Thanks for response. I've already found LSC project, but I wasn't sure that LSC is compatible with Kerberos tokens and users' process of changing his own password.
Benjamin MONTHOUËL Systems Administrator Assistant NETASQ France - We Secure IT Villeneuve d'Ascq
Le 04/06/2010 13:17, Jonathan Clarke a écrit :
On 27/05/2010 10:25, Benjamin MONTHOUEL wrote:
Hi,
I'd like to know which method is recommended by openldap.org to perform a bidirectional sync with Microsoft Active Directory. This method has to notice that users changed their password by themselves. Kerberos token ???
Thanks for any information.
Hi,
OpenLDAP does not include any mechanism to sync with Active Directory. Both directories have replication mechanisms, but they are incompatible.
I can personally (this is not an "openldap.org recommendation") recommend using a third party tool to synchronize the two directories, such as Ldap Synchronization Connector (LSC), which is designed for exactly this purpose - see http://lsc-project.org.
Hope this helps, Jonathan