Re: Ldap challenge

[Marc Patermann <hans.moser@ofd-z.niedersachsen.de>]

Hi,

Andrew Findlay schrieb (27.04.2015 21:06 Uhr):
> On Mon, Apr 27, 2015 at 06:27:39PM +0000, Ross, Daniel B. wrote:

> All of my customers so far have chosen the parallel approach, as that
> allows the Unix LDAP to continue working if it loses access to AD.
> Ideally this includes installing a module on the AD Domain Controllers
> that detects password changes and forwards them immediately to the Unix
> LDAP. I have generally used Microsoft's SFU password-capture module for
> this as AD admins seem happier to install Microsoft code than things from
> other sources. It does have its problems though, and the code quality
> of the Unix end that they provide leaves a lot to be desired. I believe
> newer AD versions come with an updated version of this built in, but I
> have not tested it.
I don't know about AD, I googled a bit around. I found "Identity 
Management for UNIX: Password Synchronization" as a successor of SFU, is 
this true?
Is this the thing MS is currently offering:
https://technet.microsoft.com/en-us/library/cc776179%28v=ws.10%29.aspx
Using NIS and installing a PAM module on every machine!?


Marc