Where is this going to be located? Extranet or
Intranet?
If you are going to be doing some very simple syncing, I
would look at writing something myself or maybe implementing one of the lighter
syncing tools like SimpleSync or HP's LDSU. If you need to do a lot of
transforms or complex translations or connect to lots of different data sources
such as SAP, etc, MIIS might be where you want to go. If you spin up MIIS, it
is possible you may need to have a body sitting there maintaining and
troubleshooting it due to its complexity plus it is really in flux right now in
my opinion in terms of how many things they are looking to change and/or add to
it.
How is the data in the directory to be used? Is it going to
be an auth point for apps or ???
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet
Sent: Friday, July 29, 2005 10:03 AM
To: [email protected]
Subject: [ActiveDir] OT: MIIS, ADAM, & AD
We have an upcoming
project which will require an LDAP directory containing both our internal users,
and our extranet users. Currently, our internal users are in one AD domain, the
extranet users are in another. The domains are in separate forests, and there
are no trusts.
My plan is to use
ADAM for the central LDAP directory. However, I'm on the horns of an enema, um,
I mean dilemma on how to sync ADAM to the two domains. A first glance would
suggest MIIS. However, MIIS looks pretty complicated, and difficult to
configure.
I'm considering
writing my own sync code since the task at hand is relatively straight-forward.
Passwords will be a bit of a problem, but not unworkable. We use Psynch to
maintain our internal passwords, so I can have it change the ADAM passwords at
the same time it changes the internal AD passwords. The extranet users change
their password via an existing web app, so having it change the ADAM passwords
won't be an issue.
Reading about ADAM
"proxy users" leads me to believe they'd be a perfect fit as the object type to
use for our internal users (authentication is relayed to AD thus negating the
need to sync passwords). However, the ADAM tech ref says proxy users should only
be used as a last resort, and to refer to the next section as to why.
Unfortunately, the next section doesn't explain why not to use them. Anybody
know why proxy user objects are evil?
Are there any good
"MIIS for dummies" type documentation around? Any good ADAM and/or MIIS mailing
lists?
