Tim Cutts wrote: > That's very similar to what we're doing. We're using Sun Directory > Server, because there's an additional piece of software for that (whose > name escapes me) which can nicely handle data synchronisation between > SDS and AD. >
Is that SDS the same one that used to be Netscape Directory Server is now Red Hat Directory Server/Fedora Directory Server? If so, read on. I looked at implementing Fedora Directory Server a few months ago to provide LDAP services to our Linux systems and synchronize passwords with our AD servers. To do this, it must store the user passwords in cleartest in the replication logs, where they are in LDIF format, and clearly labelled as clear-text passwords. Even if you shorten the retention time of the replication logs, there is still another log file which, as far as my experimentation detemined, keep the clear-text passwords around forever. I decided this was completely unsafe and abandoned the project. Not long after (the next day, in fact) Slashdot reported that people had been hack into Redhat/Fedora Directory server. -- Prentice _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf