Milan Tomic wrote: > Now I would like to create as close as possible structure in my local > installation of ApacheDS as it is in real ActiveDirectory.
I'd rather try to install a Windows Server in VMware and create "real" AD Domain. AD is very much doing stuff just like AD and not like most other LDAP directories, so if you want our app to work properly against all LDAP flavours make sure to test and develop against all (main) flavours. Even if you get the schame ported over, the backend server behaviour will not be the same. E.g. most LDAP directories use loginDisabled to lock accounts, AD uses a single binary attribute storing lock status together with a couple of different status bits and not all of them can be flipped though LDAP at all. Another one is the sAMAccountName, which AD enforces to be globally unique, but any "standard" LDAP won't do that and you could create JDOE accounts in several different containers.
