD2003, openldap, Oracle 9i, and that works pretty good. MIIS includes preintegrated directory to manage such as ADAM, novell edirectory, Active Directory, DSML, Oracle 9i, and many more called Management Agents (MA) or connectors. With the MIIS 2003 Sp1, u could easily synchronize users passwords between differents directories but always in the way below: --> User password changes (via MMC ADUC, ctrl+alt+Del, web) are detected by AD 20003 DCs, these changes are pushed to your MIIS server which pushes passwords to your configured Directories: in your case ADAM. And that works great ! All passwords are crypted between synchronisations. BUT.... MIIS have those inconvenients: 1) It costs . The price is per processor (~12000 euros/processor pretty equivalent to 10000 dollars/processors). 2) u must have very good knowledge in dev. : VB.net and c# are the dev environnement for MIIS. These links will help u to better understand the product. Yahoo newsgroup: http://groups.yahoo.com/group/MMSUG/ u have to sing in in before. http://www.activeidm.com/servlet/constructor.includeHTTP?iwebsiteID=8627 <http://www.activeidm.com/servlet/constructor.includeHTTP?iwebsiteID=8627&is ectionTypeID=1&isectionID=43519> &isectionTypeID=1&isectionID=43519 http://www.microsoft.com/windowsserversystem/miis2003/support/default.mspx A MS tutorial: http://www.microsoft.com/downloads/details.aspx?FamilyId=DADC5021-222B-4AF7- 8C58-2227C358756F <http://www.microsoft.com/downloads/details.aspx?FamilyId=DADC5021-222B-4AF7 -8C58-2227C358756F&displaylang=en#filelist> &displaylang=en#filelist ...and a good practice on how configure MIIS to synchronize with ADAM, but it is in french .. :( http://www.techheadbrothers.com/DesktopDefault.aspx?tabindex=1 <http://www.techheadbrothers.com/DesktopDefault.aspx?tabindex=1&tabid=7&CatI d=6> &tabid=7&CatId=6 see "MIIS pas à pas, Partie 1/3 " MIIS pas à pas, Partie 2/3 and MIIS pas à pas, Partie 3/3 A good webcast about the MMS which is the old version, but a good presentation of how MIIS works http://support.microsoft.com/default.aspx?kbid=324572 I do not know what is ADAM "proxy users" and how u can use it to achieve your goal. Maybe someone in this could help u... Good luck :) Cheers, Yann _____ De: [EMAIL PROTECTED] de la part de Ken Cornetet Date: ven. 29/07/2005 16:03 À: [email protected] Objet : [ActiveDir] OT: MIIS, ADAM, & AD We have an upcoming project which will require an LDAP directory containing both our internal users, and our extranet users. Currently, our internal users are in one AD domain, the extranet users are in another. The domains are in separate forests, and there are no trusts. My plan is to use ADAM for the central LDAP directory. However, I'm on the horns of an enema, um, I mean dilemma on how to sync ADAM to the two domains. A first glance would suggest MIIS. However, MIIS looks pretty complicated, and difficult to configure. I'm considering writing my own sync code since the task at hand is relatively straight-forward. Passwords will be a bit of a problem, but not unworkable. We use Psynch to maintain our internal passwords, so I can have it change the ADAM passwords at the same time it changes the internal AD passwords. The extranet users change their password via an existing web app, so having it change the ADAM passwords won't be an issue. Reading about ADAM "proxy users" leads me to believe they'd be a perfect fit as the object type to use for our internal users (authentication is relayed to AD thus negating the need to sync passwords). However, the ADAM tech ref says proxy users should only be used as a last resort, and to refer to the next section as to why. Unfortunately, the next section doesn't explain why not to use them. Anybody know why proxy user objects are evil? Are there any good "MIIS for dummies" type documentation around? Any good ADAM and/or MIIS mailing lists?
<<attachment: winmail.dat>>
