directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Howard Chu <>
Subject Re: Synchronizing with Active directory on windows 2003 machine
Date Sat, 22 Dec 2007 00:02:48 GMT
Marc Boorshtein wrote:
>>> The main issue you will see with
>>> syncing is you can't easily sync passwords from AD.
>> Hm, all you need is a listener for MS's password sync agent. It's a trivial
>> protocol, trivial piece of code. (And of course, the sync agent must be
>> installed on the AD side.)

> "Trivial" is relative.  It might be easy to setup in a dev or test
> environment but may have a major impact on a large production
> environment and is generally less of  a technical issue and more of a
> political issue.

Probably true. But it's easy to show that application (and AD) 
reliability/stability will improve by offloading LDAP traffic from AD onto a 
real LDAP server, and it's pretty poor politics to be on the wrong side of 
that argument.
   -- Howard Chu
   Chief Architect, Symas Corp.
   Director, Highland Sun
   Chief Architect, OpenLDAP

View raw message