Marc Boorshtein wrote:
>>> The main issue you will see with
>>> syncing is you can't easily sync passwords from AD.
>> Hm, all you need is a listener for MS's password sync agent. It's a trivial
>> protocol, trivial piece of code. (And of course, the sync agent must be
>> installed on the AD side.)
> "Trivial" is relative. It might be easy to setup in a dev or test
> environment but may have a major impact on a large production
> environment and is generally less of a technical issue and more of a
> political issue.
Probably true. But it's easy to show that application (and AD)
reliability/stability will improve by offloading LDAP traffic from AD onto a
real LDAP server, and it's pretty poor politics to be on the wrong side of
that argument.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
|