directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Howard Chu <...@symas.com>
Subject Re: Synchronizing with Active directory on windows 2003 machine
Date Sat, 22 Dec 2007 00:02:48 GMT
Marc Boorshtein wrote:
>>> The main issue you will see with
>>> syncing is you can't easily sync passwords from AD.
>> Hm, all you need is a listener for MS's password sync agent. It's a trivial
>> protocol, trivial piece of code. (And of course, the sync agent must be
>> installed on the AD side.)

> "Trivial" is relative.  It might be easy to setup in a dev or test
> environment but may have a major impact on a large production
> environment and is generally less of  a technical issue and more of a
> political issue.

Probably true. But it's easy to show that application (and AD) 
reliability/stability will improve by offloading LDAP traffic from AD onto a 
real LDAP server, and it's pretty poor politics to be on the wrong side of 
that argument.
-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP     http://www.openldap.org/project/

Mime
View raw message