Marc Boorshtein wrote:
The main issue you will see with
syncing is you can't easily sync passwords from AD.
Hm, all you need is a listener for MS's password sync agent. It's a trivial
protocol, trivial piece of code. (And of course, the sync agent must be
installed on the AD side.)
"Trivial" is relative. It might be easy to setup in a dev or test
environment but may have a major impact on a large production
environment and is generally less of a technical issue and more of a
political issue.
Probably true. But it's easy to show that application (and AD)
reliability/stability will improve by offloading LDAP traffic from AD onto a
real LDAP server, and it's pretty poor politics to be on the wrong side of
that argument.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
